42 posts in this topic

Posted

Hello

As you know Windows 7 makes a System Reserved partition which is called "System Reserved". It does not have any drive letter assigned. Sometimes I cannot hibernate my PC because this partition removes its label "System Reserved" and changing it to "". To fix it I have to assign a driver letter to it (making it visible) then remove the drive letter. THEN I can hibernate.

Why does this happen and how can make it permanently "System Reserved" with no drive letter and hidden?

Thank you

Share this post


Link to post
Share on other sites

Posted

If something is changing that you need to check your system out for viruses or malware to start...

That's definitely something that shouldn't be happening.

Share this post


Link to post
Share on other sites

Posted

[quote name='Shane Nokes' timestamp='1354083084' post='595354070']
If something is changing that you need to check your system out for viruses or malware to start...

That's definitely something that shouldn't be happening.
[/quote]
Its odd that a virus/malware would target that though.....

Nonetheless, running MSE and MBAM right now :)

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354104419' post='595354398']
Its odd that a virus/malware would target that though.....

Nonetheless, running MSE and MBAM right now :)
[/quote]

Not really. There are several variants out right now that target that partition.

I brought it up since changing the name of drives/partitions is something that requires admin rights...so if it's changing it is a process that somehow has silent admin rights.

Share this post


Link to post
Share on other sites

Posted

[quote name='Shane Nokes' timestamp='1354105515' post='595354442']


Not really. There are several variants out right now that target that partition.

I brought it up since changing the name of drives/partitions is something that requires admin rights...so if it's changing it is a process that somehow has silent admin rights.
[/quote]
I ran MBAM and nothing really showed up interesting. Removed some obvious old things. BTW, this has never happened.

Couldn't complete MSE but I removed the things it detected.

Share this post


Link to post
Share on other sites

Posted

Im surprised no one has had this and doesn't comment on it.

Share this post


Link to post
Share on other sites

Posted

Based on the fact that both MBAM and MSE detected threats (no matter how mundane they might seem) and MSE couldn't complete its scan, it sounds like you are infected with malware. You might try scanning again with [url="http://support.kaspersky.com/viruses/rescuedisk"]Kaspersky Rescue Disk[/url]. It might be able to remove some presistent threats that MBAM, MSE, or some other malware scanner running within Windows cannot. Just make sure that after KRD is booted, you update the definitions before starting the scan.

Share this post


Link to post
Share on other sites

Posted

[quote name='xorangekiller' timestamp='1354210190' post='595357318']
MSE couldn't complete its scan,
[/quote]
Never said that, I just did not finish it.

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354213297' post='595357496']
Never said that, I just did not finish it.
[/quote]

I'm sorry for misinterpreting your post. I do still recommend that you try a full scan with KRD. It sounds like you may have malware. Better safe than sorry.

If the scan comes back clean, try booting from your rescue partition or original install disc and running [i]chkdsk /r[/i] on both your main partition and the system reserved partition. You might also try [i]sfc /scannow[/i] to make sure that no critical Windows system files are corrupt.

Share this post


Link to post
Share on other sites

Posted

I would actually suggest - Safe Mode - then try the scan - also it could be possible the following is happening - When he assigns it a partition letter the system itself removes it. (you know similar to a backup) or have a look at this and possibly --

[img]http://social.technet.microsoft.com/Forums/getfile/139918[/img]

It is possible the page file may be on that drive and that would actually cause the system to set it back to the state it is now upon each boot. (or the system may actually be saving data to that partition and reset up each reboot)

Your best bet may be to shrink the partition for C: then create a D: drive that does not have system reserved label or a page file on it. then Hibernation file may be assigned to that drive.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

The system reserved partition should not have a drive letter assigned to it. Remove it.

The reason for the system reserved partition is that the computer boots off of it (it should be marked as active). It includes repair tools that you can boot off of (from pressing f8 at startup and select repair computer) to help repair any damage to your main system partition. If you do not want to use the system partition you can mark you main system partition as active and then create the boot files on it.

But, you probably do have malware or a bad file system on your system reserved partition. I would start with downloading tdsskiller and running it from within windows. I would also run the new malwarebytes anti-rootkit. Both are available from the download section of www.bleepingcomputer.com. I would then run combofix (also available from the previously mentioned site).

If those three come up clean then you should probably recreate your boot files on either the system reserved partition or move them to the main system partition.


edit: Some things I just thought of after my original reply:

1. If you run a chkdsk /r or /x from the repair environment or from booting off the CD/DVD, your system reserved will probably show up as C: and your main system partition will show up as D:. This is normal. chkdsk both of them. If they both come up clean and there are no viruses/rootkits/malware then move the boot files.
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='redvamp128' timestamp='1354251684' post='595359064']
I would actually suggest - Safe Mode - then try the scan - also it could be possible the following is happening - When he assigns it a partition letter the system itself removes it. (you know similar to a backup) or have a look at this and possibly --

[img]http://social.technet.microsoft.com/Forums/getfile/139918[/img]

It is possible the page file may be on that drive and that would actually cause the system to set it back to the state it is now upon each boot. (or the system may actually be saving data to that partition and reset up each reboot)

Your best bet may be to shrink the partition for C: then create a D: drive that does not have system reserved label or a page file on it. then Hibernation file may be assigned to that drive.
[/quote]
How can the hibernation file be stored on there if it is 100MB???

