Home Screenshots | About NTFS Streams | Test your Antivirus | Howto | NTFS Streams on Sourceforge | Download

NTFS-Streams: ADS manipulation tool

NTFS ADS Tool is an utility to reveal, list, delete, show contents, extract/copy hidden files from NTFS Alternate Data Streams.

Test (without risk of infection) if your Antivirus Software can detect ADS

  1. go to http://en.wikipedia.org/wiki/EICAR_test_file and read about EICAR test virus.
  2. open cmd.exe and execute

    echo X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* > c:\test.txt:eicar.com

  3. check drive C: with your Antivirus software

Why its important? Because malware and rootkits can hide files in ADS:
Rustock B is not active, but ClamWin cannot detect the Rustocks driver in Alternate Data Streams:

ntfs-ads based on: GNU/Linux, ntfs-3g, xattr, zenity
tested on ubuntu 8.04, kubuntu 8.04, knoppix 5.3 DVD

SourceForge.net Logo