?? .DS_Store

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Uh oh. I've got done formatting a new laptop and installing XP Home
SP 2 and some software. I'm finding some little files called
..DS_Store in a few folders. I didn't make them and I don't know where
they came from.

What are these?
Are they bad?
Should I delete them?
 
To add more information to Wes's post.

I was recently doing some Photoshop training and the instructor was using a Mac. He would post exercise files that included multiple folders and files. Each one of these folders contained one or more of these DS_Store files. I just deleted them and this had no effect on the files.
 
And because of Macs we have Alternate Data Streams. ;-(

<quote>
Alternate data streams were added to the NTFS filesystem primarily for
Macintosh compatibility. The Macintosh Hierarchical File System uses
attached metadata (called the resource fork - Microsoft doesn't have a
monopoly on goofy feature names) to tell the system how to handle the data
(called the data fork). In effect, it's a more powerful, flexible version of
the dot-3 extensions (.doc, .txt, .bmp, etc.) on Windows filenames. Having
an equivalent to the resource fork in NTFS made it a lot easier to port
software between the operating systems.

Like the resource fork in the Mac, ADS can include a lot more information
about a file than just the file type. This is why a number of Windows
programs use alternate data streams. A good example of ADS use is provided
by Microsoft Word. Every Word document can have annotations attached
describing the document, and this information is stored in an ADS attached
to the document.
<quote>
Alternate Data Streams: Threat or Menace?
http://www.informit.com/articles/article.asp?p=413685&seqNum=1

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
OK. Thanks, guys. I used a Mac a decade ago. Some of the software
and data I loaded was from CD's with Mac-created files. The .ds files
must have been from that time.

Since I'm not using a Mac anymore, and will probably modify some of
these files, I guess it's okay to delete the odd .ds resource fork
files.

Thanks for the explanation. It helps to know it wasn't any kind of a
virus.

<*(((><
 
Wesley Vogel said:
And because of Macs we have Alternate Data Streams. ;-(
...
Alternate Data Streams: Threat or Menace?
http://www.informit.com/articles/article.asp?p=413685&seqNum=1
Click to expand...

Yup, malware authors use ADS to hide viruses, trojans, and such. The data stored in them is technically invisible so they can
attach a virus to a healthy file. If the file is then deleted, the virus remains behind. You need special software that can
specifically scan the ADS for malware. :(
 
I don't know about malware, but you can remove the ADS without special
software.

If the file is small enogh, copy it to a floppy, delete the original file
and copy the file back to the machine from the floppy.

If the file is too large for a floppy copy to CD and repeat the rest.

Confirm Stream Loss warning
[[FAT volumes support only the main, unnamed stream, so if you try to copy
or move a file to a FAT volume or floppy disk, you receive an
error message as shown below. If you copy the file, all named data
streams and other attributes not supported by FAT are lost.]]
from...
Multiple Data Streams
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c13621675.mspx

Confirm Stream Loss warning
http://www.microsoft.com/library/me...dtechnol/winxppro/reskit/ch13/f13zs15_big.jpg

HijackThis has an ADS scanning function.

---------------------------
HijackThis
---------------------------
Using ADS Spy is very easy: just click 'Scan', wait until the scan
completes, then select the ADS streams you want to remove and click 'Remove
selected'. If you are unsure which streams to remove, ask someone for help.
Don't delete streams if you don't know what they are!

The three checkboxes are:

Quick Scan: only scans the Windows folder. So far all known malware that
uses ADS to hide itself, hides in the Windows folder. Unchecking this will
make ADS Spy scan the entire system (i.e. all drives).

Ignore safe system info streams: Windows, Internet Explorer and a few
antivirus programs use ADS to store metadata for certain folders and files.
These streams can safely be ignored, they are harmless.

Calculate MD5 checksums of streams: For antispyware program development or
antivirus analysis only.

Note: the default settings of above three checkboxes should be fine for most
people. There's no need to change any of them unless you are a developer or
anti-malware expert.
---------------------------
OK
---------------------------
--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
ADS sounds like some kind of disease.

Attention Deficiency Syndrome.

Hey, I'm too poor to pay attention, man

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Back
Top