Format Pendrive under DOS

Discussion in 'Computer Support' started by ClueLess, May 23, 2009.

  1. ClueLess

    ClueLess Guest

    Hi Friends

    I was forced to format my hard disk as I could not get rid of the
    jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
    boot under DOS and recover all the text files and image (jpg) before
    formatting. Now I have reinstalled the OS and everything is fine.

    I use the pendrive and it is also affected and if I now connect it to
    my machine the virus/Trojan will be transferred to the hard disk :-(

    Is there any way I can access the pendrive under DOS and format it?
    The bios says usb under dos enabled. Does it require any special
    driver?

    If anyone here knows will you please help me with the details?

    TIA

    ClueLess
     
    ClueLess, May 23, 2009
    #1
    1. Advertising

  2. ClueLess

    Mike Easter Guest

    ClueLess wrote:

    > I use the pendrive and it is also affected and if I now connect it to
    > my machine the virus/Trojan will be transferred to the hard disk :-(


    This is not a Hollywood movie. Bad things/files/executables can be
    handled, quarantined, whatever. They don't jump off the pendrive and
    infect your machine via the usb connxn along with green arcing
    tesla-coil-like special video effects. Depending on how you have your AV
    configured, you can access/format the pendrive via windows or a live CD
    or whatever.

    > Is there any way I can access the pendrive under DOS and format it?


    Depending on how the pendrive first sector is written, it may look like
    another drive to DOS.

    > The bios says usb under dos enabled. Does it require any special
    > driver?


    Most people just format their pendrives as fat32 from windows.


    --
    Mike Easter
     
    Mike Easter, May 23, 2009
    #2
    1. Advertising

  3. ClueLess

    VanguardLH Guest

    ClueLess wrote:

    > Hi Friends
    >
    > I was forced to format my hard disk as I could not get rid of the
    > jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
    > boot under DOS and recover all the text files and image (jpg) before
    > formatting. Now I have reinstalled the OS and everything is fine.
    >
    > I use the pendrive and it is also affected and if I now connect it to
    > my machine the virus/Trojan will be transferred to the hard disk :-(
    >
    > Is there any way I can access the pendrive under DOS and format it?
    > The bios says usb under dos enabled. Does it require any special
    > driver?
    >
    > If anyone here knows will you please help me with the details?
    >
    > TIA
    >
    > ClueLess


    Boot from a bootable DOS floppy and find out if you can access your USB
    drives. That the BIOS can access the USB drive doesn't mean DOS can.
    It may need a driver to define the interface to the device. However,
    since you don't want anything getting at your hard disks from the
    infected USB drive then you should disconnect your hard drives before
    you boot anything that lets you access the USB drive.

    So why not disable Auto-Play -- and leave it that way? The only way
    that plugging in a USB thumb drive results in infecting your host (other
    than deliberate action by the user) is because your OS automatically
    loads an executable file specified by the autorun.inf file. Folks
    interested in security usually disable Auto-Play. If you need to run
    something from there then YOU do it by right-clicking on the autorun.inf
    file or by looking in it to see what .exe it wants to load.

    Rather than putz around inside the registry to disable Auto-Play, just
    get Microsoft's TweakUI powertoy and use it to disable auto-play. Find
    it under the My Computer -> AutoPlay -> Types node in their tree list.
    Deselect auto-play for CD/DVD drives and for removable drives. Now when
    you or someone sticks in any CD/DVD disc or a USB thumb drive, any
    executable on it does not get automatically loaded. You lose the
    convenience but you gain security.

    http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
    (get the version appropriate for your hardware)

    Another way to disable auto-play is to set a security policy. Run the
    group policy editor (gpedit.msc), and go to Computer Configuration ->
    Administrative Templates -> System node in the tree list. Look at the
    properties for "Turn off Autoplay". Enable it for all drives.

    Similarly, you should NOT configure programs to automatically update
    themselves. That also includes automatic updates for Windows. See all
    those "All of a sudden" posts in newsgroups? If you let programs
    automatically update then you let someone else choose when and how to
    change the state of your host. Only the most trusted programs should
    automatically update, like your anti-virus programs (most will
    auto-update only on signature but alert when there is program update).

    If you are going to disable auto-play for USB drives then obviously you
    should also ensure that your BIOS does *not* list USB drives as a choice
    for a bootable drive. Some hosts have a BIOS that lets them boot from
    the USB thumb drive. Typically the malware needs an OS under which to
    run but there could be some nasties that are bootable. However, to
    ensure the OS bootable from the CD cannot see your hard disks (for the
    malware to get at them) and because the OS may default to auto-play for
    USB thumb drives, I'd suggest powering down your host and unplugging the
    data cable from your hard disks. Then boot using the CD with the
    alternate OS on it.

