Ok now problem has JUMPED to different snapshots

Discussion in 'FirstDefense-ISR Forum' started by Horus37, Jun 11, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I now have my other snapshot exhibiting the same problem as the one that i installed the hp software into. That means that this HP software has now trashed through both powershadow AND FDISR. IMPOSSIBLE I thought! What in the heck is going on here? Someone like Peter should check this to see if what I'm experiencing is unique to just me. My system was totally virgin and newly rebuilt and ran perfect before installing this hp software. I think I'm screwed. Luckily I have some offline snaps to fall back on on an external usb hard drive. THink I'll have to secure erase my hard drive. I might try to find a free partition manager and see what it says about any hidden partition. Stupid hp....Funny thing is that hp says in order to get rid of their hidden partition you must install the software then run it and select remove hidden partion. Was hoping to avoid that. You'd think a Darik's nuke boot disc would be enough. Guess not. And NO I don't have data anchoring on and never did.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Hi Horus

    I'll pass on this one, but based on an experience I had, you might get some idea's. I was/am beta testing KAV, and one weekend, my computer started acting all trashy. I booted to my secondary and refreshed my primary from an archive. Booted back and next thing I new I was still trashed. Then booted to secondary and it was trashed. I then restored an image I knew was good, and again both snapshots were trashed. Can you see me pulling out hair.

    Culprit was a driver that KAV was self updating. Driver was corrupt, so no matter what I did once KAV updated that driver that snap was toast. Solution was do a restore with cable modem off, set update to manual and live happily ever after.

    Hopefully this might help you figure out what is gong on.

    Pete
     
  3. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    Well I am surprised this happened and all I wanted to do was look at the gui of the software. I never even executed the software to make a backup. All that is required is to install the software and it automatically created a hidden partition during install. I installed then uninstall the product before rebooting even once and still I'm having this problem. Thats one for the record books. This software I don't think is trying to auto update. It's trying to assign a new drive letter to a hidden recovery partition. Well there you have it. Best to run an anti executable and ssm or similar in addition to powershadow and FDISR since those have now been taken down. I had to have my security software off to install the product in the firt place so all I had was powershadow running inside an FDISR snapshot thinking if something went wrong I could just copy update over it. No such luck now. Darik nuke boot disc and partition magic here I come.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Image Horus Image. This is why you image.
     
  5. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I would think this is some kind of ultimate test for even an imaging program. In about 3 hours I'll tell you if an image works or not. I'm betting that only the hp disk partition removal utility is the only thing that will get rid of it. People have complained over on hp related forums that even a restored image leaves the partition intact so they are forced to use only the proprietary uninstall utility provided by hp. Interesting don't you think? Another thing that can survive an image restore.
     
    Last edited: Jun 11, 2007
  6. EASTER.2010

    EASTER.2010 Guest

    You are very wise to have planned ahead with that. It's just way too risky anymore to not have images/snapshots/archives to turn back to again because when you least expect it something CAN go haywire.

    I was messing (researching) with a virus last night w/ no PS or SSM and fired it up completely in a snapshot and what did it do? Upon reboot a quick flash of a bluescreen and then immediately reset the computer back to BIOS screen over and over again repeatedly. Could not even access ANY snapshots and almost went to my backup Archives on another internal disc but decided as a last resort to try Paragon's CD Recovery and it saved the day. The virus fudged the MBR but the Recovery CD set things right again. Couldn't even get to safe mode. Next time i examine that junk will be on my test computer. WHEW! I highly sympathize with your HP situation, doesn't look good at all.
     
  7. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    Yes time to break out the external archives. Interestingly I have some old FDISR DVD archives I copied over the bad hp snapshot and even with that accomplished without errors from a copy/update I still get the dreaded popup messages that state that new hardware was found and system settings have been changed and that I need to reboot. This appears as the first thing that happens when I boot up no matter what snapshot I use, and where it's from and even if I copy over it with known good archives. So that confirms it. HP %$@# it up for everyone. Glad I found out that something can breach powershadow. I'll never use it again to test software alone. I'll have to see if VMware can contain it. Anyone want to test it in a VM to see if it an also breach vmware?
     
  8. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    @Horus.

    Not quite sure why you are surprised at what has happened. You are saying that HP partitioned your C drive into "a resized C drive" and an HP "Hidden partition" Then you wonder why FDR cant operate properly.

    Surely the point is that FDR just cant see or recognise the drive that it works on...namely "C" When your snapshots or archives last saw that drive, it was a lot bigger, and now when it comes to copy/update it looks to be a different drive altogether and is probably totally confused.

