From: Chris Robinson 

RS wrote:

> Still, it makes me wonder how someone could not know that drive shield is
> installed and active.

At work we call them "users" :oP - they're still the same at home
apparently
;o)

>  I mean, it's kind of hard not to know what you're
> doing when a program takes a significant piece of your hard drive space.
> Plus, no matter what you do, it always reverts back to how it was before.
> So any files that he saved would always disappear.  Ah well, stranger things
> have happened.
>
> RS
>
> "Chris Robinson" 
wrote in message
> news:3F9526F1.4FB6BE8{at}NOSPAMtotalise.co.uk...
> > Fantastic!  I told my flatmate about this and he checked for it next time
> he
> > went to look at the PC (today).  He found DriveShield installed and
> uninstalled
> > it - the problem is now sorted.  I guess there's always a simple
> explaination to
> > these things.
> >
> > Thanks again,
> > Chris.
> >
> > RS wrote:
> >
> > > That's very odd; where I work we have to deal with a lot of students
> using
> > > computers.  Most of them are fairly computer illiterate, but there's
> always
> > > the few who get kicks out of finding a way to get admin
access to delete
> > > registry files, install viruses and such.
> > >
> > > To fix this problem, the computer center bought a nice little program
> called
> > > Drive Shield (http://www.centuriontech.com/driveshield.htm).  An
> interesting
> > > point about drive shield is that once it's activated, you
can't find it.
> > > The program folder that it's in is not just set to hidden; the OS just
> can
> > > not find it.  The process that runs DS will also never be
displayed.  So
> > > users will never know that it's there, but it's always running.  This
> sucker
> > > basically takes a "snapshot" of the computer when
it (the program) is
> > > activated.  Once activated even changes made by administrators on the
> > > computer will revert back to the original settings when it's rebooted.
> You
> > > might have your friend check to make sure that the guy never
downloaded
> and
> > > ran something like this on his computer.
> > >
> > > --RS
> > >
> > > Also, if they managed to do this without the program, please let me
> know.
> > > It'd be nice not to have to pay for a license for drive shield if
> there's a
> > > simple (and free) alternative.
> > >
> > > "Chris Robinson"
 wrote in message
> > > news:3F8FA704.17AB77C{at}NOSPAMtotalise.co.uk...
> > > > This is the strangest problem I've ever seen on a PC. 
The PC belongs
> to
> > > > my flatmate's brother and runs Windows 2000 service pack 2.  His
> brother
> > > > called him up yesterday to say he was having a strange
problem.  He
> said
> > > > that whenever he reeboots his PC it goes back to how it
was before (a
> > > > GREAT description there :oP).
> > > >
> > > > Anyway, my friend went over to have a look at it and here's what
> > > > happens:
> > > >
> > > > - You boot up the PC and it boots into Windows with no problems.
> Let's
> > > > call the state it's in after boot (all files/ folders/
settings etc)
> > > > state A.
> > > > - Whatever you now do to the system, like install/
uninstall software/
> > > > apply Windows service packs/ delete files, when you
reboot it will
> > > > return to state A with any deleted files returing, any installed
> > > > programs not there anymore etc.
> > > >
> > > > First off, let me tell you that the system has a 30Gb
Hard Drive.  5Gb
> > > > is for the Windows partition and the other 25Gb is a seperate
> partition
> > > > for data.  Both are fairly full (the Windows drive only
had about 38Mb
> > > > free when my frend went around to look at it).  Here's
what he did:
> > > >
> > > > - Booted the system.  Uninstalled AVG6 and installed
AVG7, making sure
> > > > all registry entries/files for AVG6 were gone
comletely.  Ran a full
> > > > VirusScan of the system and found some Virus's that he said were
> > > > "non-major" ones.  AVG removed them
completely.  He disabled system
> > > > restore/ hibernation features.  He then cleared over
1.5Gb of temp
> > > > files/ crap from the Windows drive and defragged the
system (which
> took
> > > > 1/2hr or so).  He then deleted about 1Gb of data files
from the other
> > > > partition as a test (these were backed up onto CD).
> > > > - So, after doing this, he reboots the system.  Guess what?  It
> returns
> > > > exactly to state A - the virus's are back, AVG6 is back
with no trace
> of
> > > > AVG7, the 2.5Gb of deleted files had returned and the
drive was as
> > > > fragmented as before.  Strange huh?  He also mentioned
there was no
> > > > major hard disk activity upon reboot (so some app
wasn't restoring an
> > > > image each time - and where would it store the data anyways?)...
> > > >
> > > > I mean, you start to think that it's some kind of
problem with data
> > > > being written to the disk (i.e. it's not being!) but
can this happen
> on
> > > > this scale?  Is it possible that there's some kind of
program lurking
> > > > that makes Windows think it's performing write
operations to the disk
> > > > but isn't?
> > > >
> > > > The strangest thing is that he's tried it all in safe
mode with the
> same
> > > > effect.  Also, the defragging bit's odd because he saw
it defrag and
> > > > there was hard disk activity when it was defragging
(like there should
> > > > be).  I've suggested trying a tool like Eraser to
completely wipe some
> > > > files whilst in Windows and see if they return but I
think they would
> by
> > > > the sounds of things because it appears that they're not actually
> being
> > > > deleted in the first place!
> > > >
> > > > Has anyone ever seen this kind of thing before?  I know
there are 3rd
> > > > party devices that can do this (I think NEC make one
that restores an
> > > > image on each boot) - but this is a PC that my flatmate
built from
> > > > scratch.
> > > >
> > > > Chris....
> > > >
> > > >
> > > >
> >

--- BBBS/NT v4.01 Flag-5