Protecting Your USB – 9 : Drive unusable, unformattable, and reporting 0 bytes

Scenario : You connect your PD to your PC, it is recognized (you get the audio confirmation) but it just does not show up in  Explorer. There is no way for you to access it.

Solution : I am pretty sure that everyone in his lifetime at least once comes across this problem which is called as frying your Pen Drive. You plug in your PD, it is recognized but you are not able to access it. You open the Disk Management component of the Computer Management console (type compmgmt.msc in RUN), it shows that the drive is connected, but there is no unallocated space.

Other things about the disk look normal. It shows up in the Device Manager as working correctly, without any warnings. Googling around also does not help cos although many people have this problem where the drive starts reporting 0 bytes capacity and can not be formatted but nowhere is there a fix for it. The most common solution offered was to return the drive to the manufacturer for replacement(if under warranty) or buy a new one( they are so cheap). Well, I wasn’t going to do so until i am dead sure that the usb is totally fried and its not some crappy windows driver issue. So here’s what you do to make sure that the drive is really fried and you need a new one.

Read more…

Protecting Your USB : BitDefender’s USB immunizer

Scenario :  What else ?? The same as always….PC infected by Autorun Virus….need some safeguard….you know…

Solution : Read my Previous Posts.

Ok, On a serious note, Found this new USB Protection Utility tool : BitDefender’s USB immunizer. It comes with two options : immunize your USB storage device or SD card  and Immunize Compute. More details Below.

Read more…

Protecting Your USB – retrospection or Summary…call it what you like…

General Scenario : You have had a look at many methods to protect your USB but find it a bit complex and confusing and dont know which methods to implement…

Solution : As always…dont worry...i’ll be there for you…I will give you a sketch of the measures that i had in effect for my PC(I say “had” because thats what i used in my XP system but now i’m on Win7 and don’t require much of them except few) and you can use it if you like it.

First of all, i had installed Panda USB Vaccine (Method 3) so that took care of auto run of viruses from my pen drive and from an external pen drive on my PC. The only problem i faced with that was that i could not implement Method 1 or Method 2 which i wanted to.

I also had USB Safely Remove installed because it not only resolves those “device is locked” scenarios but also because of an added less known feature – the ability to run scripts on connection and removal (This features are also available in Zentimo). I had modified its settings to run the enable write-protect script (Method 4) on connecting a new device and run the disable write-protect on removal. Also i used to keep the disable write-protect script on my desktop in case i want to copy some files to the PD (I still do!!!). On a related note, I hope all of you have made use of the Free Zentimo Lifetime License Promo.

Note : After reading this method you might feel that you can carry the scripts on your PD and running it when connecting it to external PC via autorun, there is a chance that it might not work and give you a false sense of security. And if it does work and then you might forget to run the disable script and  it will pose a problem to the external PC User…..however if that IS your intention, then full steam ahead 🙂

I troubleshoot people’s PC problems and hence carry a PD with a lot of portable and useful tools which i use to troubleshoot people’s infected PC. I would not be copying anything from their PC and would not want anything to write itself to my PD, so i use the ” fsutil trick” on my PD (Method 5).

Since i’m not using USB Safely Remove or Zentimo on my Win7, i have created a batch file to make sure that i do not encounter that “cannot safely remove hardware as it is currently in use” error (Method 7). Till now, i have not had to use it (Touch Wood!!!).

This constitutes my summary of Protecting Your USB….mind you that this was not only the arrangement that i used on my XP but also the customisations i currently do on the PC’s of clients for whom i do a fresh install of XP and it does work…..atleast for most of them…after all Stupidity has no cure  🙂  :P.

With this, i have covered most of the issues regarding protecting your USB….If i find more i will surely update this..I hope that you all found this useful…Post soon….Stay Sharp!!!

Protecting your USB – Freebie : Zentimo license

Boy, Talk about getting Lucky…..Continuing our USB protection Series….Here is your chance to get it… in a different form. If you remember, in my last post, i mentioned a very popular program called USB Safely Remove……Zentimo is the successor to the very popular USB Safely Remove, a program that allows users to manage external devices that connect to the computer via USB.

Features :

• See device drive size or empty space
• Rename a device
• Change a device image
• Hide a device from the menu
• Scan for hardware changes
• Stop all devices at once
• Drive letter management
• Hiding drives of empty card reader slots
• Fixing a drive letter to a specific device
• Preventing assigning of specific drive letters to hot-plug devices
• You can change a drive letter or volume label quickly
• Portable application quick launcher
• Display of processes preventing the device from being stopped…
• … and the ability to kill these processes …
• … or just to unlock them from the device
• Hotkeys to stop a device or call the menu
• Stopping of all devices at once
• Ability to stop SATA drives
• Returning just stopped device back
• Honest Drive Speed Test ( A new Feature)
• 
  

Phew…..That was a huge List…So you can see how much useful this is…

Typically Zentimo costs $35 per licence. But for a limited time Crystal Rich(the developer of Zentimo) is running a promotion (December 1 to 7) allowing everyone to get Zentimo for free! The promotion is of v1.0 of Zentimo for lifetime and comes with no free upgrades or technical support.

