ntfs ads infected, need help

Very newbie here with tds-3.
I have thousands of images that tds-3 has detected ntfs ads streams in.
Is there a way to tell tds-3 to delete the ads stream in the files without having to right click them all individually and selecting "delete stream" from the menu? I could be here for weeks trying to do this manually.
Deleting the files is not an option, I need those files.
Help me please...

 

http://www.wilderssecurity.com/showthread.php?t=11255;start=msg73030#msg73030

http://www.wilderssecurity.com/showthread.php?t=10877;start=msg70830#msg70830

In these two threads is written a lot about the subject and in the second Dan posted a link to a sysinternals tool which has that ability you asked for.

Many people ignore streams under 90 b and even 256 and have seen higher values so ignoring those smaller ones which can't harm and which could be necessary for some programs to function properly (several AV scanners add them to see in a next scan if there are changes f.e.).
I'm almost sure with this you'll have far less streams which need additional attention, right?

Are the streams in images part of watermarking for copyright reasons?

 

Ignore streams smaller than 256 or even 512 BYTES, not KB An EXE file in a stream will still be reported, valid PE EXE files are 513 bytes minimum, any functional trojan file that might hide in a stream will be much bigger than that

Click Scan Control
ADS Stream Options
Ignore streams smaller than 256 bytes

 

If all what you want to do is remove the streams from your images, you could simply burn them onto a CD, then copy them back to your original folder.

Another way is to copy them to a FAT32 or non-NTFS partition on your system (or across a network), then copy them back again.

The idea is to transfer them to a non-NTFS media where streams are not supported.

Windows 2000 with indexing service on a partition is the culprit of your problem, as it stores fast-indexing information in each image stream.

Simply copying your files to a NTFS non-indexed partition won't help, since the streams exist already and remain during an NTFS-to-NTFS copy. They would just be useless and space-wasting since indexing would be disabled on that partition.

Hope this helps!

Max P.

 

Hello MaxPat and welcome to the forum!
this sounds as a good tip? About the Fat32 partitions had heard before, the cd-rom is new to me but sounds logical too. And like you said you can copy the files you like to be cleansed, so not all streams will be lost which you might need for programs to function properly.