    HP is known for taking control of peoples systems with their installation software, but that is very bad.

    It is asking a lot of FDR to recognise an unknown C drive though.
     
  9. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    Well this isn't malware but a very well known and used program from HP. However the real surprise is it leaked out of a powershadow mode. So partitioning is the achiles heel of these types of software then I guess. I don't remember FDISr stating in it's manual not to partion the hard drive or else FdISR won't work. There should be a list of known issues with using FDISR that can break it if attempting to copy update from another partition. Removing a hidden partition is one thing that will fail.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My actual image backup software is ATI and I'm trialing ShadowProtect.
    When I restore an image of ShadowProtect, I also get messages of new hardware in both FDISR-snapshots, but those messages disappear when I keep on using ShadowProtect.
    Also my ATI-schedules didn't work anymore due to testing ShadowProtect, because ATI didn't recognize the source anymore.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I don't think that necessarily should be an issue. When I was beating up on ShadowProtect, I did stuff, like shrinking partition, adding partitions, and shrinking the partition and moving to the back of the disk. None of this affected FDISR at all.

    Pete
     
  12. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    Problem still persists after a fresh secure wipe of the drive, creation of a partion, formatting and reinstall of windows then installing an FDISR archive. I still get these new popups and such stating windows has found new hardware and system settings have changed and I need to reboot.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    FDISR only works on the c: drive partition, as is so stated. You can partition the hard drive no problem. My new THinkpad tablet has the IBM hidden partition, and FDISR works fine, ON the c: drive. No it can't and wasn't designed to remove other partitions.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I wonder if ATI uses VSS, and there is a clash with the two programs using VSS
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    See my post in the other forum about this. On the hp site it describes using the F11 key at boot for recovery of the system. Ergo, not much of a surpise it is installing a hidden partition.

    I think if I were to install that program, however, I'd uninstall FDISR, install it, and then reinstall FDISR. Necessary... I don't know. But I would feel it safer.

    Pete
     
  16. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I obtained powerquest partition table editor and I ran it in native xp without going into dos and the GUI shows only 1 partition. Supposedly this application can detect another hidden partition while in xp on the fly. I see only 1 partition. Since you have a legit true hidden partition on your ibm thinkpad why don't you download powerquest partition table editor and run it and see if it can detect yours while running inside xppro? http://mirror.href.com/thestarman/tool/FreeTools.html#PARTINFO No it doesn't need a reboot once you install it.
     
  17. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Horus37

    I bought the tablet for a specific purpose, and any and all testing of this type is off limits on that machine. However as I noted in one of the other posts, ShadowProtect not only saw the hidden partition, it imaged it, and also I could have restored it.

    Your problem may be a slightly damaged partition table.

    Pete
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I can't answer that question due to lack of knowledge, but I'm not surprised that this happened and in a normal situation, I wouldn't use two image backup softwares at the same time, because of possible conflicts.

    My actual problem is that I ordered ShadowProtect on 2007.06.08 and Storecraft doesn't want me to give a serial number until I have paid, which I did with my visa card.
    Any other company gave me a serial number on the SAME day, I bought it with my visa card, except StorageCraft. I guess they don't trust visa. :rolleyes:
     
  20. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I think I know an answer. Newer HP machines place the MBR on the HP recovery partition. I had to delete the recovery partition in order to get some of my proggies to work properly. Not a very good idea unless you have a good backup system :(

    SourMilk out
     
  21. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    Well if new hp's have the MBR inside the hidden partition that sounds like trouble. I'll have to ask if that's what happens when you install this software. Perhaps it SHIFTS the mbr inside the hidden partition during install. I'll have to ask them if that's the case. Either way i'd like to know if during an image creation with imaging software, you'd have to image this hidden area for your computer to work right.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    First, Horus you ever going to tell me where you got this HP software that caused all the trouble.

    Second. The mbr and partition table can't be "inside" the hidden partition, they are in the first track of the disk. If someone had a problem with some software, thats another issue.

    Also I just bought an Lenovo think pad which uses the same kind of dopey hidden partition. I image the disk with shadow protect and it made a separate image of each partition. I just restored the c: drive, but the hidden image was also there to be restore if I chose to.

    Pete
     
  23. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    It's now official that ver 2.6 of powershadow does NOT protect the MBR as per powershadow website admin.

    Told you I broke it. :D
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    As I replied in the other thread of course you broke it. You'll break 2.82 and returnil or anything like them the same way if you install something that modifies the partition table, while these programs are in shadowmode. Try it again when you get 2.82, but image first.
     
Thread Status:
Not open for further replies.