Why does the "System Reserved" parititon keep removing its own labe


Recommended Posts

Hello

As you know Windows 7 makes a System Reserved partition which is called "System Reserved". It does not have any drive letter assigned. Sometimes I cannot hibernate my PC because this partition removes its label "System Reserved" and changing it to "". To fix it I have to assign a driver letter to it (making it visible) then remove the drive letter. THEN I can hibernate.

Why does this happen and how can make it permanently "System Reserved" with no drive letter and hidden?

Thank you

Link to comment
Share on other sites

If something is changing that you need to check your system out for viruses or malware to start...

That's definitely something that shouldn't be happening.

Its odd that a virus/malware would target that though.....

Nonetheless, running MSE and MBAM right now :)

Link to comment
Share on other sites

Its odd that a virus/malware would target that though.....

Nonetheless, running MSE and MBAM right now :)

Not really. There are several variants out right now that target that partition.

I brought it up since changing the name of drives/partitions is something that requires admin rights...so if it's changing it is a process that somehow has silent admin rights.

Link to comment
Share on other sites

Not really. There are several variants out right now that target that partition.

I brought it up since changing the name of drives/partitions is something that requires admin rights...so if it's changing it is a process that somehow has silent admin rights.

I ran MBAM and nothing really showed up interesting. Removed some obvious old things. BTW, this has never happened.

Couldn't complete MSE but I removed the things it detected.

Link to comment
Share on other sites

Based on the fact that both MBAM and MSE detected threats (no matter how mundane they might seem) and MSE couldn't complete its scan, it sounds like you are infected with malware. You might try scanning again with Kaspersky Rescue Disk. It might be able to remove some presistent threats that MBAM, MSE, or some other malware scanner running within Windows cannot. Just make sure that after KRD is booted, you update the definitions before starting the scan.

Link to comment
Share on other sites

Never said that, I just did not finish it.

I'm sorry for misinterpreting your post. I do still recommend that you try a full scan with KRD. It sounds like you may have malware. Better safe than sorry.

If the scan comes back clean, try booting from your rescue partition or original install disc and running chkdsk /r on both your main partition and the system reserved partition. You might also try sfc /scannow to make sure that no critical Windows system files are corrupt.

Link to comment
Share on other sites

I would actually suggest - Safe Mode - then try the scan - also it could be possible the following is happening - When he assigns it a partition letter the system itself removes it. (you know similar to a backup) or have a look at this and possibly --

139918

It is possible the page file may be on that drive and that would actually cause the system to set it back to the state it is now upon each boot. (or the system may actually be saving data to that partition and reset up each reboot)

Your best bet may be to shrink the partition for C: then create a D: drive that does not have system reserved label or a page file on it. then Hibernation file may be assigned to that drive.

Link to comment
Share on other sites

The system reserved partition should not have a drive letter assigned to it. Remove it.

The reason for the system reserved partition is that the computer boots off of it (it should be marked as active). It includes repair tools that you can boot off of (from pressing f8 at startup and select repair computer) to help repair any damage to your main system partition. If you do not want to use the system partition you can mark you main system partition as active and then create the boot files on it.

But, you probably do have malware or a bad file system on your system reserved partition. I would start with downloading tdsskiller and running it from within windows. I would also run the new malwarebytes anti-rootkit. Both are available from the download section of www.bleepingcomputer.com. I would then run combofix (also available from the previously mentioned site).

If those three come up clean then you should probably recreate your boot files on either the system reserved partition or move them to the main system partition.

edit: Some things I just thought of after my original reply:

1. If you run a chkdsk /r or /x from the repair environment or from booting off the CD/DVD, your system reserved will probably show up as C: and your main system partition will show up as D:. This is normal. chkdsk both of them. If they both come up clean and there are no viruses/rootkits/malware then move the boot files.

Link to comment
Share on other sites

I would actually suggest - Safe Mode - then try the scan - also it could be possible the following is happening - When he assigns it a partition letter the system itself removes it. (you know similar to a backup) or have a look at this and possibly --

139918

It is possible the page file may be on that drive and that would actually cause the system to set it back to the state it is now upon each boot. (or the system may actually be saving data to that partition and reset up each reboot)

Your best bet may be to shrink the partition for C: then create a D: drive that does not have system reserved label or a page file on it. then Hibernation file may be assigned to that drive.

How can the hibernation file be stored on there if it is 100MB???

The system reserved partition should not have a drive letter assigned to it. Remove it.

I assign it just to get its label back. I then remove it.

The reason for the system reserved partition is that the computer boots off of it (it should be marked as active). It includes repair tools that you can boot off of (from pressing f8 at startup and select repair computer) to help repair any damage to your main system partition. If you do not want to use the system partition you can mark you main system partition as active and then create the boot files on it.

But, you probably do have malware or a bad file system on your system reserved partition. I would start with downloading tdsskiller and running it from within windows. I would also run the new malwarebytes anti-rootkit. Both are available from the download section of www.bleepingcomputer.com. I would then run combofix (also available from the previously mentioned site).

If those three come up clean then you should probably recreate your boot files on either the system reserved partition or move them to the main system partition.

edit: Some things I just thought of after my original reply:

1. If you run a chkdsk /r or /x from the repair environment or from booting off the CD/DVD, your system reserved will probably show up as C: and your main system partition will show up as D:. This is normal. chkdsk both of them. If they both come up clean and there are no viruses/rootkits/malware then move the boot files.

Im just surprised this has happened to my system but Ill run these programs nonetheless....

malwarebytes anti-rootkit crashes. Its beta though....

Link to comment
Share on other sites

How can the hibernation file be stored on there if it is 100MB???

