My Power Shadow 2.8.2 is already registered!

I saved the sector to diffrent files
then compared files.

 

By always I mean whether u leave the update option checked or unchecked.
I used in the beginning of its thread here. As I am no more using it, doesn,t matter if it was modified. Though I believe it wsa not, as I downloaded form its official site.

 

Official release powershadow-tw.exe (v2.6) from www.powershadow.com, and yes ShadowSetting.exe tried to connect out evertime. I don't care if it check update or phoning home, HIPS blocked everything but ShadowService.exe and SnpShot.sys, boot menu only.

 

Thanks, I use three different differs. (say that fast three different times ).

Mike

 

How u know HIPS blocked every thing?
Even if it is blocked, this behaviour by the software is wrong esp when they put an place to to check/ uncheck update option.

 

Actually I would worry more about 2.6 than 2.8 2.8 isn't set up for English use. The web site doesn't offer it. Their support told me that 2.8 isn't available in English. The forum ,which is about in a coma ,mentions a Beta 2.9. I asked about it with no response. I have 2.6 on one computer and 2.82 on the other. Both are locked down by firewall and SSM. In all reality doesn't most software access the net at some point? And has anyone been able to verify that something sinister is going on with this program. If someone does then it is time to really worry.

 

Sure , HIPS blocks EVERYTHING (at least in the case of PS ); or why we use HIPS?
Maybe someone developes PS wana know the exact IP of users.
Really a bug here, I do hope they can fix it in the next generation.
But not "evil" or "sinister" anyhow.

 

Why not use a disk hex editor and pre-populate sector 15 with some random stuff, or just like version 2.6, we can all use the same info in sector 15?

I will test that and see what happens... later.

Mike

 

OK. Let me try . See what will happen.

 

[Off Topic]
While I was looking at sector 15, just for the heck of it, I started looking at other sectors.
Found when Norton Ghost 2003 stores its stuff and my serial number in sector 62!
[/Off Topic]

Mike

 

No other data except all zeros on sector 15:

 

Cool... My WinHex will not allow write, so I had to use HxD http://www.mh-nexus.de/ Cool program.

Now, can you try to put data back into your sector 15 using MY sector 15 data, and then try running PS 2.8.2 to see if it says it is Registered?

Mike

 

Your post reminds me of something happened before:
I once uninstalled PS V2.6 (registered), pretty "clean" IMO ; but when reinstall it a few days later, I found PS is "automatically" registered even without registeration code!
But, the V2.6 doesn't write anything in sector 15 on HD .......

As I know, the most important part of PS is "SnpShot.sys" located in "X:\WINDOWS\system32\drivers" , which is very hard or impossible to uninstall & erase. So, I suppose the information about PS user might be saved in that file or somewhere in system registry.

I quite doubt it is a "privacy" threat, but just "uninstallation problem".

 

Hi mitchelson

Did you try to remove it from Safe Mode at all? Did it not load?

I'm just curious why that single driver file gave you so much difficulty, and yes, often times a driver will hang on tight untill you cut the strings that are holding it lodged in the registry. I know it can be a pain, some apps gave me fits untill i got my hands on the right tools to close them down with.

 

Hi, folks: According my collection. Removing SnpShot.sys is very tricky. Any normal removal method will not rid of it easily. If you try to delete it or alter it in Safe Mode, system crash may be the result. My source of info indicates the reason is that this drivers is for boot start. I am no expert, just relaying info I have collected, hoping to lend some helping hands.

 

Thanks Perman, it's very useful info you offer. I'm gonna wanna have a stab at this again myself. Theres a way to change BOOT start to MANUAL or DISABLE but i'll have to play with my tools to find it again. If and when i do i'll post it for others who run into this. No sense experiencing the dreaded system crash if you can prevent it, thats for sure.

 

Thanks Easter, Perman and michelson. I'm getting to know more about this app than I intended. I still like what it does and this discussion is leading to a better understanding of its inner workings. Easter, I will definitely keep a copy of your SnpShot.sys file removal procedure if and when you post it.

I long for the days when I just knew about a firewall, AV and AS. I guess those are just simple and easy and that was what drew me to PS. Except I have 2.8.2 rather than the 2.6 'popular' English version. If only I had a friend from China.

 

You can probably find snpshot.sys in Device Manager (in Non-Plug and Play drivers section) with "Show hidden devices" checked but if not, you can disable it with a util called pserv.

http://p-nand-q.com/download/pserv_cpl.html

 

Some discussion of the hidden data here (in Chinese)

http://www.luckerer.com/read.php?tid=109646&fpage=4

 

Yes PS reserves the sectors on the hard disk to save registration data incase of format and reinstall and so cut back on support.

Looks harmless.

 

What did you mean? You're gonna translate it?

 

I have the translation for version 2.8.2 installed along with the application. Somebody here at Wilders posted the translation files from Chinese to English. The files/links are somewhere here in one of the PS posts. I can find them if you want. What I meant was that I would like to know more about this particular version which has more Chinese users. It seems not many people here at Wilders have the 2.8.2 version.

In other words I jumped the gun installing this version (even though it works fine) thinking that many others here were running it. Completely my fault. But in fact, they were still running the 2.6 version happily. I just wanted some reassurance that the program was safe and was working well on many computers. The only way I can get that information would be from an English speaking person from China.

Edit: Here is the link to the thread. See post #10 https://www.wilderssecurity.com/showthread.php?t=172533

 

I assume this is their english forum, http://powershadow.freeforums.org/

Any links to their official chinese forum?

 

http://www.powershadow.com/
I guess you could select the proper language and then navigate to the forum from there. The English forum is very new and the last time I checked it was very slow.