My Power Shadow 2.8.2 is already registered!

Discussion in 'sandboxing & virtualization' started by flinchlock, May 20, 2007.

Thread Status:
Not open for further replies.
  1. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I restored my Ghost image to my system.

    It (the Ghost Image) never had PS 2.6 or 2.8.2 installed. (There is not a C:\WINDOWS\system32\shadow folder.)

    I just installed PS 2.8.2 from sendspace (https://www.wilderssecurity.com/showpost.php?p=966939&postcount=519 see 2nd link)

    The readme.txt in the zip file details on how to install and change it to English.

    The 3rd step in the readme.txt says...
    But, when I ran c:\system32\shadow\ShadowSetting.exe, it says "Registered Version"... I do NOT have to "register with any name and email address".

    I did install PS 2.8.2 a few weeks ago, and I did "register with any name and email address" at that time.

    The restored Ghost image was before I had even heard of PS!

    So, I can only guess PS hides something somewhere on the harddisk... ADS? No, I ran Sysinternals RootkitRevealer and it found nothing.

    Mikeo_O
     

    Attached Files:

  2. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    My 250GB harddisk is partitioned like this:
    1. Primary - 16M - W98 - FAT
    2. Primary - 60G - XP - NTFS
    3. Primary - 10G - Linux - Ext3
    4. Logical - 47M - BootMagic - FAT
    5. Logical - 168G - Data - NTFS
    After I restored my Ghost image (before PS) to the 60G partition and I then installed FD-ISR and created the Secondary snapshot.

    After six different tests of Copy/Update from Secondary -> Primary, I have determined FD-ISR does not do a complete restore of the Primary snapshot.

    Or, somehow PS 2.8.2 has hidden some data in other hidden? areas of the harddisk.

    I also installed COMODO FW and set to the absolute max, and no popups when I run ShadowSetting!

    Mike o_O o_O o_O o_O o_O o_O o_O
     
  3. namdog

    namdog Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    42
    I know that PowerShadow hides some marks in the reserved hard drive sector
    (Sorry I can't remember the exact position)
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  5. idle.newbie

    idle.newbie Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    10
    Side 0 Track 0 Sector 14 or 15... IIRC saw some posts in Chinese with screen shot.
    Maybe exist only on v2.8.2, saw nothing in these sectors on v2.6.
     
  6. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Oh yes, I also have CRS (can't remember stuff ;)) sometimes... I think.

    I have/did read "the big PS thread", but CRS must of got me again.

    When you say "from my saved apps cd", that cd is just .zip/.exe files... the apps are not installed?

    I find it strange if PS does "hides some marks in the reserved hard drive sector", that some members here on Wilders would of called it spyware and would have dropped it like a hot potato!

    I will still use PS 2.6 2.8.2, but there will always be the thought it is doing something sneaky.

    Mike
     
    Last edited: May 21, 2007
  7. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    OH, thank you... thank you!

    Mike
     
  8. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Maybe I have been reading too many posts here at Wilders, but I am starting to freak out about the PS 2.8.2 hidden stuff.

    I am very seriously considering zeroing my harddisk and starting all over from scratch... I can not even trust my Ghost images.

    I ran Rootkit Unhooker, but it only found regular stuff... probably because it is only checking my active partition?

    How can a person be 100% sure no crap has been hidden someplace on the harddisk?

    Mike
     

    Attached Files:

    • RK.png
      RK.png
      File size:
      14 KB
      Views:
      588
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sounds scary!
     
  10. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Never used PS but in general has always been a concern of mine too.

    Doubts were raised with me by some posters about SSM some months ago which turned it would seem to be 'a disparaging' on the technical side rather than anything sinister.

    All I can judge is by the experience and knowledge of the contributors here. If I discern they are experts in their field or of a certain 'standing' here at Wilders and they use the program then I too feel more comfortable. No coincidence that for a long while I only used programs in the main that had their official forums here. If I couldn't trust Wilders then truly I was lost :D

    Comes down to your own peronal levels of paranoia versus trust which is never easy when you read everything here, as you say.
     
  11. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Yup, that is what I am struggling with. :'(

    I sure hope someone that knows how to find the hidden PS 2.8.2 data shows up and explains what the uck it is! (One of those scary someones... the kind that keep their check box in HEX!)

    I wonder if there is any program that would of warned me before the hidden "stuff hit the fan"?

    Mike
     
  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    If there is something hidden, it is well hidden. I have run GMER, IceSword and Rootkit Unhooker . Can't find anything. Ran HiJack this too.
     
  13. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I have multiple partitions, and I am guessing PS 2.8.2 "stores" whatever in a different partition than where I have XP Pro installed... maybe??

    So, all the tools to find hidden stuff, do they only look in the current partition?

