Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft® Volume Shadow Copy Service Legit?


  • This topic is locked This topic is locked
3 replies to this topic

#1 cheb

cheb

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 18 August 2016 - 09:53 PM

Microsoft® Volume Shadow Copy Service is it legit?

 

i have to keep disabling foreign Isatap tunneling adapters intruders

and so i

 

>press view show hidden devices

 

alot to catch them

 

in doing so i noticed alot of "Storage Volume Shadow copies"

 

 

they contain many hidden "Generic Volume Shadow Copy"

 

i trust a site called "Herd Protect" to verify files are legit sometimes.

 

so i checked vssvc.exe

 

http://www.herdprotect.com/vssvc.exe-a646ec7a7aafbe14eeea1c3149ecadd0ddfbe39a.aspx

 

problem is it could be an uninfected vssvc.exe ?

 

i don't like to delete much in win32 folder but am suspicious of the dates files claim to be 2006 lol this cpu is alot younger!

 

and other dates keep reoccurring

 

 should i delete these or is it risky to window restores etc?

 

also i don't understand partitions if anybody can clarify


Edited by Platypus, 18 August 2016 - 10:57 PM.
Moved to AII forum at request of Malware Team member


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:00 PM

Posted 19 August 2016 - 10:25 AM

What antivirus are you running?
 
Have you run a scan with it since suspecting that the vssvc.exe may be malware?
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 19 August 2016 - 10:26 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 cheb

cheb
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 AM

Posted 20 August 2016 - 03:59 PM

hello Arachibutyrophobia 

 

thank you for your reply and help.

 

I use Panda Antivirus Pro right now. 

 

I have already tried most avs out there so trying out Panda now.

 

I am receiving help from Nasdaq on original issues please check my posts.

 

Thanks Appreciate it.



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:00 PM

Posted 21 August 2016 - 08:13 AM

You have an open malware topic in MRL:  http://www.bleepingcomputer.com/forums/t/623662/suspected-sophisticated-rootkit .  Any questions or suspicions regarding malware should be brought up in that topic, rather than beginning a new one here.

 

Until that topic is completed, I request that you not initiate any new topics regarding this computer system.

 

This topic is closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users