Solved

A Question About Folders!

Posted on 2011-09-24
17
712 Views
Last Modified: 2012-05-12
Hi experts!
If you're looking for a new challenge read this!
It's just about creating folders!

I have a flash memory security software that creates a non-deletable folder called autorun.inf in removable storages!
This autorun.inf folder prevents viruses to write their own inf file to the disk! A nice idea!
But how it works is important:
Inside the autorun.inf folder exists a directory called"immunity." and can not be modified in anyway.
When I want to enter it I see the below error message. (See the attached file)
It seems to be some kind of shortcut! (but not a regular one)
I want to know how to create such a folder!

What's your opinion about this?
I appreciate any guess or comment about this!

You can find more info on this link.
In the comments I've answered some questions and clarified more.

P.S. I wrote this question because of suggestion of Moderators. I hope not to be considered as "Double Questioning"!
immunity-properties.JPG
folder-unavailable.JPG
0
Comment
Question by:Arman Khodabande
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +2
17 Comments
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 36592730
Autorun.inf is generally is a virus generated file, If your flash drive getting autorun.inf file then it is indicates that your flash drive is infected with virus. Better option is format the drive or if you have any important file or folder on this that will not work until the infection get removed. Follow the below procedure in case if heps you to resolve the issue.

Also, Sorry i am not able to find from anything from your screen shot since it just showing 1 folders properties and the error message while accessing it , unfortunately it will not help us to identify your exact issue.

1. open up a command prompt (i.e. cmd.exe) >> to load it go to Run, type cmd, enter.
2. Now to remove virus's attributes (in order to delete it type following line by line and execute them pressing enter.
e.g.
F:\
F:\attrib -s -r -h *.* If there are any malicious EXE files those are now visible so if unnecessary delete them too.
F:\del autorun.inf

Please let me know your thoughts.
3. After finishing above, quickly remove the pen as soon as posible (just after executing del command).
4. Now your pen is without virus activation config. file. Now you can safely delete unnecessary EXE files on it.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 300 total points
ID: 36592801
I think you missed the point there radhadkrishnan....

I don't know off hand how to but will have a go myself and listening for othere peopls comments.

Even if windows doesnt allow something it doesnt mean that a program cant be written rto bypass certain routines and go lower to the os, or indeed use a different os that doesnt have the restriction.

It may also be possible to do something like create a zip file of such a file already created and then unzip it into the right place.

So mainly listening here....

Steve
0
 
LVL 23

Assisted Solution

by:Danny Child
Danny Child earned 100 total points
ID: 36593379
Iirc, under recent service packs, windows doesn't even look at the autorun files, as the were abused so much. So, I think your security software is addressing a vulnerability that no longer exists.

In terms of the specific Q, why do you  want to create an undeletable folder?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 22

Expert Comment

by:senad
ID: 36593710
You can simply disable autorun function on removable drives
http://autorun.moonvalley.com/enable.htm
Also,most antivirus software prevent their execution.
Also autorun.inf is not a virus but a tool to trigger already existing virus.
Mind you, that file can also be very usefull. So it is up to you.
If you are affraid of the negative possibilities then just disable
the entire function. No big deal ....
0
 
LVL 22

Assisted Solution

by:senad
senad earned 100 total points
ID: 36593712
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36594590
Thanks for response, But you all answered irrelevant.

@radhadkrishnan
I said that "autorun.inf" is name of a folder. It's a folder to prevent the Bad INF files from being written to the drive.
I know all about the precautions and viruses.
We're not dealing with viruses here. !
It's a folder not an INF file.
@Dragon-It
I can Rar the folder. I thought about it!
But after extraction of that RAR Archive the "immunity." or "zhengbo." folder becomes accessible and loses its original characteristics!
So there's no point in sending such a file.

@Danch99
In all service packs of windows XP autorun.inf files are welcomed and will be executed! So we have to disable the autorun manually.
I myself use Windows XP SP3.
Only windows 7 and vista do not accept autorun.
And about your question I should say that: Human always wants to know what he doesn't know.! It's in our nature!
I want to know the trick behind this. It's too bad for experts if they can't handle such a simple trick with folders. . .

@senad
Your answer was completely irrelevant. Please read the question carefully. It isn't an "INF" file but it's a folder.
But thanks for your reference.

Thanks to all. I'm waiting for your new responses.

autorun.inf-folder-all.JPG
0
 
LVL 22

Expert Comment

by:senad
ID: 36595278
if I am not mistaken,you wrote :
"This autorun.inf folder prevents viruses to write their own inf file to the disk! "
autorun.inf resides on root drive and not in folder.
so your 'folder' is useless as these files get written to root drive.
if you place autorun in a folder it will not work.
I really do not know what your autorun folder is all about.
What's its function ? Certainly not in preventing autorun.inf from triggering viruses from spreading.
But if you believe that ....its ok.You're entitled to think whatever you want.


