?
Solved

Taking back permissions at the console when flattening corrupted systems fails to allow recovery..?

Posted on 2011-10-07
14
Medium Priority
?
793 Views
Last Modified: 2013-12-04
Hi, I've been trying to crawl out of corruption forever it seems. I lose permissions on my systems at the same time that I install the OS - whether it's a Windows variation, Linux distribution or even MacOS. They seem to be infecting each other as brand new systems are instantly corrupted.

I just discovered this Microsoft tool (subinacl.exe) which is represented as a solution, but a batch file run as BUILTIN Administrator which should take the permissions back, merely induces a lot of Access Denied messages - along with the permissions it claims to change:

onivfxz49v2m3tleahfa.png

But perhaps more importantly, it doesn't change any permissions at all. Just like Aaron's Stubner's utilitities for removing .NET Frameworks (which seem to be installed 'cleanly' onto new systems with Genuine Windows)...I can run the commands back to back for the same results. Nothing is ever removed. Nothing is ever changed, I don't think...

l470vyrjv6o9h11vqo6i.png

I suspect my paravirtualised installations onto 'bare metal' aren't quite - I think I might be installing over the top of something like that, but how it gets onto brand new computers is beyond me.

What are my options here? I hope I have some ;( - thanks if you're able to help me out..!!  
0
Comment
Question by:goscuter1
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 36955396
Do you know for certain you are infected with something?  Has it been sandboxed?

I don't know what virus would change as much as it looks like you're trying to fix, but I suspect anything is possible.

You may want to systematically scan and isolate your servers one at a time to figure out where this is coming from.

0
 
LVL 62

Expert Comment

by:gheist
ID: 36958714
Any problem with Linux or OSX ?


What comand line you give to subinacl? WinSXS is owned by LocalSystem and Administrator has no power over it (starting Vista/2008)
0
 

Author Comment

by:goscuter1
ID: 37224984
Thank you both for your responses and I apologise for not being able to return until now, but I'm in a real mess here - getting online is a mammoth ordeal.

Definitely infected with the EFI partitions on all machines very close to identical and very corrupted. Converting the disks to MBR has no affect, the hundreds of "UNKNOWN" modules and drivers in /proc and /sys corrupt literally everything (I cannot burn a clean CD/DVD - all my internal and external cd-rom drives flash hundreds of "The CDROM has a bad block" warning messages...USB flash drives are corrupted instantly, even before they are mounted...removable SD cards and the like don't fare any better).

I am experiencing almost identical symptoms on laptops and desktops (and Android phones) regardless of what OS is installed; I've tried Windows 7 (all variants), Windows Server 2008, XP....about 40 Linux distributions with the only helpful ones being PCLinuxOS and OpenSuSE (Novell have an INTEL Firmware Developer test, which all my systems fail badly)....and I have a MacBook Air running Lion 10.7.2 which is impossible to clean (mounting the EFI partition with rEFIt, shows some shocking stuff with SMBIOS and unexplainable Thunderbolt / Bluetooth drivers with hundreds of "UNKNOWN" entries).

Wiping the hard drives with shred or dd in Linux doesn't do a thing because either the corruption is write-protected on the disks or it's located somewhere else, and not on my hard drives. I believe the latter is the case, because I've booted into grub with no drives (at all) connected to my machines.

Flashing my INTEL desktop boards with their respective .bio files from INTEL.com claims to flash all the images successfully, but then when the BIOS loads up, not a single thing has changed - including the concerning note that "Intel Integrator Toolkit has modified this BIOS.

I've assembled brand new systems almost exclusively with INTEL components (i7 processors, desktop or Atom boards, INTEL SSDs etc) then taken the new system directly to a random hotel straight after assembly at the stores (obviously to separate them from the corrupted machines) and when I boot up the new systems, they're corrupted. "CMOS Checksum errors" - all sorts of issues with Resume / Powercfg - and the same corrupted EFI carnage as all the rest.

I've even installed onto a new SSD at 37,000 feet in the air, corrupted instantly by the controllers in my laptop.

Booting Microsoft pressed Windows 7 discs and hash-verified Windows Developer preview ISOs, onto brand new drives or machines, gives the same error messages every time:

An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

The following boot-start or system-start driver(s) failed to load:
3ware
adp94xx
adpahci
adpu320
amdsata
amdsbs
amdxata
arc
arcsas
atapi
b06bdrv
bfad
dam
ebdrv
EhStorClass
EhStorTcgDrv
elxfcoe
elxstor
HpSAMD
iaStorV
iirsp
intelide
isapnp
LSI_FC
LSI_SAS
LSI_SAS2
LSI_SCSI
LSI_SSS
megasas
MegaSR
mvumis
nfrd960
nvraid
nvstor
pciide
ql2300
ql40xx
sbp2port
SiSRaid2
SiSRaid4
stexstor
storflt
storvsc
viaide
vmbus
vsmraid
VSTXRAID
Wd
WdBoot

(these all load with Linux distributions, regardless of anything I enter on the kernel command line)

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-2068104854-2561093263-2801869144-1000:
Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2068104854-2561093263-2801869144-1000\Software\Microsoft\Windows\DWM


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points
ID: 37225019
Intel SSD - you need to load a new firmware (since you use LiveCD Linux does not reach the problem)

i7 - you need a fresh CPU microcode, preferably from BIOS, because windoes has none, Linux loads it anyway so it works

CMOS error - you need new CMOS battery if it appears after prolonged mains disconnection

Even your first post illustrates "common use", the rest gives a lot of suspicion that you have a hardware/firmware related issue - i would reset BIOS to very defaults after flashing.

Given you mentioned MacOS - are you attempring to install Windows on a MAC? You have to use BootCamp.

If you intend to keep Linux area please post "dmesg" text from installed Linux.
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 1000 total points
ID: 37232273
There seems to be a common element that is causing you these problems. and you have to start isolating things down.
are you using the same cdrom drive to install the software?


Possible common items -- bad power supplies, bad local power (unlikely but possible), bad ram, high rf environment.
If you take a known working system into your build environment and totally isolated from the network does the machine start exhibiting the bad behaviour?

If you add a drive after initializing the drive does the machine now show bad behaviour?
change out the ram from the good system and replace it with a bad system, on the good system does it work ok?

What you needed is a known working good system to start your troubleshooting.
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 38040043
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 62

Expert Comment

by:gheist
ID: 38040044
My answer points out all problems there could be.

No - subinacl works exactly as expected (the errors in pictures), BUILTIN\Administrator has to take ownership from BUILTIN\LoacalSystem to change WinSXS. But the massive disk problem (with 20 drivers) is caused by problem in hardware, not by actual approach to Windows.
0
 
LVL 62

Expert Comment

by:gheist
ID: 38041169
Split between:

http:#37232273
http:#37225019

Also Linux and Windows Network Security have no relevance to the subject of question
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question