![]() |
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
![]()
I'm doing a complete system scan at the moment (AVIRA is my AV). I'm
doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf .... back in the olden days ... Britain was entirely made of wood and lit by one enormous candle, tended by the Queen - Steven Moffat, Radio Times, 24-30 July 2010 |
Ads |
#2
|
|||
|
|||
![]()
In message , "J. P. Gilliver
(John)" writes: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... Hmm. Done so; it seems to be something to do with System Restore, or similar. And at least one other person encountered it while doing a system scan - though no-one (that I've found so far) has explained either (a) why it's popping up at random, or (b) why, if it's a Microsoft thing anyway, it says it hasn't been checked. (AVIRA finished a scan, and is now doing another one - or, is scanning a different part of the system. It says it's found 2 "Detections", the last being "HTML/Rce.Gen", which it says isn't very dangerous. I can't ask it what the other one is - could be just the EICAR test virus which I know I have on here somewhere and is by definition harmless. Avira says 24.3% done on this pass.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf .... back in the olden days ... Britain was entirely made of wood and lit by one enormous candle, tended by the Queen - Steven Moffat, Radio Times, 24-30 July 2010 |
#3
|
|||
|
|||
![]()
Avira forums, HoopleHead.
"J. P. Gilliver (John)" wrote in message ... In message , "J. P. Gilliver (John)" writes: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... Hmm. Done so; it seems to be something to do with System Restore, or similar. And at least one other person encountered it while doing a system scan - though no-one (that I've found so far) has explained either (a) why it's popping up at random, or (b) why, if it's a Microsoft thing anyway, it says it hasn't been checked. (AVIRA finished a scan, and is now doing another one - or, is scanning a different part of the system. It says it's found 2 "Detections", the last being "HTML/Rce.Gen", which it says isn't very dangerous. I can't ask it what the other one is - could be just the EICAR test virus which I know I have on here somewhere and is by definition harmless. Avira says 24.3% done on this pass.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf ... back in the olden days ... Britain was entirely made of wood and lit by one enormous candle, tended by the Queen - Steven Moffat, Radio Times, 24-30 July 2010 |
#4
|
|||
|
|||
![]()
The Window's service "Volume Shadow Copy" is a built-in service that
enables the operating system to copy files that would otherwise return the error : "Access Denied - File in use by another process" (or similar) when a file is "locked" by another program or the OS itself. As has been quite rightly mentioned - it is indeed used by "System Restore", but is by no means limited to only this. It is also used by "NT Backup" and any third-part programs that have been written to utilize the Volume Shadow Copy service, such as ERUNT.exe (reg backup for NT (google ERUNT for more on this)). == Cheers, Tim Meddick, Peckham, London. :-) "J. P. Gilliver (John)" wrote in message ... I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf ... back in the olden days ... Britain was entirely made of wood and lit by one enormous candle, tended by the Queen - Steven Moffat, Radio Times, 24-30 July 2010 |
#5
|
|||
|
|||
![]()
In message , Harden Thicke
writes: Avira forums, HoopleHead. 1. I don't do "forums". 2. This isn't just Avira. "J. P. Gilliver (John)" wrote in message ... In message , "J. P. Gilliver (John)" writes: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) [] -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf Squawk Pieces of eight! Squawk Pieces of eight! Squawk Pieces of nine! SYSTEM HALTED: parroty error! |
#6
|
|||
|
|||
![]()
In message , Tim Meddick
writes: The Window's service "Volume Shadow Copy" is a built-in service that enables the operating system to copy files that would otherwise return the error : "Access Denied - File in use by another process" (or similar) when a file is "locked" by another program or the OS itself. As has been quite rightly mentioned - it is indeed used by "System Restore", but is by no means limited to only this. It is also used by "NT Backup" and any third-part programs that have been written to utilize the Volume Shadow Copy service, such as ERUNT.exe (reg backup for NT (google ERUNT for more on this)). [] Thanks for the more intelligent response than the other idiot. What puzzles me a o Why did it (only) pop up when I was doing a scan? (I have - and use occasionally - ERUNT, and it doesn't then.) o Why does it see it as new hardware? o I checked, and I already had restore points (going back to I think November 7 - certainly from before I did the scan), so why hadn't it popped up when it did those. o I checked in Device Manager, and (once I'd turned on show hidden) I already had the phantom drives (I forget the wording used) that are involved. -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf Squawk Pieces of eight! Squawk Pieces of eight! Squawk Pieces of nine! SYSTEM HALTED: parroty error! |
