Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows XP > Alternate Data Stream in root

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Alternate Data Stream in root

Reply to Message Icon

Name: klint
Date: July 8, 2008 at 03:47:36 Pacific
OS: Windows XP
CPU/Ram: 512 MB
Product: IBM
Comment:

This morning, my curiosity turned into a moment of slight stupidity when I ran the following command:

C:
cd \
echo Just testing... > :hidden.txt

So I've created an Alternate Data Stream attached to the root directory of the C: drive. Question is... how do I delete it?



Sponsored Link
Ads by Google

Response Number 1
Name: guapo
Date: July 8, 2008 at 05:34:26 Pacific
Reply:

I don't think it was created. I did the same thing and then I used crucialads to search for it and it didn't find it.


0

Response Number 2
Name: scottyuk30
Date: July 8, 2008 at 05:49:31 Pacific
Reply:

Hi, this might make interesting reading, there is a section at the bottom for removing created streams . Quite amazing what it can actually do and the fact that not many people know it exists is worrying.

http://www.irongeek.com/i.php?page=...

Unknown has caused an error in unknown and unknown needs to restart.


0

Response Number 3
Name: klint
Date: July 8, 2008 at 07:20:45 Pacific
Reply:

Thanks Scotty, I used the streams.exe -d option and it worked. Guapo, I can assure you it's there, but perhaps Crucial ADS doesn't detect it. Perhaps it only detects ADSs attached to files, and not directories. In fact the earlier version I had (1.53) of streams.exe didn't detect it either, but the newest version (1.57) did (and deleted it successfully.)


0

Response Number 4
Name: Razor2.3
Date: July 8, 2008 at 11:45:03 Pacific
Reply:

scottyuk30: the fact that not many people know it exists is worrying.
Know what's really scary? Pre-XP SP2, Task Manager wouldn't show anything running from an ADS.


0

Response Number 5
Name: Glitchman
Date: July 8, 2008 at 12:22:30 Pacific
Reply:

ADSes have been around since NT. There is good reason why they're not highly documented or known, as you can see. :)

That ADS is still taking up space on your hard drive (most likely 4 kilobytes), despite the fact that cmd.exe and other first-party XP tools won't necessarily show it. Without getting overly technical, it is as though you created a file with no name, more or less. The inode is there, but a lot of tools will ignore such "invalid" filenames.

To get rid of it for good, grab a copy of Notepad from NT 4.0 (2K and XP's will NOT do the job!), open the ADS in Notepad, select all text (you will see "Just testing..." to confirm what I am saying), delete, then close Notepad. It will warn you that it can't save an empty file and it will then safely delete it for good.

N.B. Just to be on the safe side in the future, it is best to only create ADSes in temporary subdirectories that you do not wish to keep. That makes cleanup a LOT easier. You can embed ADSes into executables and other things, but it's best to exercise caution.


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon

password accepted only It... Win update restart waits ...



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows XP Forum Home


Sponsored links
Ads by Google


Results for: Alternate Data Stream in root
how to finalize data cd in xp? www.computing.net/answers/windows-xp/how-to-finalize-data-cd-in-xp/159991.html

Retrieving Files www.computing.net/answers/windows-xp/retrieving-files/153942.html

power outage diappeared a file www.computing.net/answers/windows-xp/power-outage-diappeared-a-file/99515.html