My Power Shadow 2.8.2 is already registered!

I restored my Ghost image to my system.

It (the Ghost Image) never had PS 2.6 or 2.8.2 installed. (There is not a C:\WINDOWS\system32\shadow folder.)

I just installed PS 2.8.2 from sendspace (https://www.wilderssecurity.com/showpost.php?p=966939&postcount=519 see 2nd link)

The readme.txt in the zip file details on how to install and change it to English.

The 3rd step in the readme.txt says...

But, when I ran c:\system32\shadow\ShadowSetting.exe, it says "Registered Version"... I do NOT have to "register with any name and email address".

I did install PS 2.8.2 a few weeks ago, and I did "register with any name and email address" at that time.

The restored Ghost image was before I had even heard of PS!

So, I can only guess PS hides something somewhere on the harddisk... ADS? No, I ran Sysinternals RootkitRevealer and it found nothing.

Mike

 

My 250GB harddisk is partitioned like this:

1. Primary - 16M - W98 - FAT
2. Primary - 60G - XP - NTFS
3. Primary - 10G - Linux - Ext3
4. Logical - 47M - BootMagic - FAT
5. Logical - 168G - Data - NTFS

After I restored my Ghost image (before PS) to the 60G partition and I then installed FD-ISR and created the Secondary snapshot.

After six different tests of Copy/Update from Secondary -> Primary, I have determined FD-ISR does not do a complete restore of the Primary snapshot.

Or, somehow PS 2.8.2 has hidden some data in other hidden? areas of the harddisk.

I also installed COMODO FW and set to the absolute max, and no popups when I run ShadowSetting!

Mike

 

I know that PowerShadow hides some marks in the reserved hard drive sector
(Sorry I can't remember the exact position)

 

Yep, I noticed this a while back and posted in the big PS thread.

There are a couple of posts regarding mine on page 22 post No541.
https://www.wilderssecurity.com/showpost.php?p=971335&postcount=541

 

Side 0 Track 0 Sector 14 or 15... IIRC saw some posts in Chinese with screen shot.
Maybe exist only on v2.8.2, saw nothing in these sectors on v2.6.

 

Oh yes, I also have CRS (can't remember stuff ) sometimes... I think.

I have/did read "the big PS thread", but CRS must of got me again.

When you say "from my saved apps cd", that cd is just .zip/.exe files... the apps are not installed?

I find it strange if PS does "hides some marks in the reserved hard drive sector", that some members here on Wilders would of called it spyware and would have dropped it like a hot potato!

I will still use PS 2.6 2.8.2, but there will always be the thought it is doing something sneaky.

Mike

 

OH, thank you... thank you!

Mike

 

Maybe I have been reading too many posts here at Wilders, but I am starting to freak out about the PS 2.8.2 hidden stuff.

I am very seriously considering zeroing my harddisk and starting all over from scratch... I can not even trust my Ghost images.

I ran Rootkit Unhooker, but it only found regular stuff... probably because it is only checking my active partition?

How can a person be 100% sure no crap has been hidden someplace on the harddisk?

Mike

 

Sounds scary!

 

Never used PS but in general has always been a concern of mine too.

Doubts were raised with me by some posters about SSM some months ago which turned it would seem to be 'a disparaging' on the technical side rather than anything sinister.

All I can judge is by the experience and knowledge of the contributors here. If I discern they are experts in their field or of a certain 'standing' here at Wilders and they use the program then I too feel more comfortable. No coincidence that for a long while I only used programs in the main that had their official forums here. If I couldn't trust Wilders then truly I was lost

Comes down to your own peronal levels of paranoia versus trust which is never easy when you read everything here, as you say.

 

Yup, that is what I am struggling with.

I sure hope someone that knows how to find the hidden PS 2.8.2 data shows up and explains what the uck it is! (One of those scary someones... the kind that keep their check box in HEX!)

I wonder if there is any program that would of warned me before the hidden "stuff hit the fan"?

Mike

 

If there is something hidden, it is well hidden. I have run GMER, IceSword and Rootkit Unhooker . Can't find anything. Ran HiJack this too.

 

I have multiple partitions, and I am guessing PS 2.8.2 "stores" whatever in a different partition than where I have XP Pro installed... maybe??