#7
|
|||
|
|||
![]()
I'm afraid I just can't answer that, it's a question more about your
Anti-Virus / Anti-Malware program than about the WinXP OS! But the fact is that the Volume Shadow Copy Service has always been a feature of NT systems - set to automatic start by default. I would question the effectiveness of my Anti-Virus / Anti-Malware software if such a genuine element of the Window's OS is being returned as in any way bogus by it! Such behaviour of "spotting" viruses / malware where there isn't any is a feature of Malware itself..... (An example of this below...) http://blogs.technet.com/b/mmpc/arch...ssentials.aspx == Cheers, Tim Meddick, Peckham, London. :-) "J. P. Gilliver (John)" wrote in message ... In message , Tim Meddick writes: The Window's service "Volume Shadow Copy" is a built-in service that enables the operating system to copy files that would otherwise return the error : "Access Denied - File in use by another process" (or similar) when a file is "locked" by another program or the OS itself. As has been quite rightly mentioned - it is indeed used by "System Restore", but is by no means limited to only this. It is also used by "NT Backup" and any third-part programs that have been written to utilize the Volume Shadow Copy service, such as ERUNT.exe (reg backup for NT (google ERUNT for more on this)). [] Thanks for the more intelligent response than the other idiot. What puzzles me a o Why did it (only) pop up when I was doing a scan? (I have - and use occasionally - ERUNT, and it doesn't then.) o Why does it see it as new hardware? o I checked, and I already had restore points (going back to I think November 7 - certainly from before I did the scan), so why hadn't it popped up when it did those. o I checked in Device Manager, and (once I'd turned on show hidden) I already had the phantom drives (I forget the wording used) that are involved. -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf Squawk Pieces of eight! Squawk Pieces of eight! Squawk Pieces of nine! SYSTEM HALTED: parroty error! |
#8
|
|||
|
|||
![]() "J. P. Gilliver (John)" wrote in message ... In message , Harden Thicke writes: Avira forums, HoopleHead. 1. I don't do "forums". You're a lazy HoopleHead. 2. This isn't just Avira. "J. P. Gilliver (John)" wrote in message ... In message , "J. P. Gilliver (John)" writes: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) [] -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf Squawk Pieces of eight! Squawk Pieces of eight! Squawk Pieces of nine! SYSTEM HALTED: parroty error! |
#9
|
|||
|
|||
![]()
In message , Tim Meddick
writes: I'm afraid I just can't answer that, it's a question more about your Anti-Virus / Anti-Malware program than about the WinXP OS! But the fact is that the Volume Shadow Copy Service has always been a feature of NT systems - set to automatic start by default. I would question the effectiveness of my Anti-Virus / Anti-Malware software if such a genuine element of the Window's OS is being returned as in any way bogus by it! No, not at all: the AV didn't object to it at all. It's just that, while running an AV scan, (a) the "new hardware found" thing popped up twice, (b) when I told it (the new hardware thing) to proceed to the next stage, it (again, the normal Windows self-protecting thing) said that what I was about to allow - i. e. the driver it had found for this phantom new hardware - wasn't Microsoft signed. That latter is particularly puzzling, this Shadow Copy thing being as you have explained part of the system. (From what I found on line, others get the same thing, though.) Such behaviour of "spotting" viruses / malware where there isn't any is a feature of Malware itself..... [] (No, that wasn't what was happening.) (FWIW all AV found were two instances of some HTML code that matched some Trojan.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf The fool doth think he is wise, but the wise man knows himself to be a fool. |
#10
|
|||
|
|||
![]()
Ah, I understand you now..... I also have experienced this and similar
