China DOS Union

I introduced the method of hiding with a directory name containing.. here before. Today I found a virus on a colleague's computer at the company, with the directory file name runauo..\, and I also found a virus hidden in recycled not long ago. Both are learning the "Panda Burning Incense" trick. Actually, these techniques were originally intended to teach everyone to collect their own things, but I didn't expect someone to use them for bad purposes. I hope everyone does some good deeds, learns the real hacker spirit, and doesn't harm others. Maybe one day it will harm yourself.

I mostly use my real name when I come to the forum. My name is Min Cheng'an. I hope to make some friends.

Retain device name
Create: md D:\con\ (Note: The following \ number!! Cannot be less!!)
Access: Direct access under XP. But cannot be directly deleted in explorer. In 2k, use Run D:\con\. Unknown in 9x~~ Should not be accessible
Delete: rd /s D:\con\ (If not working, use the above rd /s /q \\.\D:\con\)
--------------------------------------------------------------------------------------------------
The folder established in the FAT32 file system partition of Windows XP SP2 through this method cannot be deleted using the command line provided by the landlord. Do you need to do it in pure DOS? Thanks :)

What a lot of fuss, is it possible to delete after building?

Admired, it's possible like this...

Whether it's a disease, a vulnerability, or a defect, it depends on how you utilize it. For example, I often, after locating a trojan, delete the virus itself through another system or an optical disc system, and then create a folder with the same name as the original virus's exe, dll, etc. files, and then create some "abnormal folders" inside it. This can effectively resist the resurrection means of trojans, etc. Many times, invaders modify trojans or use multiple trojans jointly. After the anti-virus software detects some and successfully removes them, when it restarts, the trojan recovers again. At this time, the abnormal directory is an effective tool to resist the resurrection of trojans.

[ Last edited by hamapanama on 2007-6-28 at 01:08 PM ]

Really gain knowledge, learned!

Another malformed directory is found:
http://www.cn-dos.net/forum/viewthread.php?tid=35279&fpage=1

Tried it oh,
md autorun.inf
cd autoru~1
md a..\ &……
Then cd.. and then rd autorun.inf /s /q to delete it
Later, because my hard drive is in NTFS format, use the access permission command cacls autorun.inf /p everyone:n
Then open avkiller and it was still succeeded by avkiller. The original autorun.inf folder was changed to another name:(

::Should... it will not cause bad results. Suitable for disks in NTFS format
@echo off
for %%a in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
if exist %%a: (
%%a: &cd\
for /f "tokens=*" %%b in ('dir /a-d /b autorun.inf') do (del /a /f /q %%b)
::If there is still autorun.inf at this time, it should be a folder that cannot be deleted
if exist autorun.inf goto :fail
md autorun.inf &cd autorun.inf
md a..\ &md con\ &md nul\ &md aux\ &md com1\
cd..
attrib autorun.inf +a +s +h +r
echo y|cacls autorun.inf /p everyone:n
))

:2
cls
echo Do you want to cancel?
set /p in=(y/n)
if /i %in%==y goto delete
if /i %in%==n (exit) else (goto 2)

:delete
for %%c in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
if exist %%c:\autorun.inf (
%%c: &cd\
echo y|cacls autorun.inf /p everyone:f
cd autorun.inf
rd a..\ &rd con\ &rd nul\ &rd aux\ &rd com1\
cd..
rd autorun.inf /s /q
))
exit

:fail
echo It may have been established, or other problems occurred. Press any key to go to the delete item.
pause>nul
goto :2

[ Last edited by 523066680 on 2009-10-14 at 19:50 ]

Collected..
I have the same feeling as building 36.

Hehe. There are indeed many methods, but I have a question. After I merged two partitions, the content in one folder can't be opened. How to get it out? Friends who find the method can reply an email to me
zhi-052@tom.com

Almost re-posted a big thread, might as well post it here.

Earlier it was mentioned about the folder whose device name is the folder name.
I tried to create a folder with the drive letter as the name: md "c: \"
Result... Created a folder with no name... Then when directly deleting with the mouse, it said --- Unable to read the original disk or file.

After plp626's explanation, I was shocked... Oh, it turns out it's the same as md " \" with c: