Alternate Data Streams Scan Engine

Discussion in 'other software & services' started by softtouch, May 28, 2009.

Thread Status:
Not open for further replies.
  1. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Any folder itself can have streams attached, not just files.
    The 3 streams listed are attached to the folder TEMP itself, not to any file.
    But I cannot figure out what they are, just data, or something encrypted maybe...

    Btw, every alternate data stream consumes harddisk space.
    You can have an empty file (0 bytes in size), but with a data stream of 100MB attached, and lost 100mb free hdd space.

    Yellow marked files can be left alone usually. I only would remove the streams when they consume too much space.

    The critical are the one marked in red.
     
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Great tool! Yesterday I thought about where to find a good ads cleaner,
    now I found it!
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    softtouch, txs, useful tool. :thumb:

    <S>
     
  4. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    I removed all 3 Data streams, the folder disappeared from the list. I did another scan..it didn't re appear on the list. Nice usefull tool.
     
  5. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Thanks for all the people who tested it and reported bugs or suggested improvements. I will continue on a daily basis to enhance it, and I am sure it still has some hidden bugs.
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    You intuit it! There is a removal problem in eml streams. It is impossible for ads to kill .eml streams.
     
  7. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    You mean with .eml the outlook express files, right?
    Maybe the files have been in use at the moment you wanted to remove the stream? Maybe outlook express was open?
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes, outlook and thunderbird files, they were lying on another partition. The strange thing is today I had no problem to remove them but I don´t think that they were locked yesterday. Another oddity,
    so ads seems to be okay.
     
    Last edited: Jun 12, 2009
  9. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    For those who are trying to cover their own Alternate Data Streams, EastTech Eraser or Cyberscrub searches for than erases Alternate Data Streams with the option to choose which ones you would like to erase!

    Just thought I would throw that in, since its related!
     
  10. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Alternate Data Streams Scan Engine V1.1.0.1 released.

    Changes:
    - Scanning of folder or files added
    - Right click popup menu added
    - Small gui bug fixed

    Please read the current description and see screen shots at the website. I cannot edit my first post for any reason, so I cannot update the description and screen shots here...
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes that is a strange change in this forum, some hidden restrictions, I also wonder about,
    maybe some sort of timeframe til one can edit something.
     
    Last edited: Jun 13, 2009
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    There's a actually a good reason for that: changing a first post in effect can totally destroy a thread, especially when follow ups have been posted referring to that initial starting post. That would have happened in this particular case as well. And that's something we want to avoid.

    Additional comments from the OP will in no way destroy a thread, nor will posting new screen shots etc. as a follow up. Hop this clears things up ;)
     
  13. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Updated to V1.1.0.2

    Changes:
    - Checkbox added to options for automatic update check.
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Alright.
     
  15. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    The last version on the server was corrupted (happen within the last 12 hours).
    There was a power interruption during the automatic upload to the server, which corrupted the file.
    Unfortunately, I was not aware of this and learned about it after receiving lots of emails from users.
    If you got a "...not a valid Win32 application", please re-download it.
     
  16. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Updated to V1.1.0.3

    Changes:
    - Small glitch with image of analyze button fixed
    - Image on analyze button changed
     
  17. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Please note that Alternate Data Streams Scan Engine is not freeware.
    Unfortunately, I cannot modify the first post in this thread.

    The evaluation version will not expire, has not nag screen or anything like that, but cannot remove ads streams.

    The new url is http://www.otbcode.com/ads
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    90,348
    Location:
    Texas
    Noted previously.
    https://www.wilderssecurity.com/showpost.php?p=1485287&postcount=37
     
  19. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
  20. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    ... "More secure"? FAT32 has absolutely no security. There is no support for ACLs at all. It is also unreliable (compared to NTFS). That's something any user of FAT32 needs to be aware of. But, to each his own...

    As for ADS, I don't get the big fuss about them. They're just file system forks. I think MS originally introduced ADS for compatibility with Apple's OS. Something to keep in mind: if you don't have write access to a file or folder, then you can't create an alternate data stream attached to that file or folder. And it's not like finding the streams is difficult. Sysinternals, as one of many, has a free tool called Streams for that purpose: http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

    If we're afraid of the big old hacker hiding his wares in some hidden data stream, then it's worth considering that the stream may be hidden with a rootkit, in which case it won't be shown by tools like this when scanning from within the infected system. For those cases, just boot from a clean media and run Streams from there.
     
  21. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    i notice that Super AntiSpyware has an option to scan alternate data streams that is checked by default....i dont recall it ever finding anything though...
     
  22. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
  23. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA

    for some reason i cant get to the product page on that program...its blank..
     
  24. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Weird... but fixed. The permalinks played nuts with me.
     
  25. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA

    thanks....
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.