b0g0mips

Member
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About b0g0mips

  • Rank
    Member
  1. Just to update - the NexStar3 had no issues with the 2TB drive - in either eSATA or USB usage. I did however init & format the drive connected straight to SATA...
  2. I'm sure everyone is familiar with those annoying viruses that climb onto you USB memory stick when you stick it into some dodgy PC, and if you are unlucky (and don't have autorun turned off on your PC), you end up infecting your PC with the infected memory stick... This is true for other removable storage too (external HDDs, even digital camera SD cards and cellphones that can mount internal space as removable storage over USB). The scheme is that the virus will typically create an autorun.inf file in the root of the drive, which points to the virus executable inside a hidden folder in the root of the drive. Usually the hidden folder has many sub-folders which eventually leads to the virus executable. When the drive is mounted on a typical windows box, the autorun.inf file will tell windows to run the virus executable, and then your PC becomes infected. This is a trick I learned from someone at work a while ago: 1) Make sure you don't have any viruses already on your removable storage drive: * Look for any 'autorun.inf' file in the root of the drive, and nuke that. * Look for any hidden folders in the root of your drive, and nuke that. * Look for any 'recycle bin' folers in the root of your drive and nuke that - removable storage should not have a recycle folder... * If your PC is already infected, some viruses will not allow you to see hidden files / folders, even though you switch on that option in windows explorer; rather use a DOS window to inspect the root of the drive: "dir /ah" or "attrib" will show you the hidden files & folders. * Many viruses fake a recycle bin folder on a removable drive via a specially crafted desktop.ini file inside the 'recycle bin' or 'recycle' folder that tells windows explorer to display the recycle bin contents instead of the actual contents of the folder. You should not have any recycle bin folders on removable storage. Go into the suspect folder from DOS, and do a "dir /ah" to see any hidden files / folders. * If your PC is already infected, the virus might block your attempts to delete the autorun.inf or even the folder structure containing the virus executable. You should try to delete the files from a DOS window. Use "rmdir /S suspect_folder_name" to try to delete the folder. You might also try to revoke any special file / folder attribs on the aurotun.inf or suspect folders prior to deleting them. Use "attrib -r -h -s -a suspect_folder_name" and "attrib -r -h -s -a /S /D suspect_folder_name\*.*" and "attrib -r -h -s -a suspect_file_name". * If the virus is really bad, it might re-infect your drive as soon as you've cleaned it! If so - maybe try and do this procedure on an uninfected PC, or preferable a linux box. 2) Create an "autorun.inf" folder (yes! a FOLDER) in the root of the removable storage drive * This can be done from windows explorer or from a DOS window: "md autorun.inf" 3) Set hidden, system and read-only attributes on the folder * This is best done from a DOS window: "attrib +h +s +r autorun.inf" The idea is that the presense of an 'autorun.inf' folder will conflict with the virus. The virus might typically try to locate an existing autorun.inf file and delete / rewrite it with it's own malicious content. Since you've already created an autorun.inf FOLDER, the virus will not be able to rewrite is since it is not a file, nor will it be able to create a autorun.inf file in the root since under FAT & NTFS filesystems you cannot have 2 filesystem entries (file or folder) in the same parent folder (like the root) with the same name - regardless of the case of the name. The hidden, system and read-only attributes might also help a tad. The effect is that if you mount your removable storage on an infected system, it will not be able to create the autorun.inf file on your memory stick, but it will be able to place the hidden virus executable on your stick... When you plug the memory stick back into your PC, you can inspect the root for any dodgy folders that might contain the virus executable. This trick will prevent your removable storage from contracting bad autorun.inf files. IT WILL NOT protect your PC, if you plug someone else's infected memory stick into your PC. For this - you need to be aware of how autorun works and how it is started. Switch it off!, and be careful not to invoke autorun from a double-click on a drive icon. Notes: * Many anti-virus systems DON'T pick up on many of the USB-spreading viruses (This point cannot be overstated enough - anti-virus applications will NEVER give your a 