0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 300 total points
ID: 36595363
bimey why is it so difficult to understand... If you create a folder called autorun.inf then you cant have a file of the same name... The creating of the undeletable file within that then stops someone deleting the folder.

You can of course make a file with characters such as alt 255 which look like space or make it hidden / system / read only or for ntfs remove all permissions but I assume these folders are created with some characters that cant be handled by the OS normally?

All of those might be hidden to explorer or dir command by default or fool a casual del command but explorer can soon delete if options tweaked or use wildcard and/or del /a in cmd prompt.

Have you tried reading the files dir entry with vbscript, vba in office etc if you dont have any other languages available or the like and seeing if any odd chars in there...

All in all is quite difficult to try and reverse engineer something you cant see.
0
 
LVL 10

Accepted Solution

by:
Arman Khodabande earned 0 total points
ID: 36595772
@ Senad
Please read dragon-it's comment

@ Dragon-it
Thank you dragon-it !
Finally someone could understand the situation!
The alt+255 trick doesn't prevent the folder from being removed but creating such a folder inside it prevents!
And FYI I've created a nondeletable folder myself, which imitates that autorun.inf of that software!
The trick I used to do this was :
1) Creating an Autorun.inf folder on the drive.
2) Create one of those prohibited folders on windows which represent low level system devices ! (con, prn, nul) (Did you know this? you can not create this folders in windows normally!)
3) You're done ! This folder can not be deleted or modified!

But I want to know the trick behind this immunity. or zhengbo. folder ?! I always look for challenges like this!

And as you see the name of that folder ends with a dot. If you try this you understand that you can't add the dot to the end of a folder name!
I think the trick lies here . . . I found it today !
When you add that autorun folder to a Rar archive and then extract it you see that the immunity folder has become accessible! If you pay attention more you'll understand that winrar has removed the dot from the end of the folder name! winrar is a smart software!

The only thing that should be revealed is : "how can we add dot to the end of folder name?"
0
 
LVL 10

Author Closing Comment

by:Arman Khodabande
ID: 36890334
Hooray !
I found out how to create a folder starting with a Dot!
I knew the solution for years but never tried it! It can be created via Dos commands. (MD command)

But I couldn't create a folder ending with a dot.
So I searched again and tried hard! I found out that there is a file manager called "Ztree" it's capable of renaming folders to add Dots to the end of names!

And I read somewhere that you can use win api to creat such a folder!
So that security software have used the second way.
Thank you all.
Good luck
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 36596082
I can easily create files and dirs with . at the beginning easily enough in cmd.exe prompt or any language such as VB, VBA, VBScript.  Can create files ending in dot BUT they are seen as files with no extension.  What you want is to create it with the filename part with a dot in I think... then anything that tries to access it will split it at the . for extension I guess and break... this is assuming file / extension are stored seperately.

Everything I have tried will translate the . on the end into nothing but a non extension file.
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36601131
Do you know a way to create them for windows script host (vbs files)? Because I'm not familiar with VB itself!

files with no extension are not needed! We need a folder with a dot at it end.

If you want to see a dot at the end of a folder name, download Ztree and rename a folder with 2 dots after it's name.!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 36602313
dot at the start is easy... dot at the end every way I know if is treated as a file/folder with no extension rather than a dot in the name.  If I find a way will post.

Steve
0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36707791
Thanks Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 36890501
No problem, at least I knew what yiou meant!

If you find a good way of creating them perhaps you could post it here for all of us.
0
 
LVL 23

Expert Comment

by:Danny Child
ID: 36892634
OK, I can understand some technical curiosity about how to create an undeletable folder, and that's an interesting discussion point.  I still say that security software that uses this as a defence against malware has missed the point.

Here's the article about how MS disabled AutoRun
http://technet.microsoft.com/en-us/security/advisory/967940

and some criticism of their method....
http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_be_protected_from_infected_usb_flash_drives

0
 
LVL 10

Author Comment

by:Arman Khodabande
ID: 36892974
They didn't miss the point, because that security software (Zbshareware USB Disk Security) has removed this feature in it's releases since 2010.
Now I understand why . . .
I always asked myself why did they removed this feature from their software . . .
However I doubt that. Because when I installed my Windows xp (SP3) it ran the Autorun on USB drives (As far as I remember). I disabled it manually.
Maybe you want to prevent viruses from writing their autorun.inf to your flash (If you connect your USB drive to an infected PC). Microsoft has disabled the autorun. But what if you double click on your drive by mistake?!!!!!
It will absolutely execute the virus, because it's the default option for double clicking!

I'm still looking for a way to make a folder using Windows Script host commands. (I just want to know. I've already created a super folder with com folder)
As far as I know WSH accepts VB commands and many more languages like java.

Thanks for reference
Kpax7
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to run Invisible a .bat file? 3 79
Exchange & AD management console 2 126
Odd Coloration 4 41
IPC$ Password 13 41
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question