Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft® Volume Shadow Copy Service Legit?

  • This topic is locked This topic is locked
3 replies to this topic

#1 cheb


  • Members
  • 61 posts
  • Gender:Male
  • Local time:04:49 PM

Posted 18 August 2016 - 09:53 PM

Microsoft® Volume Shadow Copy Service is it legit?


i have to keep disabling foreign Isatap tunneling adapters intruders

and so i


>press view show hidden devices


alot to catch them


in doing so i noticed alot of "Storage Volume Shadow copies"



they contain many hidden "Generic Volume Shadow Copy"


i trust a site called "Herd Protect" to verify files are legit sometimes.


so i checked vssvc.exe




problem is it could be an uninfected vssvc.exe ?


i don't like to delete much in win32 folder but am suspicious of the dates files claim to be 2006 lol this cpu is alot younger!


and other dates keep reoccurring


 should i delete these or is it risky to window restores etc?


also i don't understand partitions if anybody can clarify

Edited by Platypus, 18 August 2016 - 10:57 PM.
Moved to AII forum at request of Malware Team member

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,757 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:49 AM

Posted 19 August 2016 - 10:25 AM

What antivirus are you running?
Have you run a scan with it since suspecting that the vssvc.exe may be malware?
Please run Malwarebytes AntiMalware
Please download Malwarebytes Anti-Malware
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
3)  Click on Settings, you will see a image like the one below.
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
5)  When the scan is complete the results will be displayed.  Click on Delete All.
6)  Please post the Malwarebytes log.
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 19 August 2016 - 10:26 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#3 cheb

  • Topic Starter

  • Members
  • 61 posts
  • Gender:Male
  • Local time:04:49 PM

Posted 20 August 2016 - 03:59 PM

hello Arachibutyrophobia 


thank you for your reply and help.


I use Panda Antivirus Pro right now. 


I have already tried most avs out there so trying out Panda now.


I am receiving help from Nasdaq on original issues please check my posts.


Thanks Appreciate it.

#4 hamluis



  • Moderator
  • 56,412 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:49 AM

Posted 21 August 2016 - 08:13 AM

You have an open malware topic in MRL:  http://www.bleepingcomputer.com/forums/t/623662/suspected-sophisticated-rootkit .  Any questions or suspicions regarding malware should be brought up in that topic, rather than beginning a new one here.


Until that topic is completed, I request that you not initiate any new topics regarding this computer system.


This topic is closed to avoid confusion.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users