100% guarantee - do not live in ignorant bliss just because you have the latest updates...) * Most virus executables will attempt to hide themselves even more by using non-standard file extensions, but ones that are still considered executable, e.g.: COM, BAT, CMD, SCR, LNK, PIF, etc... They might event have funny icons to throw you off (like a text-file icon, even though it is an executable...) * Most virus executables will range from 4Kb to 120Kb * If a virus infects you PC, it might be able to hide itself from your anti-virus, even if your anti-virus is updated at a later stage to include signatures to detect the virus in question * Many viruses can hide themselves in windows explorer through numerous ways, don't trust windows explorer if it shows no hidden files in the root of the drive, rather do the detection in a DOS window * If you are unable to delete a folder or a file, make sure you do not have any explorer windows open in that folder, also ensure you do not have any DOS windows open to that folder. You can install file-unlocker utilities (Unlocker 1.9.0: http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml) that can detect locked files, and offer the ability to release the locks * Under Windows Vista and 7, you can dissable autoplay via the control panel * Under Windows XP, you can dissable autorun on all selected drives by downloading "Tweak UI windows powertoy" from the Microsoft website (http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx) * Under Windows XP (and possibly Vista & 7), even if you dissable autorun on a drive, if you open windows explorer in "single-view" layout (only showing the contents of a single folder or my-computer), and you double-click on the icon for a drive / removable storage to open the drive, it WILL invoke autorun.inf! This typically happens when you double-click your my-computer icon on your desktop and then double-click your removable storage icon. It is recommended that you ALWAYS run windows explorer in "double-view" mode, by selecting: [View->Explorer Bar->Folders]. If you single-click on a drive / removable storage icon in the left-hand panel (and you have autorun dissabled), autorun will not be invoked * From the days of OLD windows, there was a trick where you can hold down the left SHIFT & CTRL keys on your keyboard while you insert a CD or memory stick, to prevent it from autorunning. This still works in Windows XP (not sure about Vista / 7). Ensure you hold down SHIFT & CTRL for the entire time it takes windows to detect the removable storage device (and possible auto-install the drivers), until the drive shows up under my-computer. This only works for initial mounting; once the drive is mounted, the previous point about double-clicking a drive icon still holds true! * When you locate the virus executable, do not double-click it or run it via the DOS window * When you locate the virus executable, you can upload it to Virus Total (www.virustotal.com) to see if one of the many anti-viruses that they run can identify it * Autorun.inf files that have been compromised will typically contain commented lines of random garbage characters to change the file's signature and throw off anti-virus scans * Once your PC has been compromized, no amount of anti-virus scans and no amount of "viruses found and cleaned" will give you a 100% garuantee that your box is now clean. The ONLY garuantee is to sanitize all your removable storage, format C: and re-install * Be very weary to try unknown anti-virus applications that you run across on the net (especially those promising 100% detection). Fake anti-virus applications that do nothing and steal your money and/or credit card details are a thriving part of the underground economy: http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf * Once your PC has been compromized, assume the worst - assume someone is recording every key you press (gmail passwords, online banking passwords, facebook, credit card numbers, emails, chats, amazon account, spreadsheets, etc...) Disclaimer: This trick will probably not work 100% of the time, but at least its better than nothing! Also posted here: http://mathdotrandom.blogspot.com/2010/12/protect-removable-storage-with.html
  3. I have an old-ish Vantec Nexstar 3 external HDD enclosure (the USB 2 & eSata model), which I bought in +/-2006. I placed a 320Gb drive into the enclosure at the time, but I would like to upgrade the drive to a 2Tb drive... I don't have the box / manual anymore, but I've noticed new Vantec products state "up to 1.5Tb" on the back of the box... This makes me wonder - will I be able to re-purpose this old Nexstar 3 with a 2Tb HDD? Does anyone know if the "up-to" statement is just marketing-speak, or does external enclosures actually come with a hard-limit on the max size? Thanks!