Alternate Data Streams (ADS) were originally introduced in Windows to provide compatibility with the Mac OS. Today, attackers frequently use ADS to launch their malware on your systems. Unfortunately, Windows Explorer does not reveal when a legitimate file has had an alternate data stream attached to it. ADS can even be attached to folders and drives - including the root drive C:\. When the drive, folder, or file is accessed, the malware stream also launches.
ADS doesn't work with FAT32 file systems, only NTFS. To check the file system in use, open "My Computer", right-click "Local Disk (C:), and select Properties. The resulting menu will indicate whether the file system is FAT, FAT32, or NTFS. If it's NTFS (which it quite likely will be), you'll want to routinely check for the presence of hidden streams.
ADS Spy, created by Merijn, is a free - and easy to use - tool that scans NTFS volumes, listing any files, folders, or drives that have alternate data streams attached. By default, ADS Spy ignores safe system streams so any that do appear on the list are worth further investigation. To remove any streams detected, click the checkbox next to the item(s) then click "Remove selected streams".