Power Shadow

Thanks for the link. However why isn't the english file in the original 2.82 download file from the chinese distributor? Who created this english file?

 

Hi Horus,
Where did you find version 2.82.I can only find version 2.6.0511 on the net.

The only place I know to get 2.82 and the English folder is Espresso's link in his siggy.

 

You can find the 2.82 version from the www.powershadow.com website and enter the chinese version instead of going into the english version. Then translate the page using babelfish and go to the download cernter link at the bottom of the page. However I have yet to find an english version of the 2.82 version. You'll have to get trust the guy who built the 2.82 english version overlay I guess. I'm trying to find out who did the translation into english for the upgraded version.

 

Hey im just curious but is this download site ?

http://babelfish.altavista.com/babe...com/soft/utilitie/systems/162/411162_ds.shtml

thanks

 

I did the translation, to the best of my abilities. There is no official english version, so it's this hack job or nothing.

As for Permans FUD, what exactly would happen if the driver were unloaded? I think the worst case scenario is that the computer would freeze up and you'd have to reboot . It might leave a big temp file if you've made lots of changes but there should be no file system damage, nor any opportunity for security breaches.

 

Tucows is serving the 2.6 model which the one i am using. Here's a link if you so choose. Theres really no big difference in going to 2.82 and unless you can jockey some files to add English you probably be better off with this version anyway. Your Choice:
Tucows Mirror PS 2.6

 

However - there appear to be two different 2.6 versions: The Tucows version is not identical to the version on the PowerShadow Web site.

PowerShadow
3.62 MB (3,798,016 bytes)
http://www.powershadow.com/en/product.htm

Tucows
3.61 MB (3,789,746 bytes)
http://www.tucows.com/preview/400832

 

Running 2.6 here from the TuCows mirror with nothing of serious concern to report.

What makes this program of personal interest for my duties is that it works perfectly carefree in alongside my other security programs such as KIS6, SSM, PG, Snoopfree, etc. while doing my work.

I enter Power Shadow mode when doing research surfing for drive-by downloads where some malicious installer/downloader will occasionally alert SSM; that HIPS effectively suspends the intrusion file but offers enough information as to name and path; while suspended i hurry to that folder location and perform a cut/copy paste to my confinement folder (off-site) onto another drive, then indicate to SSM i wish to "DENY" it's entry and it's Terminated.

Now if some new creation somehow discovers and impliments a new technique that would circumvent the HIPS suspension method and subsequently attach & lodge itself to disk, it would be of no real concern because the disk is [SHADOW="white"]Shadowed[/SHADOW]
Exit/Reboot out of shadow-mode and everything becomes once again as it was immediately before entering Shadowed State, and the captured installer/downloader is safely in confinement ready to be uploaded to vendors and/or other researchers for study to better detect these creations in the future.

 

Hi All, If i start PS from desktopicon ,mainscreen appears,i click to go in shadowmode then the marvelous Wave appears and then nothing happen,thats weird cause i can't openup the mainscreen and thats normal if shadowmode is active,somewhere its playing behind the scenes i dont know,even stranger if i go to start>all prog>powershadowmaster after reboot then everything works as expected,have PS installed on three PC's same problem.

Huupi

 

I believe the version from the original site above 3.62 MB is the 30 day trial version and not the free version but I have not confirmed that yet.

Ok I just installed the 3.62 MB version from main site after uninstall of one from Tucows. I dont see any difference so far it tries to out bound connect to 210.51.168.100 to port 80 just like the Tucows version seems to be the same and yes its free as well the registration went through so I can't really say what that 9,730 bytes difference is.

 

Hi, folks: I help my next door neighbor install PS, and so far so good. Could be a keeper for him. Today, i came across some postings in Chinses forum re PS. The poster claimed that he has a problem to uninstall it completely. Here is what he says and I quote;By using PS's built-in uninstaller to delete(note: he did not mention in which mode he did this), he was able to delete most files, except snpshot.sys is still running. He tried to reboot into safe mode to delete it or tried to alter it forcefully. That would cause entire system to crash, namely, unable to reboot into normal mode or safe mode. He suspected that snpshot.sys is a boot start, and can not be deleted in safe mode. The aboved are his claim, I have no means to confirm its accuracy. Perhaps some members here are interesting in testing this. I worry that in the event, my friend needs to uninstall PS, for any reason, I may run into some problems. And sincerely hope someone can come up w/ a solution or simply dismiss this guy's claim. Have a nice day.

 

On my old computer running XP Home no problem fully deleting powershadow. On this new one, with XP Pro, no trouble at all. I used add/remove programs, then manually removed what little remained from the registry.

I deleted ps from my old one to try to upgrade to version 2.82. That computer was dying during that time, and did finally die a week or two later.

On this new computer, I installed powershadow 2.6, then removed it and installed 2.82 english version. When I saw there was no real difference, I removed 2.82 completely and reinstalled 2.6 for no particular reason. In both cases powershadow was completely removed including the snpshot.sys, and no problem resulted.