[quote name='evacc44' timestamp='1354253064' post='595359086']
The system reserved partition should not have a drive letter assigned to it. Remove it.
[/quote]
I assign it just to get its label back. I then remove it.

[quote name='evacc44' timestamp='1354253064' post='595359086']

The reason for the system reserved partition is that the computer boots off of it (it should be marked as active). It includes repair tools that you can boot off of (from pressing f8 at startup and select repair computer) to help repair any damage to your main system partition. If you do not want to use the system partition you can mark you main system partition as active and then create the boot files on it.

But, you probably do have malware or a bad file system on your system reserved partition. I would start with downloading tdsskiller and running it from within windows. I would also run the new malwarebytes anti-rootkit. Both are available from the download section of www.bleepingcomputer.com. I would then run combofix (also available from the previously mentioned site).

If those three come up clean then you should probably recreate your boot files on either the system reserved partition or move them to the main system partition.


edit: Some things I just thought of after my original reply:

1. If you run a chkdsk /r or /x from the repair environment or from booting off the CD/DVD, your system reserved will probably show up as C: and your main system partition will show up as D:. This is normal. chkdsk both of them. If they both come up clean and there are no viruses/rootkits/malware then move the boot files.
[/quote]
Im just surprised this has happened to my system but Ill run these programs nonetheless....

malwarebytes anti-rootkit crashes. Its beta though....

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354264991' post='595359218']
How can the hibernation file be stored on there if it is 100MB???

[/quote]

I never said the hibernation file went there.... I said this is probably what is happening -
The WHY it removes the drive letter that you ASSIGN IT.

It probably has some files that the "system" level stores on it which will believe it or not counteract what an Administrator does.

Though what you may want to try is this... Removing the old Hibernation file then Defragmentation and re creation of the Hibernation file

[url="http://www.ehow.com/how_6356689_defragment-hiberfil.html"]http://www.ehow.com/how_6356689_defragment-hiberfil.html[/url]

Share this post


Link to post
Share on other sites

Posted

[quote name='redvamp128' timestamp='1354298579' post='595360274']
I never said the hibernation file went there.... I said this is probably what is happening -
The WHY it removes the drive letter that you ASSIGN IT.
[/quote]
:/

The 100MB partition AS IS has no drive letter. My problem is that it has no label. If I assign a drive letter to it, the label reappears (I don't even retype the label in again). If I remove it, the label stays.

In a x amount of time, it gets removed again and I have to do the same process.

Please read the thread before jumping to statements :)

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354299262' post='595360302']
:/

The 100MB partition AS IS has no drive letter. My problem is that it has no label. If I assign a drive letter to it, the label reappears (I don't even retype the label in again). If I remove it, the label stays.

In a x amount of time, it gets removed again and I have to do the same process.

[s]Please read the thread before jumping to statements :)[/s]
[/quote]

I did read everything-- I was telling you that system files are on that partition and therefore the system overwrites any changes you make to that.


Have you tried to permanently hide it-- you can use Gpedit.msc

[CODE]
Administrative Templates> Windows Components > WindowsExplorer
then look for the hide specific drives
click enable

then choose the drives

[/CODE]

Now yes I have read everything ....
You keep trying to change something as an Administrator that is managed by SYSTEM.

I suggest since you are having hibernation problems-- to follow my link --
the one about removing the hibernation file- then defragmenting- then re-creating the hibernation file- it is possible the one there already is corrupted


-
1 person likes this

Share this post


Link to post
Share on other sites

Posted

[quote name='redvamp128' timestamp='1354301233' post='595360382']
Have you tried to permanently hide it[b]-[/b]- you can use Gpedit.msc

[CODE]
Administrative Templates> Windows Components > WindowsExplorer
then look for the hide specific drives
click enable

then choose the drives

[/CODE]

Now yes I have read everything ....
You keep trying to change something as an Administrator that is managed by SYSTEM.

I suggest since you are having hibernation problems-- to follow my link --
the one about removing the hibernation file- then defragmenting- then re-creating the hibernation file- it is possible the one there already is corrupted
-
[/quote]
Once again you are NOT reading; That partition has ALWAYS been hidden. ALWAYS. It has never magically appeared. The only thing that happens to it is that its label is erased, nothing more.

PLEASE read before replying....

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354368881' post='595361626']
Once again you are NOT reading; That partition has ALWAYS been hidden. ALWAYS. It has never magically appeared. The only thing that happens to it is that its label is erased, nothing more.

PLEASE read before replying....
[/quote]

[size=4][b][color=#282828]You keep trying to change something as an Administrator that is managed by SYSTEM.[/color][/b][/size]

I did and have read-- you said you keep setting that label and it keeps changing it- (I would also suggest that you possibly consider an outside source as in OS) to reset the label- then use the suggested form of the GPEDIT.MSC to hide it.

