Naughty pirates

I ran OTL and ADsspy on my computer and discovered "naught pirates" in the file dopus.cert.
Is this something to worry about?

Naught pirates is better than one pirate!

Naughtypirates...worse than 1 pirate

It's nothing to worry about.

so, what is it?

Ask your anti-spyware "tool"!

It's just your anti-spyware tool freaking out about some data, without any real reason. The data is stored in an unusual way, but there is nothing about the data itself that should cause the anti-spyware tool to care about it. (The tool probably has not looked at the data at all.)

The same mechanism is used to store other metadata by Windows itself, e.g. file descriptions for some file formats or the "downloaded from the web" flag which IE puts on files. Your anti-spyware tool will find those things as well but probably has special rules which make it ignore them.

I deleted the cert-files and reinstalled the certificate. Now the naughty pirates sailed away (no mentioning in the virus software anymore

There was no need to do that, although it won't hurt either. (They'll come back; don't worry about it, it's normal and by design.)

While there's certainly nothing wrong with storing data in NTFS alternate data streams per se, it still would be nice to know why the stream has to be called "naughtypirates". That name sounds simply suspicious.

It didn't really have to be named anything, it was just named that without much thought (because it's something nobody was ever expected to see so the name shouldn't have really mattered) about 10 years ago and now we can't really change it without breaking compatibility with previous versions. Nobody noticed or cared about it until recently when certain scanning tools started flagging it just for existing.

Had we known tools would start finding the mere existence of ADS data suspicious years down the road, we would have given it a far more boring name. :slight_smile:

How bout "dancing kittie cats"...?