What processes or services does Windows 7 Home Premium use to create a HarddiskVolumeShadowCopy? I know that Windows 7 backup does this but are there other automated Windows 7 processes that do this? Is there any way to disable these or make them manual?
I have a problem with NIS 2011 alerting to a possible Boot.Bootlock.B infection with an identified file of HarddiskVolumeShadowCopy#.
This initially blocked the Windows 7 backup early in the process and manually running Windows 7 backup reproducibly produced the NIS 2011 block and alert.
I was able to complete the Windows 7 backup successfully by shutting off NIS 2011 and turned off backup. However, I still get the same alert about once after booting. I suspect this is some other Windows 7 restore or backup function that is running automatically but would like to confirm this and, if possible, either turn it off or make it a manual process rather than automatic.
I think this is a false positive alert because I have run several AV scans (NIS 2011, MalwareBytes, TDSSKiller, esagelab Bootkit Remover) that don't find anything. The NIS 2011 claims to have removed the file but doesn't put anything in quarantine.
Using Windows 7 Home Premium SP1 fully updated
Appreciate any help on this.