    If you are leery that disabling auto-play will protect you from a nasty
    on your USB drive, get a bootable .iso image for an OS and use that.
    You boot using the CD and use that OS to format the USB drive.
    http://distrowatch.com/ lists the latest distros for several OS'es.
    http://www.ultimatebootcd.com/ is the UBCD (Ultimate Boot CD) where you
    get an .iso image to burn to a disc and use that to boot. Hopefully
    UBCD includes USB support so you can get at the USB drives.
     
    VanguardLH, May 23, 2009
    #3
  4. ClueLess

    Jordon Guest

    VanguardLH wrote:

    > So why not disable Auto-Play -- and leave it that way? The only way
    > that plugging in a USB thumb drive results in infecting your host (other
    > than deliberate action by the user) is because your OS automatically
    > loads an executable file specified by the autorun.inf file. Folks
    > interested in security usually disable Auto-Play. If you need to run
    > something from there then YOU do it by right-clicking on the autorun.inf
    > file or by looking in it to see what .exe it wants to load.


    I thought that whenever Windows detects a drive, the
    boot sector is read and a boot sector virus (or MBR
    virus) can spread from drive to drive without an
    autorun file.

    --
    Jordon
     
    Jordon, May 23, 2009
    #4
  5. ClueLess

    VanguardLH Guest

    Jordon wrote:

    > VanguardLH wrote:
    >
    >> So why not disable Auto-Play -- and leave it that way? The only way
    >> that plugging in a USB thumb drive results in infecting your host (other
    >> than deliberate action by the user) is because your OS automatically
    >> loads an executable file specified by the autorun.inf file. Folks
    >> interested in security usually disable Auto-Play. If you need to run
    >> something from there then YOU do it by right-clicking on the autorun.inf
    >> file or by looking in it to see what .exe it wants to load.

    >
    > I thought that whenever Windows detects a drive, the
    > boot sector is read and a boot sector virus (or MBR
    > virus) can spread from drive to drive without an
    > autorun file.


    Wrong. The BIOS scans for drives (in the order specified) looking for a
    bootstrap record in an MBR. In the first drive it finds the bootstrap
    code, it loads it and passes control to it. No other MBRs are read from
    any other drives. So if the boot order is floppy-CD-harddisk and there
    are no floppy or CDs in their drives then the FIRST hard disk it finds
    with an MBR and one with bootstrap code is the one used. Once the BIOS
    loads the bootstrap code, it passes control to it and isn't involved
    anymore in reading MBRs. That's why I mentioned to NOT include USB
    drives in the boot drive order in the BIOS (but is only a problem if
    listed before the hard drive or the hard drive doesn't have bootstrap
    code in its MBR).

    An order of CD-USB-harddisk could result in the BIOS looking for an MBR
    with a non-blank bootstrap record if a USB drive were connected. An
    order of CD-harddisk-USB would ensure the bootstrap record from the hard
    disk gets used first (and is the only one used); however, I would
    recommend against even included USB in the boot drive order unless there
    was a real need for it (like parents making sure their kids can't boot
    their computer because the hard disk had its bootstrap record wiped that
    the OS install typically writes there; the hard disk isn't bootable so
    the USB drive has to be used). See
    http://www.bootdisk.com/pendrive.htm.

    See http://en.wikipedia.org/wiki/Master_boot_record. The only parts of
    the MBR that Windows cares about are the disk signature (so it track the
    disk even when moved to a different order in the hardware controllers to
    keep the drive letter assignment the same) and the partition table. It
    doesn't need nor use the code area (bootstrap). The bootstrap code is
    used BEFORE any operating system is loaded hence its name.
     
    VanguardLH, May 23, 2009
    #5
  6. ClueLess

    Mike Easter Guest

    Jordon wrote:
    > VanguardLH wrote:
    >
    >> So why not disable Auto-Play -- and leave it that way? The only way
    >> that plugging in a USB thumb drive results in infecting your host
    >> (other than deliberate action by the user) is because your OS
    >> automatically loads an executable file specified by the autorun.inf
    >> file. Folks interested in security usually disable Auto-Play. If you
    >> need to run something from there then YOU do it by right-clicking on
    >> the autorun.inf file or by looking in it to see what .exe it wants to
    >> load.

    >
    > I thought that whenever Windows detects a drive, the
    > boot sector is read and a boot sector virus (or MBR
    > virus) can spread from drive to drive without an
    > autorun file.


    The bios is configured to look for a boot sector according to the
    priorities set in its nvram. After the bios identifies and turns over to
    the prioritized drive's bootsector which was properly identified by the
    bios by both the bootsector beginning and its end, boot sector reading is
    over unless the bios selected bootsector results in a boot manager being
    read somewhere else. If Win or DOS are booted by that BIOS > bootsector
    transition, the only way they - win/dos - would try to read a bootsector
    somewhere else would be if something told them to.

    That is, a dirty pendrive would only be a problem if the bios were
    configured to boot from there and there were a pendrive bootsector
    virus -or- the booted OS was configured to autorun mounted drives. My
    advice about handling the pendrive (as if it weren't autopoison) was
    based on the assumption that the OP wasn't going to be configured to be
    booting or autorunning from it.


