Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VSSAdmin.exe question


  • Please log in to reply
8 replies to this topic

#1 Moe_P

Moe_P

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:19 AM

Posted 20 November 2015 - 04:34 PM

I see on the main page that it says this should be disabled, , I am running Win 8.1 64bit and I checked and I have about 10 of them, Is this something I should be concerned about ?

Attached File  VAAS_3.jpg   175.49KB   0 downloads

Attached Files


Edited by Moe_P, 20 November 2015 - 04:46 PM.

Moe_P


BC AdBot (Login to Remove)

 


#2 Moe_P

Moe_P
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:19 AM

Posted 20 November 2015 - 04:38 PM

Mistake

Attached Files


Edited by Moe_P, 20 November 2015 - 04:47 PM.

Moe_P


#3 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:12:19 AM

Posted 20 November 2015 - 04:42 PM

to make a screen capture, hold Alt  and press Print Scrn, that puts the screenshot into memory (called the 'clipboard'). Then open MS Paint and paste the image. Save that and use it.


Edited by yu gnomi, 20 November 2015 - 04:43 PM.


#4 Moe_P

Moe_P
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:19 AM

Posted 20 November 2015 - 04:48 PM

Got it it's in post #1,I use MWsnap


Edited by Moe_P, 20 November 2015 - 04:49 PM.

Moe_P


#5 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:12:19 AM

Posted 20 November 2015 - 05:20 PM

I know little about vssadmin, so I am not sure if your situation is unusual or not. 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 AM

Posted 20 November 2015 - 05:44 PM

This is normal. Let me finish my Fractal in Guild Wars 2 and I'll explain :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 AM

Posted 20 November 2015 - 05:51 PM

Alright so yes it is normal to have multiple vssadmin.exe (I'm not counting the vssadmin.exe.mui files) on your system. In fact, it's normal to have multiple copy of all your payload files (system files). Reason being that the WinSxS folder is what we call the "Component store". This is where Windows stores all the original copies of the system files and also every new update that you install, which contain payload files will be stored there as well. Windows will then copy the payload where it belongs (like in C:\Windows\system32) and link it to the copy in the Component store. This is why when you run SFC, corrupt files gets repaired (if the copy in the store is intact), and they don't get repaired (if the copy in the store is also corrupt). You should never touch any files in the WinSxS folder (or the Windows folder for that matter).

More explanations on the WinSxS folder can be found at the link below.

https://support.microsoft.com/en-us/kb/2795190

If you want to "disable" vssadmin.exe, you should do it for the ones in System32 and Syswow64, not WinSxS.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Moe_P

Moe_P
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:01:19 AM

Posted 20 November 2015 - 06:59 PM

Thank you Aura, not sure I understand all that but I take it I should just leave them alone, just curious as to why that is on the main page.


Moe_P


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 AM

Posted 20 November 2015 - 07:02 PM

You're supposed to run the batch script in the article to disable it properly :) No need to do anything manually.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users