Alternate Data Streams (ADS) are not visable in Windows Explorer. They are pieces of info hidden as metadata on files. My question is: Is it normal for firewall/hips type programs to create ADSs in Temp folder or any other location on computer and should I be concerned? Both ADS Spy and Spyshelter find same ADS. Apparently from what I've read some ADSs are legitimate, but some can be malicious. ADS Spy supposedly can remove them, but they come right back on reboot. All scanners I've used show nothing detected.
ADS are set from windows to mark files from another security zone - your desktop is trusted but internet not, check internet settings. if you move files you move ads. BufferZone (sandboxing software) is known to write ADS for each accessed folder. in minor cases malware can create such files to prevent found thru scanners or user. search for ads http://www.softpedia.com/get/System/File-Management/ADS-Viewer.shtml (no adware, no install)
ADS-Viewer doesn't scan in " hidden files and folders " whereas ADS Spy apparently does. Disabling the GUI does remove the ADS after scanning and removing via ADS Spy, however that is not the solution I'm looking for . Thanks for info anyway.
then make them visible. any other was said. btw it makes no sense to work as admin with hidden folders. search and delete http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx PS if you have doubt about your system - renew from scratch