Again, this is my system. I did disable my other security software prior to the uninstalls. Not sure that made any difference. I've always disabled everything during both install and uninstalling software.

 

Hi, folks: hi chuck 57, thank you for a quick reply. Your last paragraph of post may indeed make alot sense. I will keep that in mind, and excercise that good habit if I ever be called upon to uninstall PS for him. Have a nice one.

 

I tried to confirm Post which is similar to Post mentioned by Perman. After uninstalled Power Shadow, I could find that snpshot.sys is still running by using RkUhooker however the remained snpshot.sys does not cause entire system to crash. It may be true the poster claimed that snpshot.sys cannot be uninstalled by formated the Harddisk but I have no means to confirm its accuracy. I think snpshot.sys can be removed By using dos command fdisk.

 

Keep us posted. I not run into that issue either and if i did i would use another Third-Party/Independent Driver Loader/Unloader to STOP the driver if running, and if not? Should be very simple to delete it.

You can do a SEARCH in the Registry with either your own personal reg editor program or REGEDIT and do a search for that driver name, then once that KEY/FOLDER name is found, right-click and set the permissions to FULL CONTROL and then APPLY, and then go back and delete it and other KEYS where you see for certain that driver name is found. And as always "FIRST" make sure you set a Restore Point/Registry BackUp just to be on the safe side. LoL

I find SSM of enormous value for these type matters, because sometimes a program's driver(s) is/are loaded, but after the program is finished the darn thing is still running and so you have to do a command prompt : net stop driver/service name or use a utility for that action, and even then it might be stopping....... but not completely stopped for whatever reason, that's when i need to get into the registry and remove those references to the named driver and when successful, System Safety Monitor will immediately show the Service/Driver as "REMOVED"!

 

1.Power Shadow2.82 version(Chinese Simplified) - snpshot.sys is deleted after Power Shadow was uinstalled.

2.Power Shadow2.6 version(Chinese Traditional or English) -
snpshot.sys is not deleted after Power Shadow was uninstalled.

I tried to SEARCH snpshot.sys in the Registry with REGEDIT but snpshot.sys was not found. I tried to delete snpshot.sys from c:\windows\system32\drivers\. That would cause entire system to crash, namely, unable to reboot into normal mode or safe mode. After tried to copy snpshot.sys to c:\windows\system32\drivers\, Windows was able to reboot into normal mode or safe mode.

Hi EASTER.2010, would you mind to informed me what kinds of Third-Party/Independent Driver Loader/Unloader to STOP the driver if running.

 

I have had Power shadow 2,6 installed but uninstalled it. After reading in this thread about the snpshot.sys issue, I did a search and it was found in the drivers folder. I could delete snpshot.sys manually without any problems.

 

Just caught your post. You can first verify the DRIVER is indeed in place or not and running or not with this simple Nirsoft service utility. You can also try to see if it will STOP it or not (if running) and change start-up type to DISABLED and see if it will accept the command. I have run into some that Serviwin can't handle so i turn to the next Service utility below.

SERVIWIN



SRVINSTW

Scroll down the page about halfway to Download... necessary files (43 kb)

There will be 4 files in the D/L. You need only concern with SRVINSTW.EXE. Start it and tick the circle for REMOVE A SERVICE, then press NEXT, go past the next screen by pressing NEXT again because by default it's already set for your Local Machine.

Tick the box Include Device Drivers in that next screen, scroll thru the SERVICE NAME: and look for your runaway snpshot.sys driver from PS. If it's there you'll see it clearly in that list. Click on it then press NEXT again. Now the screen will tell you it's ready to remove the driver you selected, and press FINISH!. It may now prompt you for a reboot to remove the driver and if so go ahead and restart. That should do it for you. I've work with a ton of pesty drivers that didn't want to go quietly, and like i mentioned before, you might want to examine your registry to remove any references/traces of it too.

Unrelated to Power Shadow, i just went thru a similar situation this past hour just trying to uninstall Process Guard. It left me with a bunch of SYSTEM/CurrentControlSet entries behind for me to clean up, ARGGG!

 

Go to My Computer, Properties, the Advanced tab, Environment Variables, and add a new system variable with the name "DEVMGR_SHOW_NONPRESENT_DEVICES " and a value of 1. Now opening Device Manager and choosing "Show Hidden Devices" really will show you everything.

Under Non-Plug and Play Drivers and check lighter greyed out icons for redundant drivers..

 

Hi EASTER.2010, thank you very much for your helping.

 

pserv is a good util for deleting/editing devices/services.

http://p-nand-q.com/download/pserv_cpl.html

 

Thanks for that Espresso.

Neat little app.

Notice it adds Boot and Sytem to startup types.

Have you set any services to those settings?

 

Happy to help. Hope all goes well with it for you now. LoL

 

Doesn't work for services. It's meant for devices on the next tab.

 

OK thanks again.