OS Support : Win XP and UP

Download Size : 2.8 MB

How to Get : Head over to this page : http://zentimo.com/giveawayd10.htm and register with your full name and e-mail(You can use the Temporary Email Accounts we discussed earlier) and the key will be sent to you….

Simple and Straight forward….Happy Hunting….:)

Protecting Your USB – 8 : Remount Ejected Device Without Unplug and Reinsert

Scenario : After you have stopped the device, but still have not unplugged it and then you remember that you forgot to write a file to the external drive. In order to do it, you have to physically reconnect the device, however it’s quite inconvenient if the USB Port is on the rear panel of your PC.

Solution : This can be an issue and if you want to remove this by means of an external software, then i will highly recommend “USB Safely Remove” but if you do not want to rely on external software then here is what you need to do to remount the device back.

1. Right click My Computer and select Properties (or simultaneously press Win+Pause/Break key). In System Properties window, go to the Hardware tab and then click the Device Manager button. In Windows 7, you can click the Device Manager link on the left hand sidebar. You can also type “devmgmt.msc” in run window.

2. Expand Universal Serial Bus Controllers.

3. You will find a device that has a yellow color exclamation mark. Right click on the USB Device and select Disable. Again right click on the same USB Device that you’ve just disabled and this time select Enable.

And tada!!!!  The device has been returned back to My Computer.

Agreed that this method might feel cumbersome if the USB port is easily accessible cos unplugging and reinserting it wil be way faster but this can save you from bending your back and trying to reach the back of the case if its on the inaccessible rear panel.

Protecting Your USB – 7 : Missing Safely Remove Hardware Icon

Scenario : At times your Safely Remove Hardware Icon is missing or disappeared from the system tray.so how to safely stop and unplug your USB device ?

Solution : Up until now we covered protection from virus as part of our “Protecting your USB” series, now we move on towards other problems that you might encounter when using your USB.

Now, When you face the above problem, most of the times people don’t bother to search and restore the icon but simply pull out the device. Easy while it may be, it may result in corruption of data cos unknown to you there may be many processes taking place in the USB in the background, like indexing or scanning. So if it has worked for you uptil now don’t think that it will always and it may result in data corruption. so here we will discuss ways to solve this little problem.

Method 1 : Shutting down the computer is one of the ways to safely stop and unplug your USB device, but obviously too stupid!!

Method 2 : Whenever you encounter this problem the first thing you should do is check whether you have set taskbar properties to hide the icon, by “mistake” obviously *coughcoughbraindeadcoughcough*.

You can do so by right clicking the taskbar and selecting properties. Click on “customise” under “notification area” and set the value of “safely remove hardware icon” to “show icon and notifications”.

Method 3 : Still no go ?? well this is a temporary fix for it. Go to Start, Run, type in the following line and click OK( case sensitive command ).

RunDll32.exe shell32.dll,Control_RunDLL HotPlug.dll

Note that this will bring up the “Safely Remove Hardware” dialog which you can use to stop the USB device that you want to unplug and not restore the icon, hence temporary fix.

You can also prepare a batch file…Paste the following  lines in Notepad and save as “.bat” file  :

RunDll32.exe shell32.dll,Control_RunDLL HotPlug.dll

Double-click the batch file to execute.  You can even create a shortcut to this batch file and place it where it is easy accessible for you.

Method 4 : Method #3 can’t be remembered always as to type in everytime you are in a similar scenario. You can also try the following steps :

• Right Click on My Computer.
• Select Manage.
• Select USB Mass Storage Device under the USB Controller.
• Right Click and Disable it.
• Remove your USB drive and Enable it again

Note : If you forget to Enable it again, then you won’t be able to use any of your USB drives unless you enable it again.

Method 5 : Here’s a way on how you can totally avoid the whole data corruption scenario. This method removes your dependency on the Safely Remove Hardware icon

1. Open My Computer
2. Right click on the USB flash drive and click Properties
3. Click on the Hardware tab and select the removable drive from the list
4. Click the Properties button
5. Click on the Policies tab. Here you will see two values :

Optimize for Quick removal

This setting disables write caching on the disk so that you can disconnect this drive without using the Safely Remove Hardware icon.

