Stream found

Discussion in 'Trojan Defence Suite' started by Wayne B, Jan 29, 2004.

Thread Status:
Not open for further replies.
  1. Wayne B

    Wayne B Registered Member

    Joined:
    Jan 4, 2004
    Posts:
    48
    TDS is showing stream found on some of my image files. The path and file has a colon after it and a long string of numbers and characters after the colon.

    What does this mean?

    These files were not in use at the time I ran TDS.
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Simply ignore streams smaller than 128 bytes if you dont want to see these - its probably a thumbnail image marker or something which was added for indexing or faster access. A lot of programs seem to be using streams for legitimate purposes these days.

    Scan Control > ADS Stream Options :)

    TDS will still alarm specifically if the dangerous AFlooder or AProxy malware is in a stream, since those are binary images (EXE files) and are presented as a definite danger. Those must be bigger than 128 bytes too so ignoring small files is ok (BYTES not KILOBytes)
     
  3. daisymay

    daisymay Registered Member

    Joined:
    Dec 18, 2003
    Posts:
    3
    Location:
    North Wales, UK
    Hi,
    Goto "Annoying" that might help a little more.

    Daisymay :)
     
  4. Wayne B

    Wayne B Registered Member

    Joined:
    Jan 4, 2004
    Posts:
    48
    How do I goto "annoying"?
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    See Daisymay's thread here
     
  6. Wayne B

    Wayne B Registered Member

    Joined:
    Jan 4, 2004
    Posts:
    48
    Most of the streams I had were more than four digits in size. The last I remember was over 5000. Very few were three digit. I have some ideas about what this is now and I think I am ok. Thanks for the information.
     
Thread Status:
Not open for further replies.