Do you know about alternate data streams and the potential threat they pose to your PC? They're a little-known part of the NTFS file system found in most PC hard drives today. Most are used by your system and pose no threat, but hackers can hide rootkits and other malicious software in alternate data streams in compromised systems and execute them without the owner's knowledge or permission. You may be unaware that your system has been compromised until the alternate data stream is executed. Now that we have your attention, we'll tell you about NirSoft's AlternateStreamView, a free tool that scans your NTFS hard drives for hidden alternate data streams and lets you extract them to a folder, delete them, or save them as text, CSV, HTML, or XML files.
AlternateStreamView is portable freeware, so we extracted the program file and clicked it to open the tool and start scanning our drives. We selected our C drive and started the scan, which allows for subfolder depth and includes a wildcard search option. AlternateStreamView quickly returned a list view showing more than 100 alternate data streams.
Most were OK, such as those related to Word's DOC files, and we didn't see anything that looked like a threat or wasn't properly identified. But we did notice alternate data streams left over from uninstalled programs, including some portable system tools. We were able to select these entries and delete them, though of course you can also save them to a folder or in a file if you're not sure. We deleted these leftover streams not because they posed a threat or because it reclaimed significant space or boosted performance, but on principle. They didn't belong there, we didn't want them there, and no program needed them, so they sleep with the fishes.
Any time you modify your file system, the contents of your hard drive, or anything you're not sure about, it's best to check first. But if you even suspect your NTFS hard drive of harboring hidden alternate data streams, AlternateStreamView is for you.