Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Format Pendrive under DOS

Reply
Thread Tools

Format Pendrive under DOS

 
 
ClueLess
Guest
Posts: n/a
 
      05-23-2009
Hi Friends

I was forced to format my hard disk as I could not get rid of the
jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
boot under DOS and recover all the text files and image (jpg) before
formatting. Now I have reinstalled the OS and everything is fine.

I use the pendrive and it is also affected and if I now connect it to
my machine the virus/Trojan will be transferred to the hard disk

Is there any way I can access the pendrive under DOS and format it?
The bios says usb under dos enabled. Does it require any special
driver?

If anyone here knows will you please help me with the details?

TIA

ClueLess
 
Reply With Quote
 
 
 
 
Mike Easter
Guest
Posts: n/a
 
      05-23-2009
ClueLess wrote:

> I use the pendrive and it is also affected and if I now connect it to
> my machine the virus/Trojan will be transferred to the hard disk


This is not a Hollywood movie. Bad things/files/executables can be
handled, quarantined, whatever. They don't jump off the pendrive and
infect your machine via the usb connxn along with green arcing
tesla-coil-like special video effects. Depending on how you have your AV
configured, you can access/format the pendrive via windows or a live CD
or whatever.

> Is there any way I can access the pendrive under DOS and format it?


Depending on how the pendrive first sector is written, it may look like
another drive to DOS.

> The bios says usb under dos enabled. Does it require any special
> driver?


Most people just format their pendrives as fat32 from windows.


--
Mike Easter

 
Reply With Quote
 
 
 
 
VanguardLH
Guest
Posts: n/a
 
      05-23-2009
ClueLess wrote:

> Hi Friends
>
> I was forced to format my hard disk as I could not get rid of the
> jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
> boot under DOS and recover all the text files and image (jpg) before
> formatting. Now I have reinstalled the OS and everything is fine.
>
> I use the pendrive and it is also affected and if I now connect it to
> my machine the virus/Trojan will be transferred to the hard disk
>
> Is there any way I can access the pendrive under DOS and format it?
> The bios says usb under dos enabled. Does it require any special
> driver?
>
> If anyone here knows will you please help me with the details?
>
> TIA
>
> ClueLess


Boot from a bootable DOS floppy and find out if you can access your USB
drives. That the BIOS can access the USB drive doesn't mean DOS can.
It may need a driver to define the interface to the device. However,
since you don't want anything getting at your hard disks from the
infected USB drive then you should disconnect your hard drives before
you boot anything that lets you access the USB drive.

So why not disable Auto-Play -- and leave it that way? The only way
that plugging in a USB thumb drive results in infecting your host (other
than deliberate action by the user) is because your OS automatically
loads an executable file specified by the autorun.inf file. Folks
interested in security usually disable Auto-Play. If you need to run
something from there then YOU do it by right-clicking on the autorun.inf
file or by looking in it to see what .exe it wants to load.

Rather than putz around inside the registry to disable Auto-Play, just
get Microsoft's TweakUI powertoy and use it to disable auto-play. Find
it under the My Computer -> AutoPlay -> Types node in their tree list.
Deselect auto-play for CD/DVD drives and for removable drives. Now when
you or someone sticks in any CD/DVD disc or a USB thumb drive, any
executable on it does not get automatically loaded. You lose the
convenience but you gain security.

http://www.microsoft.com/windowsxp/d...powertoys.mspx
(get the version appropriate for your hardware)

Another way to disable auto-play is to set a security policy. Run the
group policy editor (gpedit.msc), and go to Computer Configuration ->
Administrative Templates -> System node in the tree list. Look at the
properties for "Turn off Autoplay". Enable it for all drives.

Similarly, you should NOT configure programs to automatically update
themselves. That also includes automatic updates for Windows. See all
those "All of a sudden" posts in newsgroups? If you let programs
automatically update then you let someone else choose when and how to
change the state of your host. Only the most trusted programs should
automatically update, like your anti-virus programs (most will
auto-update only on signature but alert when there is program update).

If you are going to disable auto-play for USB drives then obviously you
should also ensure that your BIOS does *not* list USB drives as a choice
for a bootable drive. Some hosts have a BIOS that lets them boot from
the USB thumb drive. Typically the malware needs an OS under which to
run but there could be some nasties that are bootable. However, to
ensure the OS bootable from the CD cannot see your hard disks (for the
malware to get at them) and because the OS may default to auto-play for
USB thumb drives, I'd suggest powering down your host and unplugging the
data cable from your hard disks. Then boot using the CD with the
alternate OS on it.

