LinuxQuestions.org - My Kingston DT 101 II 2GB infected by autorun.inf & gi2ky.exe and becom read-only!!

- Linux - Hardware (https://www.linuxquestions.org/questions/linux-hardware-18/)

- - My Kingston DT 101 II 2GB infected by autorun.inf & gi2ky.exe and becom read-only!! (https://www.linuxquestions.org/questions/linux-hardware-18/my-kingston-dt-101-ii-2gb-infected-by-autorun-inf-and-gi2ky-exe-and-becom-read-only-729999/)

My Kingston DT 101 II 2GB infected by autorun.inf & gi2ky.exe and becom read-only!!

Hi,
Just like I said in the subject, and it isn't just in Linux, but in Windows XP too! I tried to turn off the write protection by "hdparm -r 0 /dev/sdc1" and "blockdev --setrw /dev/sdc1" but it still read-only file system, even if I try to format it...
for more information:
dmesg

Code:

usb 1-8: new high speed USB device using ehci_hcd and address 38

usb 1-8: configuration #1 chosen from 1 choice

scsi40 : SCSI emulation for USB Mass Storage devices

usb-storage: device found at 38

usb-storage: waiting for device to settle before scanning

usb-storage: device scan complete

scsi 40:0:0:0: Direct-Access    Kingston DT 101 II        PMAP PQ: 0 ANSI: 0 CCS

sd 40:0:0:0: [sdc] 3966976 512-byte hardware sectors: (2.03 GB/1.89 GiB)

sd 40:0:0:0: [sdc] Write Protect is on

sd 40:0:0:0: [sdc] Mode Sense: 23 00 80 00

sd 40:0:0:0: [sdc] Assuming drive cache: write through

sd 40:0:0:0: [sdc] 3966976 512-byte hardware sectors: (2.03 GB/1.89 GiB)

sd 40:0:0:0: [sdc] Write Protect is on

sd 40:0:0:0: [sdc] Mode Sense: 23 00 80 00

sd 40:0:0:0: [sdc] Assuming drive cache: write through

 sdc: sdc1

sd 40:0:0:0: [sdc] Attached SCSI removable disk

sd 40:0:0:0: Attached scsi generic sg3 type 0

cat /etc/fstab

Code:

# /etc/fstab: static file system information.

#

# noatime turns off atimes for increased performance (atimes normally aren't 

# needed; notail increases performance of ReiserFS (at the expense of storage 

# efficiency).  It's safe to drop the noatime options if you want and to 

# switch between notail / tail freely.

#

# The root filesystem should have a pass number of either 0 or 1.

# All other filesystems should have a pass number of 0 or greater than 1.

#

# See the manpage fstab(5) for more information.

#



# <fs>                        <mountpoint>        <type>                <opts>                <dump/pass>



# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.

/dev/sda1                /boot                ext3                noauto,noatime        1 2

/dev/sda5                /                ext3                noatime                0 1

/dev/sda6                none                swap                sw                0 0

/dev/sda2              /home          ext3            defaults        0 2

/dev/sda7              /tmp            ext3            defaults        0 2

/dev/sda8              /var            ext3            defaults        0 2

/dev/sda9              /usr            ext3            defaults        0 2

/dev/cdrom                /mnt/cdrom        auto                noauto,ro        0 0

/dev/sdc1              /mnt/usbkey    auto            defaults,noauto,user 0 0

#/dev/fd0                /mnt/floppy        auto                noauto                0 0



# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for 

# POSIX shared memory (shm_open, shm_unlink).

# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will

#  use almost no memory if not populated with files)

shm                        /dev/shm        tmpfs                nodev,nosuid,noexec        0 0

PS: There is no hardware switch on my usb ;)

Hi, Welcome to LQ. With over 3 million posts, many questions have been answered.

you may get a faster answer by using the fantastic search function here at LQ.

One thing I see that does not make sense to me is the line... from fstab,

Quote:

/dev/sda1 /mnt/usbkey auto defaults,noauto,user 0 0

would conflict with the first statement from the same file...

Quote:

/dev/sda1 /boot ext3 noauto,noatime 1 2

Change the usbkey to point to the directory(absolute address) where it is stored.

Probably sdc1 as you mention above.

The /mnt/"directory-name" must exist,

If the system does not create it for you, mkdir for your self.

To save changes to this file you need to be root,

I hope that helps.

regards Glenn

Hi, sorry for that, but it's not working any way!
I'm going to edit the post right now
Thanks

Quote:

I'm going to edit the post right now

Please don't do that: it makes these threads really difficult to follow. Just explain what the error was, or repost the correct output.

Quote:

Any other idea??

How is /dev/sdc1 formatted? Your fstab has it listed as "auto" which is not at all helpful.

Hi!
It's formated in fat16, I tried to write vfat in fstab but the problem still the same..

Do you have important data on it ? If not, zero it:

Code:

dd if=/dev/zero of=/dev/sdc

I dont care about the content, so I tried your solution but:

Code:

dd: opening `/dev/sdc1': Read-only file system

Other solutions please...