sorts of behaviours. I'm afraid, again, I have no explanation at the moment for it. This is because it hadn't happened to me recently, and I have to be able to reproduce the sequence of events that lead to getting a particular errormessage in order for me to investigate it. This is so I can then query the system to which processes are involved and what software/hardware conflicts may be happening. I can only do such things while the error is "in progress". But I will certainly keep it in mind so that if it ever happens on my system again, I will attempt to identify it's cause for you..... == Cheers, Tim Meddick, Peckham, London. :-) P.S. I must assure you, however, again, that the service "Volume Shadow Copy" or VSS (Volume Snapshot Service) is definitely a normal part of every version of Windows since WinXP Service Pack 2 and Server 2003. "J. P. Gilliver (John)" wrote in message ... In message , Tim Meddick writes: I'm afraid I just can't answer that, it's a question more about your Anti-Virus / Anti-Malware program than about the WinXP OS! But the fact is that the Volume Shadow Copy Service has always been a feature of NT systems - set to automatic start by default. I would question the effectiveness of my Anti-Virus / Anti-Malware software if such a genuine element of the Window's OS is being returned as in any way bogus by it! No, not at all: the AV didn't object to it at all. It's just that, while running an AV scan, (a) the "new hardware found" thing popped up twice, (b) when I told it (the new hardware thing) to proceed to the next stage, it (again, the normal Windows self-protecting thing) said that what I was about to allow - i. e. the driver it had found for this phantom new hardware - wasn't Microsoft signed. That latter is particularly puzzling, this Shadow Copy thing being as you have explained part of the system. (From what I found on line, others get the same thing, though.) Such behaviour of "spotting" viruses / malware where there isn't any is a feature of Malware itself..... [] (No, that wasn't what was happening.) (FWIW all AV found were two instances of some HTML code that matched some Trojan.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf The fool doth think he is wise, but the wise man knows himself to be a fool. |
#11
|
|||
|
|||
![]()
But none can beat YOU for being a hooplehead, thick. If you're this lonely,
you need help you won't find around here! In , Harden Thicke typed: "J. P. Gilliver (John)" wrote in message ... In message , Harden Thicke writes: Avira forums, HoopleHead. 1. I don't do "forums". You're a lazy HoopleHead. 2. This isn't just Avira. "J. P. Gilliver (John)" wrote in message ... In message , "J. P. Gilliver (John)" writes: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) [] -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf Squawk Pieces of eight! Squawk Pieces of eight! Squawk Pieces of nine! SYSTEM HALTED: parroty error! |
#12
|
|||
|
|||
![]()
In ,
J. P. Gilliver (John) typed: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... Have you tried any of the many spyware and malware programs around? Search back on this group for recommendations or simply ask the question for whiich ones people use. Avira, IMO is only mediocre in itis reliability and tends to false positives IME, which are still repeatable in my last testing of it. It wants to delete a legtimate setup.exe which lives in an unexpected folder and that's the ONLY reason it wants to delete it. I notified them, they agreed wtih me, promised to fix it, and never did. AVG or AVAST are a couple decent freebies you can try out for AV work that's better than Avira. There are other freebie AV programs too and a good chance some will pipe in to offer their suggestions, same as with malware detectors. Having read all your reponses to date here, it sounds very much like you have malware aboard. Regardless of how "safe" you think you are with surfing, there are just too many ways to become infected; safe hex alone just won't do it. A good firewall (ZoneAlarm?), a good AV package (not Avira) and good malware detectors are the "norm" for protection. Some will claim that programs like Super AntiMalware & such are all that's needed; don't beleive them. Many programs may catch many of them, but no single program yet will catch all of them; there are just too many of them and increasing every day. HTH, Twayne` |
#13
|
|||
|
|||
![]()
In ,
