• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Question about ADS spy

B

btcomm1

Senior member
It says that malware makers started using ADS to hide their files. I keep a pretty clean system so when I scanned it only found a few things. For instance, it found C:\Program Files\playfirst\chessmaster challenge\chess.exe {4fb697cc-1da700dc-cbab-761-45c00e 03}

I can clearly go in and see chess.exe in windows explorer. So what exactly would it look like if some malware infected my system and hid it's files? Would it give me a path like C:\windowz.exe {abcssfds-asdfsfdasdf} and when I go to my c: drive I wouldn't see windowz.exe even with hidden files and folders showing? Or is it that second part {4fb697cc-1da700dc-cbab-761-45c00e 03} that would actually be the malware? Would malware show up in a form regognizeable or would it look like gobily goup like the {4fb697cc-1da700dc-cbab-761-45c00e 03} does?
 
Ok, I think I get it. I tried it out myself and if you use the command you can create a file named whatever.exe:whatever2.exe that is then invisible in the file system but with the right command you can run it. What I wonder is if there is a way to get processes to run without the first exe or without the :. I guess though that if there is a file running and you can't find it in the file system that ADS spy would be able to detect it and remove it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top