goscuter1
asked on
Taking back permissions at the console when flattening corrupted systems fails to allow recovery..?
Hi, I've been trying to crawl out of corruption forever it seems. I lose permissions on my systems at the same time that I install the OS - whether it's a Windows variation, Linux distribution or even MacOS. They seem to be infecting each other as brand new systems are instantly corrupted.
I just discovered this Microsoft tool (subinacl.exe) which is represented as a solution, but a batch file run as BUILTIN Administrator which should take the permissions back, merely induces a lot of Access Denied messages - along with the permissions it claims to change:
onivfxz49v2m3tleahfa.png
But perhaps more importantly, it doesn't change any permissions at all. Just like Aaron's Stubner's utilitities for removing .NET Frameworks (which seem to be installed 'cleanly' onto new systems with Genuine Windows)...I can run the commands back to back for the same results. Nothing is ever removed. Nothing is ever changed, I don't think...
l470vyrjv6o9h11vqo6i.png
I suspect my paravirtualised installations onto 'bare metal' aren't quite - I think I might be installing over the top of something like that, but how it gets onto brand new computers is beyond me.
What are my options here? I hope I have some ;( - thanks if you're able to help me out..!!
I just discovered this Microsoft tool (subinacl.exe) which is represented as a solution, but a batch file run as BUILTIN Administrator which should take the permissions back, merely induces a lot of Access Denied messages - along with the permissions it claims to change:
onivfxz49v2m3tleahfa.png
But perhaps more importantly, it doesn't change any permissions at all. Just like Aaron's Stubner's utilitities for removing .NET Frameworks (which seem to be installed 'cleanly' onto new systems with Genuine Windows)...I can run the commands back to back for the same results. Nothing is ever removed. Nothing is ever changed, I don't think...
l470vyrjv6o9h11vqo6i.png
I suspect my paravirtualised installations onto 'bare metal' aren't quite - I think I might be installing over the top of something like that, but how it gets onto brand new computers is beyond me.
What are my options here? I hope I have some ;( - thanks if you're able to help me out..!!
Any problem with Linux or OSX ?
What comand line you give to subinacl? WinSXS is owned by LocalSystem and Administrator has no power over it (starting Vista/2008)
What comand line you give to subinacl? WinSXS is owned by LocalSystem and Administrator has no power over it (starting Vista/2008)
ASKER
Thank you both for your responses and I apologise for not being able to return until now, but I'm in a real mess here - getting online is a mammoth ordeal.
Definitely infected with the EFI partitions on all machines very close to identical and very corrupted. Converting the disks to MBR has no affect, the hundreds of "UNKNOWN" modules and drivers in /proc and /sys corrupt literally everything (I cannot burn a clean CD/DVD - all my internal and external cd-rom drives flash hundreds of "The CDROM has a bad block" warning messages...USB flash drives are corrupted instantly, even before they are mounted...removable SD cards and the like don't fare any better).
I am experiencing almost identical symptoms on laptops and desktops (and Android phones) regardless of what OS is installed; I've tried Windows 7 (all variants), Windows Server 2008, XP....about 40 Linux distributions with the only helpful ones being PCLinuxOS and OpenSuSE (Novell have an INTEL Firmware Developer test, which all my systems fail badly)....and I have a MacBook Air running Lion 10.7.2 which is impossible to clean (mounting the EFI partition with rEFIt, shows some shocking stuff with SMBIOS and unexplainable Thunderbolt / Bluetooth drivers with hundreds of "UNKNOWN" entries).
Wiping the hard drives with shred or dd in Linux doesn't do a thing because either the corruption is write-protected on the disks or it's located somewhere else, and not on my hard drives. I believe the latter is the case, because I've booted into grub with no drives (at all) connected to my machines.
Flashing my INTEL desktop boards with their respective .bio files from INTEL.com claims to flash all the images successfully, but then when the BIOS loads up, not a single thing has changed - including the concerning note that "Intel Integrator Toolkit has modified this BIOS.
I've assembled brand new systems almost exclusively with INTEL components (i7 processors, desktop or Atom boards, INTEL SSDs etc) then taken the new system directly to a random hotel straight after assembly at the stores (obviously to separate them from the corrupted machines) and when I boot up the new systems, they're corrupted. "CMOS Checksum errors" - all sorts of issues with Resume / Powercfg - and the same corrupted EFI carnage as all the rest.
I've even installed onto a new SSD at 37,000 feet in the air, corrupted instantly by the controllers in my laptop.
