Computer Viruses     Computer Virus Information     Get rid of Computer Viruses     Report a Virus     Free Computer Virus Magazine!     Site Map                                                              Home
Computer Viruses
Computer Virus Information
Get rid of Computer Viruses
Report a Virus
Free Computer Virus Magazine!
Subscribe to our free Computer Viruses' Magazine:

2 days to learning all about NTFS ADS viruses.

Day 1.

Hi there.Welcome to the Day 1 of this free report.As you already know,the aim of this free report is to teach you all about NTFS ADS viruses.I've divided this report into 2 parts,since there's so much to learn,and you'll get your brain drained if you try to learn it all in one day.I also recommend that you read this part today and read Day 2 tomorrow.However,of course you can learn it all today if you're feeling ambitious.
Anyway,lets get started.Today you're going to have a feeling of what NTFS is and whats NTFS ADS.And a little of how viruses can be created that ride on the ADS feature of the NTFS file systems.(Don't worry if it sounds techy.It'll soon all make sense.)

What is NTFS ADS?

Well,ADS stands for Alternate Data Streams.It is a feature of the NTFS file system.It allows data to be attached to files but this data remains completely invisible to some file reading utilities.This feature can be used by viruses to exploit systems.Wanna see how it works?Then may be we have to get started with some practical stuff.

Getting started.

What you'll need.....

Well,what we are going to do now isn't going to work unless you have got NTFS file system installed on the drive you'll work at.(I got almost half crazy trying to get it to work on one of my drives that had FAT32 and couldn't realize what was wrong.Then I checked the file system and was like OHH Stupid Me!Anyways...)However if you do not have NTFS installed on any of your drives and you can't get one that has it installed,then just read the rest of this article....you'll get an idea of what I'm talking about.However if you do have a drive with NTFS installed,then great!Lets do it!

First of all,make a seperate folder in the drive that has NTFS installed.Name that folder "test".Now,you must be having a little knowledge of how to use Ms.DOS.If no,then visit this page.Learn Ms.DOS through the free tutorials provided and then return here.

If you already have a little know-how of Ms.DOS,then we can get started right away.

Learning how to create ADSs.

An ADS is really simple to create if you know have a little knowlegde of Ms.DOS.Just lauch Ms.DOS and point to the folder "test" on whatever drive you have the folder on.Lets say you have test installed on Drive C:\ so you'll have to point to the folder C:\Test.
Now,type the following line:

echo"this text is visible">1.txt

What's happening here,is that the echo command is creating the file "1.txt" and putting the words "this text is visible" into that file.

Now,when you open the folder C:\Test through windows explorer you should see the file 1.txt and when you double click that file,you should be able to read the words"this text is visible" in that file.Now,lets move on creating our first ADS in that file.

At the command prompt,type the following line:
echo "and this this text is invisible">1.txt:ads1.txt

This command creates an ADS,or a data stream in the file 1.txt.This data stream cannot be viewed by windows explorer or Ms.DOS.If you open the folder C:\test through Windows Explorer then you will see only one file,named 1.txt.You wouldn't see any other file.And,even if you try the DIR command through Ms.DOS,you will still see only one file named 1.txt in that folder.Also,by creating 1.txt and adding an ADS to it,we have used some 54 bytes of memory.However,we see that the DIR command shows only 24 bytes occupied by the folder.You may even check the size of the folder through Windows Explorer(you can do so by opening drive C,right clicking on the folder Test and choosing properties.)Still you would see only 24 bytes occupied by the folder.The only way you can view the ADS you just added to the file,is by typing the following command at the command prompt:

notepad 1.txt:ads1.txt

This will open up a notepad window and will show the file we just created.This is the only way you can read the ADSs attatched to a file.However,now there is a free tool available which scans the entire drive or a given directory for AdSs. It lists the names and size of all alternate data streams it finds.It is called Lads.You can download Lads now.If you ever come across a file that you doubt has some ADSs attached to it and you want to read what's in the ADSs then LADS is the program for you. You can use LADS to find the names of all of the ADSs attached to that file/folder.Then you can use the notepad command to view the contents of the ADSs.This is very useful if you are not sure if a particular folder or file has ADSs attached to it or not and if you want to view the contents of the ADSs.

Well,that's all for now.Tomorrow I will show you how NTFS ADS can be used to create viruses,and also how you can remove ADSs from a file without losing the original data it contains.As for today,you may want to practice creating ADSs and experiment with them.

Day 1----Day 2

 

     Contact me.    Advertise with me.
Copyright 2003, Ali Akhtar.-All Rights Reseved

Free Web Counter
Free Web Counter