New
#1
What W7 Processes Create Shadow Copy?
What processes or services does Windows 7 Home Premium use to create a HarddiskVolumeShadowCopy? I know that W7 backup does this but are there other automated W7 processes that do this? Is there any way to disable these or make them manual?
I have a problem with NIS 2011 alerting to a possible Boot.Bootlock.B infection with an identified file of HarddiskVolumeShadowCopy#.
This initially blocked the W7 backup early in the process and manually running W7 backup reproducibly produced the NIS 2011 block and alert.
I was able to complete the W7 backup successfully by shutting off NIS 2011 and turned off backup. However, I still get the same alert about once after booting. I suspect this is some other W7 restore or backup function that is running automatically but would like to confirm this and, if possible, either turn it off or make it a manual process rather than automatic.
I think this is a false positive alert because I have run several AV scans (NIS 2011, MalwareBytes, TDSSKiller, esagelab Bootkit Remover) that don't find anything. The NIS 2011 claims to have removed the file but doesn't put anything in quarantine.
Using Windows 7 Home Premium SP1 fully updated
Appreciate any help on this.
Thanks.
Foreman