Optimize for Performance

This setting enables the write caching on the disk so as to improve disk performance. To disconnect this drive, you should use the Safely Remove Hardware icon so as not to hurt your USB drive.

Summarizing, You should set it “optimize for quick removal” if you want to avoid your dependency on the Safely Remove Hardware icon or selecting “optimize for performance” will bring back your icon.

Note though that it does not seem to work for everyone.

So this completes my list of solutions of what to do when the Safely Remove Hardware icon disappears from the system tray. Hope this helps, Still you need any sort of help, feel free to ask in the comments. Stay sharp !!!!

Protecting your USB – 6 : USB Guardian

Scenario : You want only those USB’s that you know be allowed to be connected to your PC

Solution : That is a valid concern cos we all know that to exploit a PC it is sometimes enough to just connect the USB device to the PC

So today we are going to look at a “Freeware”( Yayy!!!! ;P ) program called “USB Waecher”, which is German for USB Guardian. I like the way that this program works. The S/W uses a white-list to determine if an USB device may be allowed to connect to the PC. Devices not in the white-list are not permitted to establish the connection unless they are white-listed.

It might be a bit of a pain for English people ( and i don’t mean residents of England 😉 ) as Part of the information  is displayed in German, with no option whatsoever to change the interface language, however you can very easily use the program even without understanding German. We only have to concentrate on the menu on the left side which is denoted as ” Erlaubte Geräte “, which means allowed devices. This lists all USB devices that are permitted to connect to the PC so that they can be used. All devices that are connected during installation are automatically added to the white-list.

To add new USB devices to the white-list by clicking on the + icon in the toolbar of the application, or by right-clicking on Erlaubte Geräte and selecting Gerät hinzufügen (which means add device). This displays a wizard which is completely in German. Not a big problem though as you need to click on Weiter (next) in the first screen to select the USB device that needs to be added to the whitelist on the second. Just select the device or devices and click Weiter once again. Click Fertig stellen (finalize) on the last screen of the wizard to add the device to the whitelist.

To remove a device just right-click on the USB device and select Delete from the context menu.

Supported Operating Systems:

• Windows 2000 and Windows 2008 R2 (32/64)
• Windows XP to Windows 7 (32/64)

The program can be downloaded directly from the developer’s website.

Protecting Your USB – 5 : Enabling Write-Protect on your USB

Scenario : You carry your USB drive around with you that contains a lot of portable tools but you are afraid that if you connect it to someone else’s PC or a public computer, a virus will infect your drive. You would like it if you could implement a write-protect switch for it.

Solution : The best solution to this problem would be to get a pendrive with a built-in write protect switch :P. That is the hardware approach but if you want to implement it via software…that is a different story.

But first, a little perspective…..you already know how viruses spread via autorun.inf  but that is from an infected pen drive to your PC. what if you connect YOUR pen drive(henceforth called as PD) to an infected PC ?? then none of the methods previously discussed(Write-Protect, USB Vaccine, etc) will help you prevent the PD from  being infected and getting transferred to other’s PC and not just yours.  They may stop it from propagating to your PC, but they cant stop your executable files inside the PD from being corrupted.

Understand first of all, how those executable’s get infected….whenever you plug in your PD to an infected PC, the malware will scan your PD for executables and attach itself to them individually….as a result not only the file size changes but also the amount of free space decreases.

Light a bulb ?? Yes…..As long as you have free space, the malware will write itself to your PD….i mean come on..for the malware to write itself to your PD, it needs some space to write in…. So if you could just make the amount of free space available zero, the malware will not be able to write itself to your PD….ALRIGHT!!!! High- Five!!!!

so what….everytime we have to fill the PD to the brim with unwanted stuff just so it is not infected ?? Well….that is one way or you could simply create a dummy/fake file occupying all the free space available. and the best part is that you do not have to rely on any external tools for that cos Windows provides you the necessary tool…or in this case…command to do so.

The command to use is “FSUTIL“. To quote the microsoft knowledge base : ” Fsutil is a command-line utility that you can use to perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume”. Fsutil has many subcommands, the specific subcommand we are going to use is “file”. The syntax of the command is :

fsutil file createnew filename  size(in bytes)

e.g.      fsutil file createnew K:\fakefile  1300594688

In the above e.g., K: is the drive letter of my PD, “fakefile” is the name of the dummy file and “1300594688” is the free space available on the PD. The file will be created in the root of the drive (and can be deleted manually), also the available free space will become zero in properties.