So you ran it on '/dev/sdc' right ? not '/dev/sdc1' ?

Hi, that is all I have really, the only other things...

1. Mount the flash drive in your home dir. Never tried that with a flashdrive, but

It works for other partitions I want access to, I set up /home/glenn/local/ .....

And mount all the other partitions here, as well as the other os's on this box.

2. you might need to be root to dd the drive.

3. Make sure the drive, is formatted fat16, and Has no hidden files,

like an encryption program (oem) or backup.

.... hope that helps.

This may seem like a silly question, but does the drive have a write protect switch on it and is it on or off?

Quote:

Originally Posted by GlennsPref (Post 3561072)

Sorry, it still read-only...
Is there a way to remove the 'autorun.inf' even if it's write protected?

Quote:

This may seem like a silly question, but does the drive have a write protect switch on it and is it on or off?

No, I can't find a switch on it!

Hi, once the system has laoded and everything is settled, look in...

/etc/mtab this file lists the currently mounted filesystems/partitions.

You may find out more about the drive here.

I have tried msdos, fat16 and auto.

These have worked for me....

Code:

/etc/fstab entries (at some time, but not together)....

# Entry for /dev/sdd1 :

UUID=19B0-35D4 /media/NOKIA vfat umask=0,user,noatime,flush 0 0



#Entry for  /dev/sdd1 :

UUID=19B0-35D4 /media/nokia vfat fat=16,defaults,user,nosuid,noauto 0 0



#Entry for  /dev/sdd1 :

UUID=19B0-35D4 /media/nokia msdos defaults,fat=16,user,nosuid,noauto 0 0

Notice they all have "user" access.

Some of the args in fstab when changed may negate other args.

man fstab

Quote:

DESCRIPTION
The file fstab contains descriptive information about the various file systems.
fstab is only read by programs, and not written; it is the duty of the system admin‐
istrator to properly create and maintain this file. Each filesystem is described on
a separate line; fields on each line are separated by tabs or spaces. Lines starting
with '#' are comments. The order of records in fstab is important because fsck(8),
mount(8), and umount(8) sequentially iterate through fstab doing their thing.

ref. http://unixhelp.ed.ac.uk/CGI/man-cgi?fstab+5
wiki http://en.wikipedia.org/wiki/Fstab

regards Glenn

I've tried msdos, vfat and auto in fstab...

cat /etc/mtab

Code:

/dev/sdc1 /mnt/usb msdos ro,noexec,nosuid,nodev 0 0



/dev/sdc1 /mnt/usb vfat ro,noexec,nosuid,nodev 0 0



/dev/sdc1 /mnt/usb vfat ro,noexec,nosuid,nodev 0 0

So what I have to do now?

How old is this drive ? It may just be broken...

I buy it 4 months ago, and I'm just trying to to know if it's corrupted or not...

any other suggetion because I dont think that's a good idea to buy a flash disk every 4 months...

hi, ro means read only.(in fstab)

see what happens if you change ro to user or rw.

Quote:

ro
Mount read-only.
rw
Mount the filesystem read-write. Again, using this option might alleviate confusion on the part of new Linux users who are frustrated because they can't write to their floppies, Windows partitions, or other media.

wiki http://en.wikipedia.org/wiki/Fstab

Another thing you could try....

Make sure the disk is loaded in the system.

change to the root directory and

ls -la

it should output a list of files.

to be sure , to be sure.

WARNING! "removes files recursively throughout the directories."

then once you're sure it is the right drive.... type and execute as root....

rm -rf *.*

That command is very dangerous with root priv. It removes files recursively throughout the directories, if any, then removes the directories too!...

cheers, Glenn

you may have a trojan on there, mbr?

sorry, thanks any way
and there is a virus in it, like i mentioned in the title..

That's OK. I forgot you mentioned the virii.

rm -rf will remove it.

Once you have fstab organised it should be a piece of cake.

I do this all the time on winxp boxes, not so much usb sticks.

Then I would zero the drive as suggested by our learned friend above.

A handy tool is to have a live Linux distro on a CD-ROM or a flash stick.

I have found Mepis and Slax (respectively) really useful for these tasks.

regards Glenn

I want to continue with this thread instead to create another.

I have the same problem, and try all your tips, but all the solutions have the same thing, the USB is detected as Write protected since you plug it, the dmesg show:

sd 3:0:0:0: [sdb] Write Protect is on

So, commands like dd, fdisk, mount and others always show a warning

The device is write protected.

And nothing can be donde, so i think that the solution could be something like:

1.- Plug the drive
2.- Eject ($eject /dev/sdb)
3.- ¿?

I need your help?

Extra: Or my memory raise the all the read/write cycles.

OPPS almost wrote this.
If you can't format it try to partition it.

It seems to be damaged beyond repair. Does any other flash drive work correctly.

Yes, i have other USB pen drive and works fine, and i plug others (friends and family), and also works.