1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

alternate data streams

Discussion in 'General Security' started by fourspdtom, Mar 31, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. fourspdtom

    fourspdtom Thread Starter

    Joined:
    Oct 9, 2007
    Messages:
    84
    hi again

    been a bit since my last problem post. seems my last couple suspected issues went away after a restore point, uninstall and reinstall of webroot spysweeper, uninstalled webroot firewall but just using xp firewall now. also set only trend micro to start at restart, then i start webroot after startup settles. everything has seemed normal lately although restarts are still a bit slow. decided to run spybot and hjt today.

    spybot found 4 entries for "RegistrySmart" and a good handfull of usage tracks. hjt looked normal, nothing new,, but the ads spy function found quite a few alternate data streams, about half connected to a temp folder,, and the other half connected to items in the favorites folder.

    what are these? and do i just "fix" them thru hjt? any way to know what they are connected to or being used for? we had removed a few of these before when cookiegal helped me a while back ["desktop MRI disabled"], since uninstalling webroot firewall and using xp again, have i opened up for another infection?

    my main concern is and has been desktop spying-viewing [ i play cards online] , is it possible these are anything related ? even with xp firewall on, remote assist and file sharing off , spysweeper and trendmicro always running,, is it even possible for someone to easily [and without my knowledge] spy on my desktop??

    thanx for the help [and patience] once again
     
  2. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
  3. fourspdtom

    fourspdtom Thread Starter

    Joined:
    Oct 9, 2007
    Messages:
    84
    appreciate the links lotuseclat

    i believe i can also remove these thru hjt, is that as effective?. do they all need to be removed, i.e. all considered harmful? and if so , how to find source and prevent re-occurences?

    thanx again
     
  4. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
  5. fourspdtom

    fourspdtom Thread Starter

    Joined:
    Oct 9, 2007
    Messages:
    84
    thanx again for then links,,

    read up just a bit. seems there are some legitimate alternate data streams, but easily exploitable harmful uses as well. i went thru hjt and removed all of them. couple reboots, play cards, couple websites,, none returned.

    the ones connected to the documents and settings/temp folder i assume are related to web surfing, sites viewed or something. all were between 98 and 135 bytes. probably no telling what they are.

    the ones connected to items in the favorites folder apparently have to do with the icons next to the titles. now all the ones that had icons are changed back to the default explorer page icon. no harm there apparently but i woiuld like to get those back.

    looks like half legitimate,, half suspect. i think ill check occassionally, see if any show up and see what i was doing just prior, might narrow it down. ill read up a little more too.

    as usual,, appreciate the help
     
  6. fourspdtom

    fourspdtom Thread Starter

    Joined:
    Oct 9, 2007
    Messages:
    84
    little more i found lately on the subject

    the ads connected to the items in favorites are [i believe] just for the little icons in the favorites list. they each return as you visit the site, close and reopen explorer, there they are.

    the ones connected to items in documents and settings/temp folder,, im not sure yet what sites, but they return occasionally after web browsing. seems they show up 2 or 3 at a time, and each item listed twice. i saved the first list of ads i found if someone wants to look at them?? they might be from the kids sites, games and what not. we seem to catch more things from the kids sites and game downloads than anything else.

    also, on the desktop spying or game cheating ive been worried about, one forum thread led me to a thing called snoopfree. freeware that monitors keyboard hooks and screen snapshots and such,, any here of or use it ??

    first thing it blocked was zHotkey, from the gateway keyboard but not necessary. also it blocked a keyboard hook from ie explorer. both since running it this afternoon, the zhotkey comes at startup, the explorer one im not sure [accidentally cleared log missed the time, doh].

    thanx again
     
  7. fourspdtom

    fourspdtom Thread Starter

    Joined:
    Oct 9, 2007
    Messages:
    84
    hello again,

    i know its been a while on the subject,, the ads tool in hjt shows the ones for the icons in the favorites folder.

    occasionally hjt picks up a couple in the documents and settings temp folder [although they dont show if you look in the folder?]. seem to come 2 or 3 at a time every week or so, and they always are listed twice. those i dont know when or from where they appear [not at startup, or web browser, possibly kids online games], hjt removes them and nothing seems noticeably different before or after.

    any other thoughts?? , or am i worrying too much lol

    thanx again
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/698789

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice