1.    29 Mar 2016 #1
    Join Date : Dec 2015
    UK
    Posts : 9
    Windows 10

    An abriviation I'm not familiar with? SVC?


    Hi there,

    I've been trying to recover a family members files after they fell victim to the new .locky Ransomware - After managing to recover some files using Recuva I went looking for some further reading on the subject.

    I came across the page linked below and on it a commenter said:
    "Windows 7 has shadow files. Too bad those files are corrupt because of the LOCKY virus ... but ... we were able to recover those files with RECUVA, restore them and start SHADOWEXPLORER and go back 6 days to recover a shadowcopy from the lost data folder. In the end we recovered about 99% of lost files !"

    Someone replied with:
    "That's great news. So to be clear, you use recuva to restore an old SVC and then used that to restore the files?"

    It was this that had me interested and confused...Anyone know what the SVC is?

    This of course was on a page pertaining to networks and could be something to do with that and therefore has no relevance to home users.

    Thanks in advance.

    http://www.bleepingcomputer.com/news...etwork-shares/
      My ComputerSystem Spec
  2.    29 Mar 2016 #2
    Join Date : Oct 2014
    Arnold, MD
    Posts : 29,554
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by lukeshoe1993 View Post
    Hi there,

    I've been trying to recover a family members files after they fell victim to the new .locky Ransomware - After managing to recover some files using Recuva I went looking for some further reading on the subject.

    I came across the page linked below and on it a commenter said:
    "Windows 7 has shadow files. Too bad those files are corrupt because of the LOCKY virus ... but ... we were able to recover those files with RECUVA, restore them and start SHADOWEXPLORER and go back 6 days to recover a shadowcopy from the lost data folder. In the end we recovered about 99% of lost files !"

    Someone replied with:
    "That's great news. So to be clear, you use recuva to restore an old SVC and then used that to restore the files?"

    It was this that had me interested and confused...Anyone know what the SVC is?

    This of course was on a page pertaining to networks and could be something to do with that and therefore has no relevance to home users.

    Thanks in advance.

    http://www.bleepingcomputer.com/news...etwork-shares/
    Possibly Shadow Volume Copy. (AKA Restore Point) Not really sure. But the way they are talking, files can be restored individually by "mounting" a restore point and picking thru with Explorer. A program I have used to explore a Restore Point (Shadow Copy) is System Restore Explorer. Download System Restore Explorer - MajorGeeks
      My ComputersSystem Spec
  3.    29 Mar 2016 #3
    Join Date : Dec 2015
    UK
    Posts : 9
    Windows 10
    Thread Starter

    Quote Originally Posted by f14tomcat View Post
    Possibly Shadow Volume Copy. (AKA Restore Point) Not really sure. But the way they are talking, files can be restored individually by "mounting" a restore point and picking thru with Explorer. A program I have used to explore a Restore Point (Shadow Copy) is System Restore Explorer. Download System Restore Explorer - MajorGeeks
    Thanks for the reply!

    Yeah, its what I thought - it seems not to directly correspond to anything. I'm currently searching the System Volume information folder using the \\localhost\C$ address and having used the 'take ownership' reg edit to grant access to the folder.

    I'm finishing an inital Recuva deep scan for the files not overwritten. I then plan to use Recuva to try and recover the System Volume information folder as I suspect that .locky has corrupted it as well - I suspect this because (as you mentioned) Shadow Explorer is showing 'shadows' all dated the same. I did however manage to find dated shadows using 'Z-VSScopy' http://www.z-dbackup.com/vss-shadow-...le-backup.html

    Unfortunatley these files are still locked. I am unsure when Locky got into the PC.

    I will restore to a previous point after using recuva on the System volume information folder and try again.

    Thanks again
    L
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
10 Reasons to Upgrade to Windows 10: ITíS FAMILIAR
Source: Familiarity in Windows 10 | Blogging Windows
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:27.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums