|
So I ran FRST on my (Windows 7, 64-bit) PC and found this: ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\System32:5CD8EBDA_Abn.gbp AlternateDataStreams: C:\Windows\TEMP:temp From googling a bit, it seems like this 5CD8EBDA_Abn.gbp might be part of this beyond-shady "security suite" called G-Buster Browser Defense (aka GbPlugin, aka Warsaw) that some Brazilian banks require so you can do online banking through them. This sprawling, self-reinstalling piece of poo poo malware was installed to my computer a few months ago, and I spent a long time piecing together instructions to get rid of it. I think I got it all, with the possible exception of this. So how do I get rid of an ADS? Thanks in advance.
|
# ? Jun 29, 2015 06:37 |
|
|
# ? Apr 24, 2024 08:22 |
|
I'm sure there are tools to do it specifically, but ADS is only supported on NTFS so you could just copy the file to, say, a FAT filesystem disk and then copy it back. The file will lose its ADS attachment in the process.
|
# ? Jun 30, 2015 05:01 |
|
I got it using FRST itself, thanks.
|
# ? Jun 30, 2015 21:16 |