Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Hidden folder on a CD/DVD! (How to creating Super folders ! )

Posted on 2011-09-04
11
Medium Priority
?
2,336 Views
Last Modified: 2012-05-12
Hi experts!
I have 2 questions about 2 strange Folders I saw. Answering each question will have 250 point!

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick?
I want to know how to create such a folder!
It's very useful.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) I have a flash memory security software that creates a non-deletable folder called autorun.inf!
this autorun.inf folder prevents viruses to write their own inf file to the disk! A nice idea!
But how it works is important:
inside the autorun.inf folder exist a directory called"immunity." and can not be modified in anyway.
When I want to enter it I see the below error. (See the attached file)
It seems to be some kind of shortcut! (but not a regular one)
I want to know how to create such a folder too!
folder-unavailable.JPG
0
Comment
Question by:Arman Khodabande
  • 6
  • 4
11 Comments
 
LVL 51

Expert Comment

by:Jackie Man
ID: 36481139
1) My friend gave me a multimedia DVD as a gift.
It has a hidden directory on it. It's not a normal hidden folder. (not having system attributes or hidden attributes)
My both folder option items for showing files are unchecked.
When working with the DVD files I found out that all of the files on the DVD are about 400 MB in size. But the DVD used size was 3.8GB. M- it is multi-sesssion DVD and the only visible session is having content of 400mb.
I recognized it when I was used Isobuster. There were two sections which one of them contained that data folder and the other didn't.
The two sections as I've always seen must be the same.
I think one of them is the one shown to the user and one of them is the one that contains real files and folders.
The name of one of the sections was "ISO" and the other was ">>>>".
Anyone knows what's the trick? <- it is not a trick. When your friend burn the first session with the content of (3.8GB - 400mb) but does not finalize the burning. Instead, when you start another burning of data, another session has been created on the DVD. Afterwards, the burning of the DVD is finalized, and only 400mb of the second session is visible.
I want to know how to create such a folder!
It's very useful.

In short, ISOBUSTER is to locate whether there is another session of data being burnt but have not been finailized.

0
 
LVL 39

Expert Comment

by:BillDL
ID: 36481967
Just curious.  What does the following command reveal when you have your USB Flash Drive inserted?:

dir /a /s "I:\*.*"
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36482739
I've tried the Dos things already !
However Dir command with that switches outputs this:


 Directory of i:\

09/05/2011  12:10 PM    <DIR>          AUTORUN.INF
               0 File(s)              0 bytes

 Directory of i:\AUTORUN.INF

09/05/2011  12:10 PM    <DIR>          .
09/05/2011  12:10 PM    <DIR>          ..
09/05/2011  12:10 PM    <DIR>          zhengbo.                   Note: ( Some versions of that usb disk security make immunity. instead of zhengbo. )
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)      31,471,616 bytes free
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 39

Expert Comment

by:BillDL
ID: 36483706
Hmmm.  I was wondering if there were any blank spaces after the dot at the end of "zhenbo." or "immunity." that may have been created in the same way as pranksters can create un undeletable folder using the Alt + ???? keyboard combinations that write non-printable characters.

There was also a trick where you could create and name a new folder "My Computer." (or some other file name) and suffix it with the curly braced {GUID} for a special system folder or NameSpace, and everything after the name including the dot would disappear.  The new "folder" would then take on the attributes and behaviour of whatever that {GUID} referred to in the registry. It doesn't work in anything after Windows 98 though.  It takes on the attributes and new icon, but the full file name, eg. "My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}" remains visible.

I can't be sure, but I have a feeling from memory that some of the first USB Autorun.inf viruses MAY have hidden them in a fake "Recycle Bin" folder that might fool the average person into thinking it should display on a Flash Drive as it does in fixed hard drives.
Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
Maybe I'm wrong about that and the malware just created a real but hidden "RECYCLER" folder and a sub-folder with a fake SID number (eg. S-1-5-21-etc-etc-etc-1003) and therein had a "Desktop.ini" file that made it display the Recycle Bin icon.