If you are leery that disabling auto-play will protect you from a nasty
on your USB drive, get a bootable .iso image for an OS and use that.
You boot using the CD and use that OS to format the USB drive.
http://distrowatch.com/ lists the latest distros for several OS'es.
http://www.ultimatebootcd.com/ is the UBCD (Ultimate Boot CD) where you
get an .iso image to burn to a disc and use that to boot. Hopefully
UBCD includes USB support so you can get at the USB drives.
 
Reply With Quote
 
Jordon
Guest
Posts: n/a
 
      05-23-2009
VanguardLH wrote:

> So why not disable Auto-Play -- and leave it that way? The only way
> that plugging in a USB thumb drive results in infecting your host (other
> than deliberate action by the user) is because your OS automatically
> loads an executable file specified by the autorun.inf file. Folks
> interested in security usually disable Auto-Play. If you need to run
> something from there then YOU do it by right-clicking on the autorun.inf
> file or by looking in it to see what .exe it wants to load.


I thought that whenever Windows detects a drive, the
boot sector is read and a boot sector virus (or MBR
virus) can spread from drive to drive without an
autorun file.

--
Jordon
 
Reply With Quote
 
VanguardLH
Guest
Posts: n/a
 
      05-23-2009
Jordon wrote:

> VanguardLH wrote:
>
>> So why not disable Auto-Play -- and leave it that way? The only way
>> that plugging in a USB thumb drive results in infecting your host (other
>> than deliberate action by the user) is because your OS automatically
>> loads an executable file specified by the autorun.inf file. Folks
>> interested in security usually disable Auto-Play. If you need to run
>> something from there then YOU do it by right-clicking on the autorun.inf
>> file or by looking in it to see what .exe it wants to load.

>
> I thought that whenever Windows detects a drive, the
> boot sector is read and a boot sector virus (or MBR
> virus) can spread from drive to drive without an
> autorun file.


Wrong. The BIOS scans for drives (in the order specified) looking for a
bootstrap record in an MBR. In the first drive it finds the bootstrap
code, it loads it and passes control to it. No other MBRs are read from
any other drives. So if the boot order is floppy-CD-harddisk and there
are no floppy or CDs in their drives then the FIRST hard disk it finds
with an MBR and one with bootstrap code is the one used. Once the BIOS
loads the bootstrap code, it passes control to it and isn't involved
anymore in reading MBRs. That's why I mentioned to NOT include USB
drives in the boot drive order in the BIOS (but is only a problem if
listed before the hard drive or the hard drive doesn't have bootstrap
code in its MBR).

An order of CD-USB-harddisk could result in the BIOS looking for an MBR
with a non-blank bootstrap record if a USB drive were connected. An
order of CD-harddisk-USB would ensure the bootstrap record from the hard
disk gets used first (and is the only one used); however, I would
recommend against even included USB in the boot drive order unless there
was a real need for it (like parents making sure their kids can't boot
their computer because the hard disk had its bootstrap record wiped that
the OS install typically writes there; the hard disk isn't bootable so
the USB drive has to be used). See
http://www.bootdisk.com/pendrive.htm.

See http://en.wikipedia.org/wiki/Master_boot_record. The only parts of
the MBR that Windows cares about are the disk signature (so it track the
disk even when moved to a different order in the hardware controllers to
keep the drive letter assignment the same) and the partition table. It
doesn't need nor use the code area (bootstrap). The bootstrap code is
used BEFORE any operating system is loaded hence its name.
 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      05-23-2009
Jordon wrote:
> VanguardLH wrote:
>
>> So why not disable Auto-Play -- and leave it that way? The only way
>> that plugging in a USB thumb drive results in infecting your host
>> (other than deliberate action by the user) is because your OS
>> automatically loads an executable file specified by the autorun.inf
>> file. Folks interested in security usually disable Auto-Play. If you
>> need to run something from there then YOU do it by right-clicking on
>> the autorun.inf file or by looking in it to see what .exe it wants to
>> load.

>
> I thought that whenever Windows detects a drive, the
> boot sector is read and a boot sector virus (or MBR
> virus) can spread from drive to drive without an
> autorun file.


The bios is configured to look for a boot sector according to the
priorities set in its nvram. After the bios identifies and turns over to
the prioritized drive's bootsector which was properly identified by the
bios by both the bootsector beginning and its end, boot sector reading is
over unless the bios selected bootsector results in a boot manager being
read somewhere else. If Win or DOS are booted by that BIOS > bootsector
transition, the only way they - win/dos - would try to read a bootsector
somewhere else would be if something told them to.

