Old trick to format any drive ; bad joke

Discussion in 'ESET NOD32 Antivirus' started by Fidelius, Sep 28, 2010.

Thread Status:
Not open for further replies.
  1. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    Hello,
    I already talked of this topic 2 years ago. This ms-DOS feature is undocumented and dangerous.
    Make a *.BAT file including the following lines :
    **********************
    @echo off
    format c: /autotest >nul
    **********************
    Use a utility called "bat2exec" in order to transform your BAT file into a *.COM file. Another utility is to transform a *.COM file into an *.EXE file.
    The "autotest" switch does not ask for confirmation before erasing the drive.">nul" is used to hide (no display on screen) what actually happens. See the point now ?
    11 out of 42 online antivirus saw the danger, NOD32 did not.
     
    Last edited: Sep 28, 2010
  2. Nick0

    Nick0 Registered Member

    Joined:
    Feb 18, 2010
    Posts:
    32
    I dont actually think this would prove a danger, as you cannot format the C:\ while the OS is in use.

    I would be interested to test this myself though, if you have complied the .exe file, please can you send it to me.
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Flagging on scripts or compiled scripts like that would wreak absolute havoc with business customers. You're much better off just letting threatsense do it's thing by collecting malicious code that is actually being circulated in the wild and building your definitions off that.
     
  4. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    FWIW, I tested the command by going to a DOS shell and then manually typing this: FORMAT A: /AUTOTEST

    I already had a blank 1.44 MB floppy in the drive, but I got this error from the format command:

    "Invalid parameter - /AUTOTEST"

    So the command failed. If the command will fail for a floppy, it will fail for the hard drive.

    This was with Windows XP SP3. I doubt that the parameter "/autotest" would be valid for any successor version of Windows. It might work with Win98 or lower, but who cares?

    Many DOS commands are not fully implemented in XP and, presumably, in Vista or Windows 7.
     
  5. Nick0

    Nick0 Registered Member

    Joined:
    Feb 18, 2010
    Posts:
    32
    Hi Fidelius,

    Many thanks for sending me a copy of this file, I ran this on a Win XP virtual machine, and nothing happened.

    As the previous poster noted, /autotest was not recognised by Win XP.

    However, even without this command switch, it is not possible to format the C: while the OS is in use. This is therefore not something that needs to be detected by AV as it will not cause a problem.

    See the results:

    http://img811.imageshack.us/img811/1706/capturevc.jpg
     
Thread Status:
Not open for further replies.