Anyway, I went off on the hunt for the "USB Disc Security" program so that I could try and find out how it created the folders, but all I could get were those pesky small "download initialiser" programs that fetch the real software plus other "offer" software to annoy the user by installing.

I gave up looking, but from what I can see by reading into "How To" pages advising users how to get rid of the "zhengbo." folder, it would seem to me that the USB security may be dependent on the "USB Disc Security" program actually being present on the computer.  Again I may be wrong though.  What happens if you insert the USB Flash Drive into another computer without that software?

As far as the DVD issue is concerned, I surmise that what you see on a DVD in Windows Explorer, and also via an "ISO" viewer, is not what is really on the Disc.  In much the same way as a bootable CD has an "image" that shows as an *.IMG or *.BIN file in some Disc Image applications, and an Audio CD shows 1KB *.CDA files that aren't really files but just shortcuts representative of where on the CD each Track starts and ends.
0
 
LVL 39

Expert Comment

by:BillDL
ID: 36483740
Are there any spaces after the dot in "zhengbo." when you redirect the dir output to a text file and double-quote the names?

From the command window:
 
for /f "tokens=* delims=" %A in ('dir /a /b /s "I:\*.*"') do @echo "%A">>c:\Dir_Of_I.txt

Open in new window

From a batch file:
 
for /f "tokens=* delims=" %%A in ('dir /a /b /s "I:\*.*"') do @echo "%%A">>c:\Dir_Of_I.txt

Open in new window

Double-Quoting the lines would obviously show a space if present before the closing quotes.

If so, then scrolling over and copying the file name directly from a Command Window and pasting it back into a suitable command line often does the trick for those invisible characters that appear to be spaces.
0
 
LVL 10

Assisted Solution

by:Arman Khodabande
Arman Khodabande earned 0 total points
ID: 36487683
I knew all about what you said about creating that system folders (with GUID codes) and recycler folders on usb memories!
That kind of folders (Even the folders created using Alt+??? keys) can be deleted easily!
And in response to what you said about spaces, I should say that here we don't have any spaces!
I used the command and I upload the results! As you see no space there!

That "USB disk security" software is an award winning software, however this function (to put an autorun.inf folder) existed only in some versions of it and doesn't exist in new versions!
And FYI :  I've created a super folder by myself which imitates that autorun.inf of that software!
The trick I used to do this was :
1) Creating an Autorun.inf folder on the drive.
2) Create one of those prohibited folders on windows which represent low level system devices ! (con, prn, nul) (Did you know this? you can not create this folders in windows normally!)
3) You're done ! This folder can not be deleted or modified!

But I want to know the trick behind this immunity. or zhengbo. folder ?! I always look for challenges like this!
P.S. How are we able to make that invisible folder on cd or dvd?
I'll post the image file of that cd soon. to make you wonder! The cd is not here as I type these words!
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36487689
Excuse me I forgot to attach the file.
Dir-Of-I.txt
0
 
LVL 39

Expert Comment

by:BillDL
ID: 36487739
Thanks kpax.
Yes, I had forgotten about using the "low level system devices" trick.
A screenshot of the disc will be useful, because I too "always look for challenges like this" ;-)
0
 
LVL 10

Accepted Solution

by:
Arman Khodabande earned 0 total points
ID: 36504512
Hi again!
I was able to find the answer to that hidden directory on DVD!

Regardless of "Hidden attributes" of folders, ISO images have their own "Hiding" way!

I found this when I opened the image file of that DVD with UltraISO !
As you see that folder is grayed out in the view pane. and a star is in front of it!
I right clicked on the folder and I was able to Hide / Unhide it !
I attached the screenshot.
As you see "Data folder" on the DVD is not hidden but it's hidden! The ISO image settings don't allow it to be seen!
This link also is useful!
http://club.myce.com/f59/how-set-file-dir-hidden-attribute-iso-image-223613/

Now the immunity. Secret remains !
cd-attributes.bmp
data-properties.bmp
hide.JPG
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36541706
Anyone?

Where did you go Mr BillDL?
0
 
LVL 10

Author Closing Comment

by:Arman Khodabande
ID: 36813341
I solved it myself.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question