So, all the tools to find hidden stuff, do they only look in the current partition?

Also, my 1st primary partition is a W98 boot partition (that is hidden from XP) and it has 2K clusters. The MBR is 512 bytes... so maybe PS hides stuff after the MBR??

I am just do a wild guess about where PS has hidden stuff.

Mike

 

I only have one partition so I don't know where it could hide. But I guess anything is possible.

 

Thanks to idle.newbie and WinHex here is the data in sector 15...

Next thing, can I just change it all back to zero's?

Mike

 

Did you download and run WinHex? I couldn't even find the cost in dollars.

 

Per http://www.x-ways.net/winhex/index-m.html...

 

If in fact, that is the PS 2.8.2 hidden data, what "security" program can actually prevent/stop/warm me that PS (or any program) is trying to write someplace outside of my drive C: ?

Mike

 

Looks like i'm in the clear since i never seen any real need to step over to 2.8.2 from my present 2.6. All this suspicion makes the wary queezy but i doubt something hidden is going to jump off the disc and bite.

I'm not making light of what's being mentioned but really, aside from PS carving a placement to disc has your machine malfunctioned at all or bluescreened? Simple solution is if it proves too demanding or exhibits hints of privacy compromise, is to completely uninstall it and never bother with it again.


Again, i can't argue up or down one way or the other about V2.8.2 and any hidden data concerns, but i been using 2.6 since day one here and my conscience is at perfect peace with it. I think the hidden data matter is an overreaction and can be reasonably explained by the devs or someone close to them. Otherwise, if you feel apprehensive that it's a threat to your security or system performance just uninstall it and zero your drive to clear away any remnants of code from it.

 

My first reaction about PS 2.8.2 was, how dare them! But after researching, I have almost settled on it is probably not that big of a deal.

I have also learned ALOT about where data can be hidden.... See Data Hiding Tactics for Windows and Unix File Systems

I have also discovered some SUPER programs: WinHex and IceSword.

Pete, please think "outside the box"... wonder what other programs have also hidden data on my harddisk?

I simply should of had a choice to accept or not accept this behavior!

Easter, please think "outside the box"... wonder what other programs have also hidden data on my harddisk?

Would your first reaction be upset? But, after your research, be more knowledgeable and maybe less concerned?

Will SSM Free or ? stop/prevent/warn/ask me about this kind of hidden data?

EDIT...

Here is the PS 2.8.2 install process...

1.) run 'powershadow_ch_2.8.2.exe'
2.) it wants a reboot
3.) The XP menu (boot.ini) now has three choices instead of one
4.) choose the first/normal XP choice and login
5.) run 'ShadowSetting.exe' and choose Register
6.) provide any name and any emal addy
7.) PS tries to phone home... if block by firewall, it just waits and waits and ...
8.) allow phone home

I am not sure of when the hidden data is written to sector 15... during step #1, step #2, step #5, step #6, step #7, or step #8 ?

Mike

 

Hi, folks: I checked Chinese d/l site re: PS v.2.82. The site warned that there is a plug-in w/ program. The plug-in is the instruction of installation. Could this one be the hidden data?

 

Could an install monitor such as Total Uninstall help in ascetaining any hidden objects?

Total Uninstall

 

I'm also curious about this topic. I couldn't use version 2.6 so I had to go with 2.8.2. I felt kinda uncomfortable installing the program with all Chinese prompts. It could be because I don't speak Chinese. The program installed and ran great. Also, despite me unchecking the option for finding updates, Shadowtip.exe tried to connect to the internet a few times.

Seriously, If anyone can read Chinese, what is the plug-in thing about? Perman, what did you mean by "The plug-in is the instruction of installation."?

I understand that security software hides stuff everywhere. Trust me, I still have Nortons' crap everywhere. If anyone is running verson 2.8.2 could you give us some reassurances. I'm not bashing this product, I just want to know that everything is cool with it.

Thanks, innerpeace

 

Do you remember if ShadowSettings.exe tried to connect when you entered a name and a email during registration? I had to allow it when I first installed PS 2.8.2 a few weeks ago.

Would you be comfortable running WinHex on your hard drive and see what you have stored in your sector 15? PLEASE do not try if you are in the least bit uncomfortable!

Mike