Booting Microsoft pressed Windows 7 discs and hash-verified Windows Developer preview ISOs, onto brand new drives or machines, gives the same error messages every time:
An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
The following boot-start or system-start driver(s) failed to load:
3ware
adp94xx
adpahci
adpu320
amdsata
amdsbs
amdxata
arc
arcsas
atapi
b06bdrv
bfad
dam
ebdrv
EhStorClass
EhStorTcgDrv
elxfcoe
elxstor
HpSAMD
iaStorV
iirsp
intelide
isapnp
LSI_FC
LSI_SAS
LSI_SAS2
LSI_SCSI
LSI_SSS
megasas
MegaSR
mvumis
nfrd960
nvraid
nvstor
pciide
ql2300
ql40xx
sbp2port
SiSRaid2
SiSRaid4
stexstor
storflt
storvsc
viaide
vmbus
vsmraid
VSTXRAID
Wd
WdBoot
(these all load with Linux distributions, regardless of anything I enter on the kernel command line)
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-20
Process 644 (\Device\HarddiskVolume2\W
Definitely infected with the EFI partitions on all machines very close to identical and very corrupted. Converting the disks to MBR has no affect, the hundreds of "UNKNOWN" modules and drivers in /proc and /sys corrupt literally everything (I cannot burn a clean CD/DVD - all my internal and external cd-rom drives flash hundreds of "The CDROM has a bad block" warning messages...USB flash drives are corrupted instantly, even before they are mounted...removable SD cards and the like don't fare any better).
I am experiencing almost identical symptoms on laptops and desktops (and Android phones) regardless of what OS is installed; I've tried Windows 7 (all variants), Windows Server 2008, XP....about 40 Linux distributions with the only helpful ones being PCLinuxOS and OpenSuSE (Novell have an INTEL Firmware Developer test, which all my systems fail badly)....and I have a MacBook Air running Lion 10.7.2 which is impossible to clean (mounting the EFI partition with rEFIt, shows some shocking stuff with SMBIOS and unexplainable Thunderbolt / Bluetooth drivers with hundreds of "UNKNOWN" entries).
Wiping the hard drives with shred or dd in Linux doesn't do a thing because either the corruption is write-protected on the disks or it's located somewhere else, and not on my hard drives. I believe the latter is the case, because I've booted into grub with no drives (at all) connected to my machines.
Flashing my INTEL desktop boards with their respective .bio files from INTEL.com claims to flash all the images successfully, but then when the BIOS loads up, not a single thing has changed - including the concerning note that "Intel Integrator Toolkit has modified this BIOS.
I've assembled brand new systems almost exclusively with INTEL components (i7 processors, desktop or Atom boards, INTEL SSDs etc) then taken the new system directly to a random hotel straight after assembly at the stores (obviously to separate them from the corrupted machines) and when I boot up the new systems, they're corrupted. "CMOS Checksum errors" - all sorts of issues with Resume / Powercfg - and the same corrupted EFI carnage as all the rest.
I've even installed onto a new SSD at 37,000 feet in the air, corrupted instantly by the controllers in my laptop.
Booting Microsoft pressed Windows 7 discs and hash-verified Windows Developer preview ISOs, onto brand new drives or machines, gives the same error messages every time:
An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
The following boot-start or system-start driver(s) failed to load:
3ware
adp94xx
adpahci
adpu320
amdsata
amdsbs
amdxata
arc
arcsas
atapi
b06bdrv
bfad
dam
ebdrv
EhStorClass
EhStorTcgDrv
elxfcoe
elxstor
HpSAMD
iaStorV
iirsp
intelide
isapnp
LSI_FC
LSI_SAS
LSI_SAS2
LSI_SCSI
LSI_SSS
megasas
MegaSR
mvumis
nfrd960
nvraid
nvstor
pciide
ql2300
ql40xx
sbp2port
SiSRaid2
SiSRaid4
stexstor
storflt
storvsc
viaide
vmbus
vsmraid
VSTXRAID
Wd
WdBoot
(these all load with Linux distributions, regardless of anything I enter on the kernel command line)
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-20
Process 644 (\Device\HarddiskVolume2\W
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
My answer points out all problems there could be.
No - subinacl works exactly as expected (the errors in pictures), BUILTIN\Administrator has to take ownership from BUILTIN\LoacalSystem to change WinSXS. But the massive disk problem (with 20 drivers) is caused by problem in hardware, not by actual approach to Windows.
No - subinacl works exactly as expected (the errors in pictures), BUILTIN\Administrator has to take ownership from BUILTIN\LoacalSystem to change WinSXS. But the massive disk problem (with 20 drivers) is caused by problem in hardware, not by actual approach to Windows.
Split between:
http:#37232273
http:#37225019
Also Linux and Windows Network Security have no relevance to the subject of question
http:#37232273
http:#37225019
Also Linux and Windows Network Security have no relevance to the subject of question
I don't know what virus would change as much as it looks like you're trying to fix, but I suspect anything is possible.
You may want to systematically scan and isolate your servers one at a time to figure out where this is coming from.