Note : You will need to run command prompt in administrator mode or you will encounter the foll error : 

This method is quite useful to me cos i carry a PD with a lot of portable and useful tools which i use to troubleshoot people’s infected PC. I would not be copying anything from their PC and would not want anything to write itself to my PD, so this little trick works quite great for me…..Hope it does so for you too….Stay Sharp!!!!

P.S. : If anyone needs a script to automate this, do let me know in the comments.

Protecting Your USB – 4 : Enabling Write-Protect contd…

Scenario contd… : Your PC contains a lot of important and personal files and you are afraid that someone will just connect and copy your important files and want to disable that.

Solution contd… : We covered a method to prevent USB’s from being able to write data in my last post…today lets take it a step further…today we will disable users from connecting a USB storage device – strike the problem at its source.

So how do we do it ??

To prevent users from connecting to USB storage devices, use one or more of the following procedures, as appropriate for your situation.

Case 1 : If a USB storage device is not already installed on the computer (i.e. the user has not connected USB device to the PC in the past)

If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:

• %SystemRoot%\Inf\Usbstor.pnf
• %SystemRoot%\Inf\Usbstor.inf

These files are responsible for installing a USB storage device to the PC so when you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:

1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
2. Right-click the Usbstor.pnf file, and then click Properties.
3. Click the Security tab. In the Group or user names list, add the user or group that you want to set Deny permissions for.
4. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
   Note : Also add the System account to the Deny list.
5. In the Group or user names list, select the SYSTEM account.
6. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
7. Right-click the Usbstor.inf file, and then click Properties.
8. Click the Security tab.
9. In the Group or user names list, add the user or group that you want to set Denypermissions for.
10. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
11. In the Group or user names list, select the SYSTEM account.
12. In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.

Case 2 : If a USB storage device is already installed on the computer

If a USB storage device is already installed on the computer, you can change the registry to make sure that the device does not work when the user connects to the computer.

To do so,  follow these steps:

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
4. In the details pane, double-click Start.
5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
6. Exit Registry Editor.

I agree that while this method might appear crude and too strict ( and might not come under the write-protect definition) but it does implement it (in a way), so i had to cover it… and trust me…. this is one of the methods implemented in corporate environments…

we will continue some more on this USB related topic in my next post….till then…Stay Sharp

Protecting Your USB – 4 : Enabling Write-Protect

Scenario : Your PC contains a lot of important and personal files and you are afraid that someone will just connect a portable Drive and copy your important files and want to disable that.

Solution : This is a really good concern and certainly not paranoid…..unless your important files happen to be just some “stuff” *cough cough prOn cough cough*.

On a serious note, anyone wanting to copy your Personal / Sensitive / Important / Confidential / and so on… could easily make an executable file to be run on autorun and have the executable copy the data to the pendrive (in the background without you knowing) when connected. So the first thing that you need to do is disable autorun on your PC. However that is just the part of it…one of the solutions you can implement is to disable users from writing to a USB storage device when connected to your PC. Simple and Elegant ??

So how do we do it ??

We do it by setting a certain key in the registry. But this setting has the prerequisite of the OS version to be XP SP2 or higher. The beauty of the method lies in the fact that it disables writing to the drive but retains reading from it….so without further ado, here is the manual way to implement a write-protect switch for any USB device connected to your PC.

1. Go to Start -> Run -> Type regedit and hit Enter or click on the OK button.
2. Browse to:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
3. Create a new key called StorageDevicePolicies. Right click on the Control, select New -> Key and type in StorageDevicePolicies, as is
4. Create a DWORD called WriteProtect under StorageDevicePolicies that you created in step 2 and set the value to 1.

To allow writing to USB drives just change the value to 0.

If you do not feel comfortable going to the registry, here is the “.reg” file for it. Just save the below two codes as “.reg” file using notepad and double-click the appropriate file to enable or disable.

Registry Script to Enable Write-Protection (disallow writing to the USB drive) :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]

“WriteProtect”=dword:00000001

Registry Script to disable Write-Protection (allow writing to the USB drive) :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies]

“WriteProtect”=dword:00000000

If you want one more option, then you can also use the command prompt. Here are two batch files which you can use to enable and disable the switch :

Command Script to Enable Write-Protection (disallow writing to the USB drive) :

cd\

reg add “HKLM\System\CurrentControlSet\Control\StorageDevicePolicies” /t Reg_dword /v WriteProtect /f /d 1

Command Script to Disable Write-Protection (allow writing to the USB drive) :

cd\

reg add “HKLM\System\CurrentControlSet\Control\StorageDevicePolicies” /t Reg_dword /v WriteProtect /f /d 0

Once you use the registry hack, you might have to reboot for the changes to take effect. Here’s the window you’ll get when you try and write to a USB drive:

we will continue this topic in my next post….till then…Stay Sharp