Jump to content
dellyfry

ADS Rootkit

Recommended Posts

If I have a rootkit that is a driver file (lzx32.sys) and has hidden itself into the ADS stream, how can I remove it and send it to samples at superantispyware.com for analysis and inclusion? What tool, technique, or utility is there available for doing this?

Share this post


Link to post
Share on other sites
What tool, technique, or utility is there available for doing this?

Nevermind, I find a shareware utility called "NTFS Streams Info" that allowed me to extract the file in question complete with a nice GUI interface.

If it is not against the rules of this forum, I am going to post a link to the website in case anyone else is interested in it.

The site is: http://www.isgeo.kiev.ua/shareware/index.html

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×