Solved

Hidden folder on a CD/DVD! (How to creating Super folders ! )

Posted on 2011-09-04
11
1,827 Views
Last Modified: 2012-05-12
Hi experts!
I have 2 questions about 2 strange Folders I saw. Answering each question will have 250 point!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick?
I want to know how to create such a folder!
It's very useful.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) I have a flash memory security software that creates a non-deletable folder called autorun.inf!
this autorun.inf folder prevents viruses to write their own inf file to the disk! A nice idea!
But how it works is important:
inside the autorun.inf folder exist a directory called"immunity." and can not be modified in anyway.
When I want to enter it I see the below error. (See the attached file)
It seems to be some kind of shortcut! (but not a regular one)
I want to know how to create such a folder too!
folder-unavailable.JPG
0
Comment
Question by:Arman Khodabande
  • 6
  • 4
11 Comments
 
LVL 42

Expert Comment

by:Jackie Man
ID: 36481139
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB. M- it is multi-sesssion DVD and the only visible session is having content of 400mb.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick? <- it is not a trick. When your friend burn the first session with the content of (3.8GB - 400mb) but does not finalize the burning. Instead, when you start another burning of data, another session has been created on the DVD. Afterwards, the burning of the DVD is finalized, and only 400mb of the second session is visible.
I want to know how to create such a folder!
It's very useful.

In short, ISOBUSTER is to locate whether there is another session of data being burnt but have not been finailized.

0
 
LVL 38

Expert Comment

by:BillDL
ID: 36481967
Just curious.  What does the following command reveal when you have your USB Flash Drive inserted?:

dir /a /s "I:\*.*"
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36482739
I've tried the Dos things already !
However Dir command with that switches outputs this:


 Directory of i:\

09/05/2011  12:10 PM    <DIR>          AUTORUN.INF
               0 File(s)              0 bytes

 Directory of i:\AUTORUN.INF

09/05/2011  12:10 PM    <DIR>          .
09/05/2011  12:10 PM    <DIR>          ..
09/05/2011  12:10 PM    <DIR>          zhengbo.                   Note: ( Some versions of that usb disk security make immunity. instead of zhengbo. )
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)      31,471,616 bytes free
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36483706
Hmmm.  I was wondering if there were any blank spaces after the dot at the end of "zhenbo." or "immunity." that may have been created in the same way as pranksters can create un undeletable folder using the Alt + ???? keyboard combinations that write non-printable characters.

There was also a trick where you could create and name a new folder "My Computer." (or some other file name) and suffix it with the curly braced {GUID} for a special system folder or NameSpace, and everything after the name including the dot would disappear.  The new "folder" would then take on the attributes and behaviour of whatever that {GUID} referred to in the registry. It doesn't work in anything after Windows 98 though.  It takes on the attributes and new icon, but the full file name, eg. "My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}" remains visible.

I can't be sure, but I have a feeling from memory that some of the first USB Autorun.inf viruses MAY have hidden them in a fake "Recycle Bin" folder that might fool the average person into thinking it should display on a Flash Drive as it does in fixed hard drives.
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Maybe I'm wrong about that and the malware just created a real but hidden "RECYCLER" folder and a sub-folder with a fake SID number (eg. S-1-5-21-etc-etc-etc-1003) and therein had a "Desktop.ini" file that made it display the Recycle Bin icon.

Anyway, I went off on the hunt for the "USB Disc Security" program so that I could try and find out how it created the folders, but all I could get were those pesky small "download initialiser" programs that fetch the real software plus other "offer" software to annoy the user by installing.

I gave up looking, but from what I can see by reading into "How To" pages advising users how to get rid of the "zhengbo." folder, it would seem to me that the USB security may be dependent on the "USB Disc Security" program actually being present on the computer.  Again I may be wrong though.  What happens if you insert the USB Flash Drive into another computer without that software?

As far as the DVD issue is concerned, I surmise that what you see on a DVD in Windows Explorer, and also via an "ISO" viewer, is not what is really on the Disc.  In much the same way as a bootable CD has an "image" that shows as an *.IMG or *.BIN file in some Disc Image applications, and an Audio CD shows 1KB *.CDA files that aren't really files but just shortcuts representative of where on the CD each Track starts and ends.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36483740
Are there any spaces after the dot in "zhengbo." when you redirect the dir output to a text file and double-quote the names?

From the command window:
 
for /f "tokens=* delims=" %A in ('dir /a /b /s "I:\*.*"') do @echo "%A">>c:\Dir_Of_I.txt

Open in new window

From a batch file:
 
for /f "tokens=* delims=" %%A in ('dir /a /b /s "I:\*.*"') do @echo "%%A">>c:\Dir_Of_I.txt

Open in new window

Double-Quoting the lines would obviously show a space if present before the closing quotes.

If so, then scrolling over and copying the file name directly from a Command Window and pasting it back into a suitable command line often does the trick for those invisible characters that appear to be spaces.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 10

Assisted Solution

by:Arman Khodabande
Arman Khodabande earned 0 total points
ID: 36487683
I knew all about what you said about creating that system folders (with GUID codes) and recycler folders on usb memories!
That kind of folders (Even the folders created using Alt+??? keys) can be deleted easily!
And in response to what you said about spaces, I should say that here we don't have any spaces!
I used the command and I upload the results! As you see no space there!

That "USB disk security" software is an award winning software, however this function (to put an autorun.inf folder) existed only in some versions of it and doesn't exist in new versions!
And FYI :  I've created a super folder by myself which imitates that autorun.inf of that software!
The trick I used to do this was :
1) Creating an Autorun.inf folder on the drive.
2) Create one of those prohibited folders on windows which represent low level system devices ! (con, prn, nul) (Did you know this? you can not create this folders in windows normally!)
3) You're done ! This folder can not be deleted or modified!

But I want to know the trick behind this immunity. or zhengbo. folder ?! I always look for challenges like this!
P.S. How are we able to make that invisible folder on cd or dvd?
I'll post the image file of that cd soon. to make you wonder! The cd is not here as I type these words!
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36487689
Excuse me I forgot to attach the file.
Dir-Of-I.txt
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36487739
Thanks kpax.
Yes, I had forgotten about using the "low level system devices" trick.
A screenshot of the disc will be useful, because I too "always look for challenges like this" ;-)
0
 
LVL 10

Accepted Solution

by:
Arman Khodabande earned 0 total points
ID: 36504512
Hi again!
I was able to find the answer to that hidden directory on DVD!

Regardless of "Hidden attributes" of folders, ISO images have their own "Hiding" way!

I found this when I opened the image file of that DVD with UltraISO !
As you see that folder is grayed out in the view pane. and a star is in front of it!
I right clicked on the folder and I was able to Hide / Unhide it !
I attached the screenshot.
As you see "Data folder" on the DVD is not hidden but it's hidden! The ISO image settings don't allow it to be seen!
This link also is useful!
http://club.myce.com/f59/how-set-file-dir-hidden-attribute-iso-image-223613/

Now the immunity. Secret remains !
cd-attributes.bmp
data-properties.bmp
hide.JPG
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36541706
Anyone?

Where did you go Mr BillDL?
0
 
LVL 10

Author Closing Comment

by:Arman Khodabande
ID: 36813341
I solved it myself.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now