    Also, my 1st primary partition is a W98 boot partition (that is hidden from XP) and it has 2K clusters. The MBR is 512 bytes... so maybe PS hides stuff after the MBR??

    I am just do a wild guess about where PS has hidden stuff.

    Mike
     
  14. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I only have one partition so I don't know where it could hide. But I guess anything is possible.
     
  15. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Thanks to idle.newbie and WinHex here is the data in sector 15... :D :D :D :D :D :D :D :D

    Next thing, can I just change it all back to zero's?

    Mike
     

    Attached Files:

  16. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Did you download and run WinHex? I couldn't even find the cost in dollars.
     
  17. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan

    Attached Files:

  18. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    If in fact, that is the PS 2.8.2 hidden data, what "security" program can actually prevent/stop/warm me that PS (or any program) is trying to write someplace outside of my drive C: ?

    Mike
     
  19. EASTER.2010

    EASTER.2010 Guest

    Looks like i'm in the clear since i never seen any real need to step over to 2.8.2 from my present 2.6. All this suspicion makes the wary queezy but i doubt something hidden is going to jump off the disc and bite. :D

    I'm not making light of what's being mentioned but really, aside from PS carving a placement to disc has your machine malfunctioned at all or bluescreened? Simple solution is if it proves too demanding or exhibits hints of privacy compromise, is to completely uninstall it and never bother with it again.


    Again, i can't argue up or down one way or the other about V2.8.2 and any hidden data concerns, but i been using 2.6 since day one here and my conscience is at perfect peace with it. I think the hidden data matter is an overreaction and can be reasonably explained by the devs or someone close to them. Otherwise, if you feel apprehensive that it's a threat to your security or system performance just uninstall it and zero your drive to clear away any remnants of code from it.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Is this really any different then programs that modify the MBR or partition table as FDISR does.. Does anyone know how to spell paranoia?:D
     
  21. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    My first reaction about PS 2.8.2 was, how dare them! But after researching, I have almost settled on it is probably not that big of a deal.

    I have also learned ALOT about where data can be hidden.... :thumb: See Data Hiding Tactics for Windows and Unix File Systems :thumb:

    :thumb: I have also discovered some SUPER programs: WinHex and IceSword. :thumb:

    Pete, please think "outside the box"... wonder what other programs have also hidden data on my harddisk?

    I simply should of had a choice to accept or not accept this behavior!

    Easter, please think "outside the box"... wonder what other programs have also hidden data on my harddisk?

    Would your first reaction be upset? But, after your research, be more knowledgeable and maybe less concerned?

    Will SSM Free or ? stop/prevent/warn/ask me about this kind of hidden data?

    EDIT...

    Here is the PS 2.8.2 install process...

    1.) run 'powershadow_ch_2.8.2.exe'
    2.) it wants a reboot
    3.) The XP menu (boot.ini) now has three choices instead of one
    4.) choose the first/normal XP choice and login
    5.) run 'ShadowSetting.exe' and choose Register
    6.) provide any name and any emal addy
    7.) PS tries to phone home... if block by firewall, it just waits and waits and ...
    8.) allow phone home

    I am not sure of when the hidden data is written to sector 15... during step #1, step #2, step #5, step #6, step #7, or step #8 ?


    Mike
     
    Last edited: May 22, 2007
  22. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I checked Chinese d/l site re: PS v.2.82. The site warned that there is a plug-in w/ program. The plug-in is the instruction of installation. Could this one be the hidden data?
     
  23. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Could an install monitor such as Total Uninstall help in ascetaining any hidden objects?
    Total Uninstall
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I'm also curious about this topic. I couldn't use version 2.6 so I had to go with 2.8.2. I felt kinda uncomfortable installing the program with all Chinese prompts. It could be because I don't speak Chinese. :D The program installed and ran great. Also, despite me unchecking the option for finding updates, Shadowtip.exe tried to connect to the internet a few times.

    Seriously, If anyone can read Chinese, what is the plug-in thing about? Perman, what did you mean by "The plug-in is the instruction of installation."?

    I understand that security software hides stuff everywhere. Trust me, I still have Nortons' crap everywhere. If anyone is running verson 2.8.2 could you give us some reassurances. I'm not bashing this product, I just want to know that everything is cool with it.:cool:

    Thanks, innerpeace
     
  25. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Do you remember if ShadowSettings.exe tried to connect when you entered a name and a email during registration? I had to allow it when I first installed PS 2.8.2 a few weeks ago.

    Would you be comfortable running WinHex on your hard drive and see what you have stored in your sector 15? PLEASE do not try if you are in the least bit uncomfortable!

    Mike
     
Loading...
Thread Status:
Not open for further replies.