J. P. Gilliver (John) typed: I'm doing a complete system scan at the moment (AVIRA is my AV). I'm doing it after a restart, because my email-and-news software (Turnpike, quite old) behaved oddly once or twice. It may have nothing to do with that fact, but twice a "new hardware found" popup has appeared, and when I let it proceed to the point where it tells me what the new hardware actually is, it has said "Generic volume shadow copy". (I cancel it at that point.) I haven't added any new hardware (it's a netbook, with nothing plugged into it other than the power supply at the moment). I _have_ added a "subst" into my startup sequence, but that was a few days ago, and the popups have only appeared on this session. Any idea what it is? It _sounds_ as if it just might be malware, but I'm fairly careful, and have never had any in decades of computing. (Avira says it's done 41.3% - scanned 47215 objects - so far, and not found anything.) I'll just go to Google it ... Generic Volume Shadow Copy is a windows program that allows the backing up/manipulation of files that are "in use" by taking a snapshot of them. Most archiving, backup and imaging programs require it in order to work. It is a service that should be started automatically every time you boot up unless you are an expert at manipulating its use. Check to see if it's set to "automatic" under Services. Unless the file is a phony, no AV or malware program should find it. If it's a phony, it was placed there by malware. Or the original file was overwritten with the phony. WinPatrol Says: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. and the executable is at: C:\WINDOWS\System32\vssvc.exe .... Administrative Tools; Services will open a window in XP where you can start/stop the service, and set whether it starts "automatic", "Manual" or Never. I don't give a path for the admin tools because the user can change it after it's installed. Search your boot drive for vsssvc.exe if necessary. Check to see that it's set to "automatc" and that the setting sticks (stays after a Restart). HTH, Twayne` |
#14
|
|||
|
|||
![]()
In message , Tim Meddick
writes: Ah, I understand you now..... I also have experienced this and similar sorts of behaviours. I'm afraid, again, I have no explanation at the moment for it. This is because it hadn't happened to me recently, and I have to be able to reproduce the sequence of events that lead to getting a particular errormessage in order for me to investigate it. This is so I can then query the system to which processes are involved and what software/hardware conflicts may be happening. I can only do such things while the error is "in progress". But I will certainly keep it in mind so that if it ever happens on my system again, I will attempt to identify it's cause for you..... [] Thanks. Don't go out of your way - I was just curious as to: 1. what it was (I know more or less now) 2. why it suddenly popped p as "new hardware found", despite the fact that I already had several restore points so it must have already been present to make them; 3. why, when it does pop up, the OS itself (not my AV) says it's not "Microsoft signed" or whatever. -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf If vegetarians eat vegetables,..beware of humanitarians! |
#15
|
|||
|
|||
![]()
In message , Twayne
writes: [] Having read all your reponses to date here, it sounds very much like you Are you sure you have done so, because: 1. it is not my AV, but the OS's own trap, that is objecting. You know how when you add new hardware, and the system asks for a driver, and you load the driver that came with it, as often as not you get a popup warning you that said driver is not "Microsoft signed" or something like that. What was happening was that - despite not having added any new hardware - the "new hardware found" thing was popping up (saying the new hardware was this "... shadow copy"), and when I let it find drivers for it, the "not signed" box popped up. 2. I already had several restore points present; presumably the shadow copy thing must have already been there in order to make those. So why is it popping up again? [] just won't do it. A good firewall (ZoneAlarm?), a good AV package (not I have a firewall (plus what's in the routers of course). Avira) and good malware detectors are the "norm" for protection. Some will claim that programs like Super AntiMalware & such are all that's needed; don't beleive them. Many programs may catch many of them, but no single program yet will catch all of them; there are just too many of them and increasing every day. Agreed. (How many of each [AV, firewall, detector] - and which ones - do _you_ run?) HTH, Twayne` (Why the lines at the end?) -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)[email protected]+Sh0!:`)DNAf If vegetarians eat vegetables,..beware of humanitarians! |
|
Thread Tools | |
Display Modes | |
|
|