StripADS

From SpybotWiki
Jump to: navigation, search
StripADS
Group Files
Main Application Version 1.4 or later
Required Update n/a
File Parameters yes (fourth)
Registry Parameters no
Build Parameters yes (fourth)
Special Parameters no

Scans for an ADS attached to an existing file.

Usage

StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]]

Examples

StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321"

This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.

Description

This command can be used to remove ADS streams from files.

  1. It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
  2. Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
  3. Specify the name of the attached ADS. PT
  4. Use advanced file parameters to clearly identify the file.
  5. Use advanced file parameters to clearly identify the attached stream.

Scan Results

  • The ADS file.

See also

Similar commands