Now let me tell you why I suggested that-- And this is why what I said use it...

GPEDIT.MSC runs at SYSTEM level and not ADMIN LEVEL for the hiding of drives.

Therefore any changes would stick.

So by hiding it using that it will stop any changes that system can do to it.

AND YOU SAY I HAVE NOT READ... instead I have only suggested ways to fix your issue....

Your initial post said that you could not hibernate because of this problem-- Instead I suggest ways to fix that initial post.. I have three machines with Windows 7 on them... two the partition does have a label and [size=5][b]one that does not - and the one that does not has no issues with hibernation. [/b][/size](which is why I suggested) removing the hibernation file and re-creating it.

But you say I did not read what you wrote...

I only suggested things to fix your issue

Share this post


Link to post
Share on other sites

Posted

[quote name='redvamp128' timestamp='1354384190' post='595362020']


[size=4][b][color=#282828]You keep trying to change something as an Administrator that is managed by SYSTEM.[/color][/b][/size]

I did and have read-- you said you keep setting that label and it keeps changing it- (I would also suggest that you possibly consider an outside source as in OS) to reset the label- then use the suggested form of the GPEDIT.MSC to hide it.

Now let me tell you why I suggested that-- And this is why what I said use it...

GPEDIT.MSC runs at SYSTEM level and not ADMIN LEVEL for the hiding of drives.

Therefore any changes would stick.

So by hiding it using that it will stop any changes that system can do to it.

AND YOU SAY I HAVE NOT READ... instead I have only suggested ways to fix your issue....

Your initial post said that you could not hibernate because of this problem-- Instead I suggest ways to fix that initial post.. I have three machines with Windows 7 on them... two the partition does have a label and [size=5][b]one that does not - and the one that does not has no issues with hibernation. [/b][/size](which is why I suggested) removing the hibernation file and re-creating it.

But you say I did not read what you wrote...

I only suggested things to fix your issue
[/quote]
In GPEDIT.MSC I see no question that allows me to hide the disk.

The HDD is pretty recently formatted but Im going to do the defrag anyways....

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354408827' post='595362598']
In GPEDIT.MSC I see no question that allows me to hide the disk.

The HDD is pretty recently formatted but Im going to do the defrag anyways....
[/quote]
[CODE]

In the Local Group Policy Editor window, navigate to
User Configuration

Share this post


Link to post
Share on other sites

Posted

The system reserved partition can be labeled anything. I do many installs by booting to windows pe, creating the partitions with diskpart and deploying a wim file with imagex. In fact, the system reserved partition is optional. You can install Windows on a single partition no problem.
That drive is there for compatibility with other OSes, and for drive encryption.
Basically you have another issue if you can't hibernate.

Share this post


Link to post
Share on other sites

Posted

[quote name='stumper66' timestamp='1354413383' post='595362722']
The system reserved partition can be labeled anything. I do many installs by booting to windows pe, creating the partitions with diskpart and deploying a wim file with imagex. In fact, the system reserved partition is optional. You can install Windows on a single partition no problem.
That drive is there for compatibility with other OSes, and for drive encryption.
Basically you have another issue if you can't hibernate.
[/quote]

Thus the reason I suggested turning it off....(hibernation) so that it will remove the current Hyberfile.sys

Followed by
DeFragmentation

Then turning it back on-
So the system will then create a new Hyberfile.sys

Next-
Hiding the drive through GPEDIT.MSC (to make sure it is not available)

Also suggested shrinking the partition and creating a new one to move the page file to that new drive.

I have found this fixed an issue with a friends system and hibernation- (somehow the location of the page-file was affecting hibernation)

Share this post


Link to post
Share on other sites

Posted

can you please show us a screen shot of this changed label? Pictures are always better than words. The hibernate file is on the C drive is it not, not sure what that partition would have to do with anything other than this is normally where your boot files are. What error do you get in the event log when you try and hibernate?

Share this post


Link to post
Share on other sites

Posted

[quote name='pes2013' timestamp='1354058933' post='595353358']
Hello

As you know Windows 7 makes a System Reserved partition which is called "System Reserved". It does not have any drive letter assigned. Sometimes I cannot hibernate my PC because this partition removes its label "System Reserved" and changing it to "". To fix it I have to assign a driver letter to it (making it visible) then remove the drive letter. THEN I can hibernate.

Why does this happen and how can make it permanently "System Reserved" with no drive letter and hidden?

Thank you
[/quote]

Why not just delete the reserved partition, reclaim the space, and calibrate the drive alignment if needed. There are only a couple of very specific Windows tasks that could use that partition.

Share this post


Link to post
Share on other sites

Posted

Did the defrag thing that was suggested and the label is still being removed.

Ran MBAM and MSE (this time I finished it) and it found nothing.

Next time it happens Ill screenshot it.

Share this post


Link to post
Share on other sites

Posted

so how about a screenshot now showing its current state, then will have as reference when you say it changes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.