Zone.Identifier NTFS ADS

Discussion in 'Trojan Defence Suite' started by gorgelink, Nov 8, 2004.

Thread Status:
Not open for further replies.
  1. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Hi,

    Last night I finally installed Windows XP SP2.

    Today I downloaded a few files from Project Gutenberg and other trustworthy Web sites.

    When I scanned my system, TDS-3 detected NTFS ADS (Alternate Data Streams) ONLY in the files I downloaded today.

    The ADS were all zone.identifier (26 bytes).

    Example:

    C:/downloads/burke.zip:zone.identifier

    Should I remove these streams and, if I do, will it affect the files or my system in any way?

    Many thanks for your help!

    Gorgelink
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi gorgelink & welcome, You can usually delete them with no ill effect, they are usually associated with picture place holders or other images.
    Streams smaller than 128 bytes are very unlikely to contain anything malicious.

    HTH Pilli
     
  3. gorgelink

    gorgelink Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    49
    Great many thanks, Pilli.
     
  4. kairii

    kairii Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    76
    i think those are the zone id info when you download files using IE in SP2....basically sp2 now keeps track of files u downloaded off the net by attaching an ads stream to the downloaded files....and will give a warning if u try to execute them...no harm in deleteing those ads stream i guess....
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Could be kairii, KAV V5 also throws in some addstreams sometimes as well but they are harmless as well as far as I am told.

    Thanks. Pilli
     
Thread Status:
Not open for further replies.