    --
    Mike Easter
     
    Mike Easter, May 23, 2009
    #6
  7. ClueLess wrote:

    > Hi Friends
    >
    > I was forced to format my hard disk as I could not get rid of the
    > jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
    > boot under DOS and recover all the text files and image (jpg) before
    > formatting. Now I have reinstalled the OS and everything is fine.
    >
    > I use the pendrive and it is also affected and if I now connect it to
    > my machine the virus/Trojan will be transferred to the hard disk :-(
    >

    By default, autorun is disabled for usb sticks - but you want to make sure
    and hold down the shift key while inserting the stick, until the drive
    shows. Then, do not doubleclick on the driveletter, just get customized to
    right-click and select from the menu ("format" in your case would be best).

    Btw. bootsector viruses would only get executed when the pc tried to boot
    from the infected drive (which in ancient times was a common setting, and
    floppies often just were forgotten in the drive until next boot).

    > Is there any way I can access the pendrive under DOS and format it?


    Perhaps, if the bios has "usb legacy support" and the flashdrive isn't
    partitioned, just a "super-floppy".

    Anyway, a linux livecd (knoppix, system rescue cd) will do what you want and
    much more.
     
    wisdomkiller & pain, May 23, 2009
    #7
  8. ClueLess wrote:

    > Hi Friends
    >
    > I was forced to format my hard disk as I could not get rid of the
    > jl.chura.pl/rc thing. Luckily my drive was FAT32 (XP-SP3) so I could
    > boot under DOS and recover all the text files and image (jpg) before
    > formatting. Now I have reinstalled the OS and everything is fine.
    >
    > I use the pendrive and it is also affected and if I now connect it to
    > my machine the virus/Trojan will be transferred to the hard disk :-(
    >

    By default, autorun is disabled for usb sticks - but you want to make sure
    and hold down the shift key while inserting the stick, until the drive
    shows. Then, do not doubleclick on the driveletter, just get customized to
    right-click and select from the menu ("format" in your case would be best).

    Btw. bootsector viruses would only get executed when the pc tried to boot
    from the infected drive (which in ancient times was a common setting, and
    floppies often just were forgotten in the drive until next boot).

    > Is there any way I can access the pendrive under DOS and format it?


    Perhaps, if the bios has "usb legacy support" and the flashdrive isn't
    partitioned, just a "super-floppy".

    Anyway, a linux livecd (knoppix, system rescue cd) will do what you want and
    much more.
     
    wisdomkiller & pain, May 23, 2009
    #8
  9. ClueLess

    Mike Easter Guest

    Mike Easter wrote:

    > That is, a dirty pendrive would only be a problem if the bios were
    > configured to boot from there and there were a pendrive bootsector
    > virus -or- the booted OS was configured to autorun mounted drives. My
    > advice about handling the pendrive (as if it weren't autopoison) was
    > based on the assumption that the OP wasn't going to be configured to be
    > booting or autorunning from it.


    Speaking of dirty pendrives. Kaspersky Labs bought a brandnew factory
    sealed netbook with autorun worm and a rootkit and password stealer.

    The factory induced infection was caused by factory upgrading of Intel
    drivers with an infected pendrive.

    http://news.idg.no/cw/art.cfm?id=58E2CC84-1A64-67EA-E459AE31EA733AAE or
    http://snipr.com/in30j Kaspersky Labs is warning users to scan brand new
    systems for malware before connecting them to the Internet after
    discovering attack code on a just-out-of-the-box Windows XP netbook.


    --
    Mike Easter
     
    Mike Easter, May 23, 2009
    #9
  10. ClueLess

    Clueless Guest

    On Sat, 23 May 2009 20:09:10 +0530, ClueLess <>
    wrote:

    >Is there any way I can access the pendrive under DOS and format it?
    >The bios says usb under dos enabled. Does it require any special
    >driver?


    Thanks to all of you who responded with some guidance.

    Instead of going for the preparation of a DOS bootable disk with USB
    drivers, (no floppy drive :-( ), I used the Damn Small Linux CD I
    had and cleared the pendrive

    Thanks again

    ClueLess
     
    Clueless, May 25, 2009
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rick Merrill

    parallel port in DOS under XP

    Rick Merrill, Dec 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    504
    Rick Merrill
    Dec 1, 2003
  2. Jeff Wisnia

    DOS Graphic Screen Capture Under WIN98?

    Jeff Wisnia, Dec 19, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    3,432
    °Mike°
    Dec 21, 2003
  3. Sonic
    Replies:
    2
    Views:
    432
  4. Don
    Replies:
    5
    Views:
    2,061
    °Mike°
    Feb 11, 2004
  5. Igor Mamuziæ

    IOS DoS defense causes DoS to itself:)

    Igor Mamuziæ, May 12, 2006, in forum: Cisco
    Replies:
    2
    Views:
    548
    Igor Mamuzic
    May 20, 2006
Loading...

Share This Page