windows - command executed when a folder is opened
2014-07
Questioner
once a wise man told to me that every folder contains a file autorun.inf (not sure about the name but properties are same as autorun.inf) and he changes the codes of the file to execute a batch script(batch script is present in the same directory) which generally delets a specified file in another directory. I was not able to find such files in any of my folder.
so the question is- "is there any such file with such properties in every folder" or in general is this possible if YES then how?
Adnan
I think you're talking about desktop.ini not autorun.inf (You're correct, by the way. They both have the same format) and the buffer overflow vulnerability in Windows Shell, MS03-027. Yes, it made it possible to execute commands specified in the desktop.ini file in a directory upon the access of that directory. That vulnerability was patched long time ago.
Luckily for you, there's a another way, albeit more complicated and less malicious, to do that. It's called "shell custom verbs", and it works on modern systems. The idea is simple:
You create a new "verb" (action) and register it in
HKEY_CLASSES_ROOT.For the execution of your newly created verb, you need to create a WSH script and bind it to that verb using the
shell\RunAppFolder\commandWindows Register key for the verb you've created (Note: The value@in that key must be stored as a hex string).Finally, you add that verb to the
desktop.inifile in your desired folder and mark it as the default action.
edvinas.me
Modern versions of Windows have this disabled. autorun.inf used to be included in CDs by vendors and then would be read by Windows to look for a program specified in this file to run. It was mostly used for starting setup or some internal program in CD whenever it was inserted in your CD-Rom. You could control how this worked and adjust it but if I remember correctly it was on by default.
As it was abusable it got patched in 2009. I am not sure that there was ever such functionality for any folder, but I know for sure it worked for external USB drives.
In short, this is only possible on old and outdated Windows (pre 2009 feb).
You can check Microsoft security advisory regarding this here: https://technet.microsoft.com/library/security/967940
Synetech
Only the root directory of drives can execute autorun.inf and only if AutoPlay is enabled. Arbitrary folders can be customized with desktop.ini, but not made to automatically run a program when they are executed.
Maksee
When an AV found a virus on my external drive in the System Volume Information folder, I could not understand why this folder appeared there in the first place. From the logic behind System Restore there should be no cases when the system creates restore points on the removable media (except maybe manual installation of a program file there). Or I miss something and there are chances this folder would appear on any removable media one day?
8088
System Restore may also monitor the external drive. This is of course a bad idea.
A possible workaround is to assign a permanent drive letter (the higher in the alphabet the better) to the external drive via Disk Management. To access Disk Management, go to Start - Run and type diskmgmt.msc then press enter.
Right click a partition, logical drive, or volume, and then click Change Drive Letter and Paths.
Do one of the following:
- To assign a drive letter, click Add, click the drive letter you want to use, and then click OK.
- To modify a drive letter, click it, click Change, click the drive letter you want to use, and then click OK.
Now go to System properties and do:
To get rid of this protected directory from an external drive, say G:, start cmd.exe using "Run as administrator" and enter the following:
G:
cd \
takeown /r /f "System Volume Information"
Answer y for yes when asked whether to replace the permissions.
After this you can now delete the directory.