StripADS

From SpybotWiki
Revision as of 13:09, 18 February 2008 by CCRDude (talk | contribs) (Examples)
Jump to: navigation, search

Scans for an ADS attached to an existing file.

Usage

StripADS:[description],[path & filename],[ads name],<advanced file parameters>,<advanced file parameters for ads stream>

Examples

StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=197352,md5=23812A64B891E8230F8283D51044886C"

This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.

Description

This command can be used to remove ADS streams from files.

  1. It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
  2. Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
  3. Specify the name of the attached ADS. PT
  4. Use advanced file parameters to clearly identify the file.
  5. Use advanced file parameters to clearly identify the attached stream.

Scan Results

  • The ADS file.

See also

Similar commands