That is, a dirty pendrive would only be a problem if the bios were
configured to boot from there and there were a pendrive bootsector
virus -or- the booted OS was configured to autorun mounted drives. My
advice about handling the pendrive (as if it weren't autopoison) was
based on the assumption that the OP wasn't going to be configured to be
booting or autorunning from it.


--
Mike Easter

 
Reply With Quote
 
wisdomkiller & pain
Guest
Posts: n/a
 
      05-23-2009
ClueLess wrote:

> Hi Friends
>
> I was forced to format my hard disk as I could not get rid of the
> jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
> boot under DOS and recover all the text files and image (jpg) before
> formatting. Now I have reinstalled the OS and everything is fine.
>
> I use the pendrive and it is also affected and if I now connect it to
> my machine the virus/Trojan will be transferred to the hard disk
>

By default, autorun is disabled for usb sticks - but you want to make sure
and hold down the shift key while inserting the stick, until the drive
shows. Then, do not doubleclick on the driveletter, just get customized to
right-click and select from the menu ("format" in your case would be best).

Btw. bootsector viruses would only get executed when the pc tried to boot
from the infected drive (which in ancient times was a common setting, and
floppies often just were forgotten in the drive until next boot).

> Is there any way I can access the pendrive under DOS and format it?


Perhaps, if the bios has "usb legacy support" and the flashdrive isn't
partitioned, just a "super-floppy".

Anyway, a linux livecd (knoppix, system rescue cd) will do what you want and
much more.

 
Reply With Quote
 
wisdomkiller & pain
Guest
Posts: n/a
 
      05-23-2009
ClueLess wrote:

> Hi Friends
>
> I was forced to format my hard disk as I could not get rid of the
> jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
> boot under DOS and recover all the text files and image (jpg) before
> formatting. Now I have reinstalled the OS and everything is fine.
>
> I use the pendrive and it is also affected and if I now connect it to
> my machine the virus/Trojan will be transferred to the hard disk
>

By default, autorun is disabled for usb sticks - but you want to make sure
and hold down the shift key while inserting the stick, until the drive
shows. Then, do not doubleclick on the driveletter, just get customized to
right-click and select from the menu ("format" in your case would be best).

Btw. bootsector viruses would only get executed when the pc tried to boot
from the infected drive (which in ancient times was a common setting, and
floppies often just were forgotten in the drive until next boot).

> Is there any way I can access the pendrive under DOS and format it?


Perhaps, if the bios has "usb legacy support" and the flashdrive isn't
partitioned, just a "super-floppy".

Anyway, a linux livecd (knoppix, system rescue cd) will do what you want and
much more.

 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      05-23-2009
Mike Easter wrote:

> That is, a dirty pendrive would only be a problem if the bios were
> configured to boot from there and there were a pendrive bootsector
> virus -or- the booted OS was configured to autorun mounted drives. My
> advice about handling the pendrive (as if it weren't autopoison) was
> based on the assumption that the OP wasn't going to be configured to be
> booting or autorunning from it.


Speaking of dirty pendrives. Kaspersky Labs bought a brandnew factory
sealed netbook with autorun worm and a rootkit and password stealer.

The factory induced infection was caused by factory upgrading of Intel
drivers with an infected pendrive.

http://news.idg.no/cw/art.cfm?id=58E...59AE31EA733AAE or
http://snipr.com/in30j Kaspersky Labs is warning users to scan brand new
systems for malware before connecting them to the Internet after
discovering attack code on a just-out-of-the-box Windows XP netbook.


--
Mike Easter

 
Reply With Quote
 
Clueless
Guest
Posts: n/a
 
      05-25-2009
On Sat, 23 May 2009 20:09:10 +0530, ClueLess <(E-Mail Removed)>
wrote:

>Is there any way I can access the pendrive under DOS and format it?
>The bios says usb under dos enabled. Does it require any special
>driver?


Thanks to all of you who responded with some guidance.

Instead of going for the preparation of a DOS bootable disk with USB
drivers, (no floppy drive ), I used the Damn Small Linux CD I
had and cleared the pendrive

Thanks again

ClueLess
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
print dos format file into unix format PengYu.UT@gmail.com Python 5 10-27-2006 01:56 PM
IOS DoS defense causes DoS to itself:) Igor MamuziŠ Cisco 2 05-19-2006 11:59 PM
[newbie]How to install python under DOS and is there any Wxpython can be installed under dos? john san Python 19 02-18-2005 12:05 PM
Unable to run MS-DOS in Windows and DOS properties tabs missing Don Computer Support 5 02-11-2004 07:20 PM
Executing DOS (yes, DOS) program from within Python? Ben Fairbank Python 2 10-07-2003 08:51 AM



Advertisments