Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2412
  • Last Modified:

Hidden folder on a CD/DVD! (How to creating Super folders ! )

Hi experts!
I have 2 questions about 2 strange Folders I saw. Answering each question will have 250 point!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick?
I want to know how to create such a folder!
It's very useful.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) I have a flash memory security software that creates a non-deletable folder called autorun.inf!
this autorun.inf folder prevents viruses to write their own inf file to the disk! A nice idea!
But how it works is important:
inside the autorun.inf folder exist a directory called"immunity." and can not be modified in anyway.
When I want to enter it I see the below error. (See the attached file)
It seems to be some kind of shortcut! (but not a regular one)
I want to know how to create such a folder too!
folder-unavailable.JPG
0
Arman Khodabande
Asked:
Arman Khodabande
  • 6
  • 4
2 Solutions
 
Jackie ManCommented:
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB. M- it is multi-sesssion DVD and the only visible session is having content of 400mb.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick? <- it is not a trick. When your friend burn the first session with the content of (3.8GB - 400mb) but does not finalize the burning. Instead, when you start another burning of data, another session has been created on the DVD. Afterwards, the burning of the DVD is finalized, and only 400mb of the second session is visible.
I want to know how to create such a folder!
It's very useful.

In short, ISOBUSTER is to locate whether there is another session of data being burnt but have not been finailized.

0
 
BillDLCommented:
Just curious.  What does the following command reveal when you have your USB Flash Drive inserted?:

dir /a /s "I:\*.*"
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
I've tried the Dos things already !
However Dir command with that switches outputs this:


 Directory of i:\

09/05/2011  12:10 PM    <DIR>          AUTORUN.INF
               0 File(s)              0 bytes

 Directory of i:\AUTORUN.INF

09/05/2011  12:10 PM    <DIR>          .
09/05/2011  12:10 PM    <DIR>          ..
09/05/2011  12:10 PM    <DIR>          zhengbo.                   Note: ( Some versions of that usb disk security make immunity. instead of zhengbo. )
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)      31,471,616 bytes free
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
BillDLCommented:
Hmmm.  I was wondering if there were any blank spaces after the dot at the end of "zhenbo." or "immunity." that may have been created in the same way as pranksters can create un undeletable folder using the Alt + ???? keyboard combinations that write non-printable characters.

There was also a trick where you could create and name a new folder "My Computer." (or some other file name) and suffix it with the curly braced {GUID} for a special system folder or NameSpace, and everything after the name including the dot would disappear.  The new "folder" would then take on the attributes and behaviour of whatever that {GUID} referred to in the registry. It doesn't work in anything after Windows 98 though.  It takes on the attributes and new icon, but the full file name, eg. "My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}" remains visible.

I can't be sure, but I have a feeling from memory that some of the first USB Autorun.inf viruses MAY have hidden them in a fake "Recycle Bin" folder that might fool the average person into thinking it should display on a Flash Drive as it does in fixed hard drives.
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Maybe I'm wrong about that and the malware just created a real but hidden "RECYCLER" folder and a sub-folder with a fake SID number (eg. S-1-5-21-etc-etc-etc-1003) and therein had a "Desktop.ini" file that made it display the Recycle Bin icon.

Anyway, I went off on the hunt for the "USB Disc Security" program so that I could try and find out how it created the folders, but all I could get were those pesky small "download initialiser" programs that fetch the real software plus other "offer" software to annoy the user by installing.

I gave up looking, but from what I can see by reading into "How To" pages advising users how to get rid of the "zhengbo." folder, it would seem to me that the USB security may be dependent on the "USB Disc Security" program actually being present on the computer.  Again I may be wrong though.  What happens if you insert the USB Flash Drive into another computer without that software?

As far as the DVD issue is concerned, I surmise that what you see on a DVD in Windows Explorer, and also via an "ISO" viewer, is not what is really on the Disc.  In much the same way as a bootable CD has an "image" that shows as an *.IMG or *.BIN file in some Disc Image applications, and an Audio CD shows 1KB *.CDA files that aren't really files but just shortcuts representative of where on the CD each Track starts and ends.
0
 
BillDLCommented:
Are there any spaces after the dot in "zhengbo." when you redirect the dir output to a text file and double-quote the names?

From the command window:
 
for /f "tokens=* delims=" %A in ('dir /a /b /s "I:\*.*"') do @echo "%A">>c:\Dir_Of_I.txt

Open in new window

From a batch file:
 
for /f "tokens=* delims=" %%A in ('dir /a /b /s "I:\*.*"') do @echo "%%A">>c:\Dir_Of_I.txt

Open in new window

Double-Quoting the lines would obviously show a space if present before the closing quotes.

If so, then scrolling over and copying the file name directly from a Command Window and pasting it back into a suitable command line often does the trick for those invisible characters that appear to be spaces.
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
I knew all about what you said about creating that system folders (with GUID codes) and recycler folders on usb memories!
That kind of folders (Even the folders created using Alt+??? keys) can be deleted easily!
And in response to what you said about spaces, I should say that here we don't have any spaces!
I used the command and I upload the results! As you see no space there!

That "USB disk security" software is an award winning software, however this function (to put an autorun.inf folder) existed only in some versions of it and doesn't exist in new versions!
And FYI :  I've created a super folder by myself which imitates that autorun.inf of that software!
The trick I used to do this was :
1) Creating an Autorun.inf folder on the drive.
2) Create one of those prohibited folders on windows which represent low level system devices ! (con, prn, nul) (Did you know this? you can not create this folders in windows normally!)
3) You're done ! This folder can not be deleted or modified!

But I want to know the trick behind this immunity. or zhengbo. folder ?! I always look for challenges like this!
P.S. How are we able to make that invisible folder on cd or dvd?
I'll post the image file of that cd soon. to make you wonder! The cd is not here as I type these words!
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Excuse me I forgot to attach the file.
Dir-Of-I.txt
0
 
BillDLCommented:
Thanks kpax.
Yes, I had forgotten about using the "low level system devices" trick.
A screenshot of the disc will be useful, because I too "always look for challenges like this" ;-)
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Hi again!
I was able to find the answer to that hidden directory on DVD!

Regardless of "Hidden attributes" of folders, ISO images have their own "Hiding" way!

I found this when I opened the image file of that DVD with UltraISO !
As you see that folder is grayed out in the view pane. and a star is in front of it!
I right clicked on the folder and I was able to Hide / Unhide it !
I attached the screenshot.
As you see "Data folder" on the DVD is not hidden but it's hidden! The ISO image settings don't allow it to be seen!
This link also is useful!
http://club.myce.com/f59/how-set-file-dir-hidden-attribute-iso-image-223613/

Now the immunity. Secret remains !
cd-attributes.bmp
data-properties.bmp
hide.JPG
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Anyone?

Where did you go Mr BillDL?
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
I solved it myself.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now