Results 1 to 2 of 2

Thread: Alternate Data Streams Connected to vsmon

  1. #1
    zonelabotomy Guest

    Default Alternate Data Streams Connected to vsmon

    While scanning for Alternate Data Streams (ADS) with my disk security software it identified 2 ADS's attached to vsmon [:|SummaryInformation:$DATA,:{4c8mm199-6c1e-14d1-4e31-00c04fb2591e}:$DATA].

    Does vsmon use ADS's for data storage or is this something to be concerned about?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: Alternate Data Streams Connected to vsmon

    Hi ZoneLabotomy
    Alternate Data Streams is a very obscure feature of NTFS system files. It may be a cause of concern if they are .exe files but this doesn't mean they are malware. When I had TDS3 it was frequent to find some associated to several files and they were not bad, in fact I never found one bad. I don't know if vsmon.exe uses them but I doubt, they are mainly created randomly by the system (I remember one that was associated with the parent file ccapp.exe from NAV). To be sure go to www.ewido.net and download ewido security suite. It has 14 days trial and after that you may keep it for free as on demand scanner (just loose the real time monitoring). It's one of the best anti trojan along with Trojan Hunter and also picks up spyware, tracking files and several other malware. Update the program and run a full system scan with the default settings that one of them is scan inside ADS. If it finds something it will delete witouht affecting the parent file. I think that with TDS3 (discontinued) and Trojan Hunter it's the only scanner that is able to do that.
    Best regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •