The Windows Club

Phrozen ADS Revealer is an Alternate Data Stream detection tool for Windows

With ever increasing dependence on the online environment, there has been a proportionate rise in growth of malware and cybercriminal activities all across the globe. Internal attacks that have the highest potential for damage result from the activities that involve the transfer of files from one system to another on an internal network. Although unintentional, it results in the compromise of the integrity and confidentiality of the system, or affecting system performance and storage capacity.

In recent years, malicious software or malware have evolved and become more sophisticated, so have the software and hardware technologies for helping to prevent malware threats and attacks. Phrozen ADS Revealer is a special Windows program designed to reveal possible malicious ADS or Alternate Data Stream files in your file system.

What are Alternate Data Stream (ADS) files

If you are not aware, ADS mean Alternate Data Stream, a characteristic feature of Windows New Technology File System (NTFS). The system contains metadata for locating a specific file by author or title. The inherent danger of ADS’s is that the information contained by it cannot be modified in any form. For instance, providing additional “Title” data to a file’s ADS will not alter the size of the file or change its functionality in any way. This keeps ADS’s hidden and therefore, a target place for attackers, particularly rootkit builders, to hide their tools. Phrozen ADS Revealer solves this problem for you.

Alternate Data Stream detection tool

Phrozen ADS Revealer is a free program designed specifically to reveal possible malicious ADS files in your file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device) and remove them completely.

It is easy to download and install. Simply visit the link given at the end of the post to download and run the program. Once up and running, the tool starts scanning NTFS drives within seconds. The scanning process appears quite simple but, it is powerful since it analyzes the entire system, a target drive or a specific folder. The latter option is particularly useful for processing only suspicious directories, without actually having to analyze the entire system.

A good feature about the program is that no technical knowledge is required to run the program, as the software automatically displays suspicious files. In addition, a backup function gets activated when you start the program which acts as a viable fail-safe option, allowing users to readily store documents suspected of malicious content.

Before performing any scanning action, it is essential for a user to know that the software only works with NTFS drives. ADS documents are associated with this architecture and, hence, the program will work on this type of drive only and not any other.

A special feature of Phrozen ADS Revealer – it allows users to retain full control over how potential threats should be handled. For example, while scanning is underway and a threat is detected, 2 types of commands can be issued,

  1. Backup the selected ADS document
  2. Erase the document.

The program will not initiate any action on its part automatically.

Phrozen ADS Revealer download

Developing safe and smart browsing habits can protect you from malware and other threats, like viruses but in cases where the possibility of data loss is much easier and recovering data after a malware attack is difficult, Phrozen ADS Revealer might prove of some help in providing protection. You can download it here.

Also, check out:

  1. ZoneIDTrimmer will help you quickly remove the Zone.Identifier alternative data stream
  2. GMER Rootkit Detector removes Alternate Data Streams, Drivers hooking SSDT, drivers hooking IDT, Drivers hooking IRP calls, etc.

There are a number of other Alternate Data Stream detection tools out there that will allow you to view and manipulate ADS. One that Microsoft has provided for years is called SysInternals STREAMS.EXE.