The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Phrozen ADS Revealer is an Alternate Data Stream detection tool for Windows computers

Download Windows Speedup Tool to fix errors and make PC run faster

With ever increasing dependence on the online environment, there has been a proportionate rise in the growth of malware and cybercriminal activities all across the globe. Internal attacks that have the highest potential for damage result from the activities that involve the transfer of files from one system to another on an internal network. Although unintentional, it results in the compromise of the integrity and confidentiality of the system, or affects system performance and storage capacity.

In recent years, malicious software or malware have evolved and become more sophisticated, and so have the software and hardware technologies for helping to prevent malware threats and attacks. Phrozen ADS Revealer is a special Windows program designed to reveal possible malicious ADS or Alternate Data Stream files in your file system.

What are Alternate Data Stream (ADS) files

If you are not aware, ADS mean Alternate Data Stream, a characteristic feature of Windows New Technology File System (NTFS). The system contains metadata for locating a specific file by author or title. The inherent danger of ADS is that the information contained by it cannot be modified in any form. For instance, providing additional “Title” data to a file’s ADS will not alter the size of the file or change its functionality in any way. This keeps ADSs hidden and therefore, a target place for attackers, particularly rootkit builders, to hide their tools. Phrozen ADS Revealer solves this problem for you.

Alternate Data Stream detection tool

Phrozen ADS Revealer is a free program designed specifically to reveal possible malicious ADS files in your file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device) and remove them completely.

ads

It is easy to download and install. Simply visit the link given at the end of the post to download and run the program. Once up and running, the tool starts scanning NTFS drives within seconds. The scanning process appears quite simple but, it is powerful since it analyzes the entire system, a target drive or a specific folder. The latter option is particularly useful for processing only suspicious directories, without actually having to analyze the entire system.

Phrozen ADS Revealer

A good feature about the program is that no technical knowledge is required to run the program, as the software automatically displays suspicious files. In addition, a backup function gets activated when you start the program which acts as a viable fail-safe option, allowing users to readily store documents suspected of malicious content.

Before performing any scanning action, it is essential for a user to know that the software only works with NTFS drives. ADS documents are associated with this architecture and, hence, the program will work on this type of drive only and not any other.

A special feature of Phrozen ADS Revealer – it allows users to retain full control over how potential threats should be handled. For example, while scanning is underway and a threat is detected, 2 types of commands can be issued,

  1. Backup the selected ADS document
  2. Erase the document.

The program will not initiate any action on its part automatically.

What is an alternate data stream in Windows?

Alternate Data Stream or ADS is mainly used in the NTFS on Windows. It helps you store a completely different data stream than usual. It doesn’t consider the file extension or type. If you need to store a different stream of data for any file on your PC, you need to take the help of the Alternate Data Stream functionality.

Where is alternate data stream stored?

Windows keeps the Alternate Data Stream on the PC itself. In other words, if the physical hard drive or SSD gets erased, the ADS will be removed as well. However, you might not find the ADS on your PC without a third-party tool. That is why you can use the Phrozen ADS Revealer to get the job done.

Phrozen ADS Revealer download

Developing safe and smart browsing habits can protect you from malware and other threats, like viruses but in cases where the possibility of data loss is much easier and recovering data after a malware attack is difficult, Phrozen ADS Revealer might prove of some help in providing protection. You can download it here.

Also, check out:

  1. ZoneIDTrimmer will help you quickly remove the Zone.Identifier alternative data stream
  2. GMER Rootkit Detector removes Alternate Data Streams, Drivers hooking SSDT, drivers hooking IDT, Drivers hooking IRP calls, etc.

There are a number of other Alternate Data Stream detection tools out there that will allow you to view and manipulate ADS. One that Microsoft has provided for years is called SysInternals STREAMS.EXE.

HemantS@TWC

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.