NTFS stream question.

Discussion in 'Trojan Defence Suite' started by spy1, Jun 30, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Is there any way to access and kill streams found in a previous scan without going through a full scan to find them all again?

    I've tried clicking on indidvidual items in the "tests section, but I can't seem to get it to scan specifically for streams.

    Am I missing something? Or is it just not there? Pete
     
    spy1, Jun 30, 2003
    #1
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey Pete,

    Not quite sure what you're asking o_O

    If you mean is there a way to scan exclusively for ADS streams within TDS I believe not.

    If this is what you are looking for there are a few alternatives;

    For command-line/scripting use I use LADS which can be obtained from

    http://www.heysoft.net/nt/lads.zip

    but this will not allow you to delete specific streams.

    I thought I remembered seeing a GUI utility from Sysinternals that listed ADStreams but I didn't see it on a quick check of their site.

    If I am completely off-base with your question please let me know :D

    Dan
     
    Dan Perez, Jun 30, 2003
    #2
  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Dan Perez, Jun 30, 2003
    #3
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    That's correct, Dan, I'd like to be able to scan simply for (and be able to delete) streams by themselves.

    Right now, I can't do that unless I run a full system scan (I think).

    IOW, on the TDS "System Testing" context menu, I can do a quick check of any of the items listed in the screenshot - but NTFS streams isn't there.

    What I'd really like to see would be a context-menu item for that in TDS or - failing that - perhaps a separate app that would do that only (scan for streams and allow you to do everything that TDS allows you to do with them after a full scan).

    And, of course, I have no idea whether that's feasible or not. :) Pete
     
    spy1, Jun 30, 2003
    #4
  5. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    I don't remember seeing the option to delete the streams after a full scan but no doubt you are right.

    A possibility would be to modify the existing script example

    ntfs streams.ss3

    As is, it will search for streams as well as show their contents. Unfortunately, I am completely worthless with vbs/ss3 :oops:

    I would be very hesitant to delete streams in a wholesale manner, though, as many apps rely on them for proper operation

    Sorry I could'nt help you more, hopefully one of the gurus will have better input :D
     
    Dan Perez, Jun 30, 2003
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...