AlternateStreamView is a portable tool that quickly scans any NTFS drives for files containing alternate data streams. NTFS normally stores a file’s data in just one data stream, but it can add more. Some programs do this legitimately: Internet Explorer tags all the files it downloads with a marker in an alternate data stream. This extra data isn’t visible in Explorer, though, so some malware will also use the technology to hide itself.
[advt]Choose the drive you’d like to check and click Scan. The program will immediately leap into action, examining every file on that drive and reporting anything that contains an extra stream. It show lengthy list of files, with the name of the stream they contain, the file path, and stream size. Most, if not all of these will be entirely legitimate: if you use IE, for instance, you’ll see most of your favourites have a favicon stream which stores an icon for them. But if there is a malware issue, a large stream which you can’t explain, then the program could provide a useful pointer for further research.