I never said the hibernation file went there.... I said this is probably what is happening -

The WHY it removes the drive letter that you ASSIGN IT.

It probably has some files that the "system" level stores on it which will believe it or not counteract what an Administrator does.

Though what you may want to try is this... Removing the old Hibernation file then Defragmentation and re creation of the Hibernation file

http://www.ehow.com/how_6356689_defragment-hiberfil.html

Link to comment
Share on other sites

I never said the hibernation file went there.... I said this is probably what is happening -

The WHY it removes the drive letter that you ASSIGN IT.

:/

The 100MB partition AS IS has no drive letter. My problem is that it has no label. If I assign a drive letter to it, the label reappears (I don't even retype the label in again). If I remove it, the label stays.

In a x amount of time, it gets removed again and I have to do the same process.

Please read the thread before jumping to statements :)

Link to comment
Share on other sites

:/

The 100MB partition AS IS has no drive letter. My problem is that it has no label. If I assign a drive letter to it, the label reappears (I don't even retype the label in again). If I remove it, the label stays.

In a x amount of time, it gets removed again and I have to do the same process.

Please read the thread before jumping to statements :)

I did read everything-- I was telling you that system files are on that partition and therefore the system overwrites any changes you make to that.

Have you tried to permanently hide it-- you can use Gpedit.msc


Administrative Templates> Windows Components > WindowsExplorer
then look for the hide specific drives
click enable

then choose the drives

[/CODE]

Now yes I have read everything ....

You keep trying to change something as an Administrator that is managed by SYSTEM.

I suggest since you are having hibernation problems-- to follow my link --

the one about removing the hibernation file- then defragmenting- then re-creating the hibernation file- it is possible the one there already is corrupted

-

Link to comment
Share on other sites

Have you tried to permanently hide it-- you can use Gpedit.msc


Administrative Templates> Windows Components > WindowsExplorer
then look for the hide specific drives
click enable

then choose the drives

[/CODE]

Now yes I have read everything ....

You keep trying to change something as an Administrator that is managed by SYSTEM.

I suggest since you are having hibernation problems-- to follow my link --

the one about removing the hibernation file- then defragmenting- then re-creating the hibernation file- it is possible the one there already is corrupted

-

Once again you are NOT reading; That partition has ALWAYS been hidden. ALWAYS. It has never magically appeared. The only thing that happens to it is that its label is erased, nothing more.

PLEASE read before replying....

Link to comment
Share on other sites

Once again you are NOT reading; That partition has ALWAYS been hidden. ALWAYS. It has never magically appeared. The only thing that happens to it is that its label is erased, nothing more.

PLEASE read before replying....

You keep trying to change something as an Administrator that is managed by SYSTEM.

I did and have read-- you said you keep setting that label and it keeps changing it- (I would also suggest that you possibly consider an outside source as in OS) to reset the label- then use the suggested form of the GPEDIT.MSC to hide it.

Now let me tell you why I suggested that-- And this is why what I said use it...

GPEDIT.MSC runs at SYSTEM level and not ADMIN LEVEL for the hiding of drives.

Therefore any changes would stick.

So by hiding it using that it will stop any changes that system can do to it.

AND YOU SAY I HAVE NOT READ... instead I have only suggested ways to fix your issue....

Your initial post said that you could not hibernate because of this problem-- Instead I suggest ways to fix that initial post.. I have three machines with Windows 7 on them... two the partition does have a label and one that does not - and the one that does not has no issues with hibernation. (which is why I suggested) removing the hibernation file and re-creating it.

But you say I did not read what you wrote...

I only suggested things to fix your issue

Link to comment
Share on other sites

You keep trying to change something as an Administrator that is managed by SYSTEM.

I did and have read-- you said you keep setting that label and it keeps changing it- (I would also suggest that you possibly consider an outside source as in OS) to reset the label- then use the suggested form of the GPEDIT.MSC to hide it.

Now let me tell you why I suggested that-- And this is why what I said use it...

GPEDIT.MSC runs at SYSTEM level and not ADMIN LEVEL for the hiding of drives.

Therefore any changes would stick.

So by hiding it using that it will stop any changes that system can do to it.

AND YOU SAY I HAVE NOT READ... instead I have only suggested ways to fix your issue....

Your initial post said that you could not hibernate because of this problem-- Instead I suggest ways to fix that initial post.. I have three machines with Windows 7 on them... two the partition does have a label and one that does not - and the one that does not has no issues with hibernation. (which is why I suggested) removing the hibernation file and re-creating it.

But you say I did not read what you wrote...

I only suggested things to fix your issue

In GPEDIT.MSC I see no question that allows me to hide the disk.

The HDD is pretty recently formatted but Im going to do the defrag anyways....

Link to comment
Share on other sites

In GPEDIT.MSC I see no question that allows me to hide the disk.

The HDD is pretty recently formatted but Im going to do the defrag anyways....



In the Local Group Policy Editor window, navigate to
User Configuration ?> Administrative Templates ?> Windows Explorer in the right side panel.



On the left, scroll down the list to find ?Hide these specified drives in My Computer?.

Double click on this entry to open the setting.
[/CODE]

[color=#333333][font=Arial, Helvetica, sans-serif, Verdana][size=4]Just make sure before you defrag-- to do the option of turning off hibernation first..[/size][/font][/color]

http://www.ehow.com/...t-hiberfil.html

That way it will remove the one that is giving you problems- then create a new one- it is possible the one there is corrupted.

Link to comment
Share on other sites

The system reserved partition can be labeled anything. I do many installs by booting to windows pe, creating the partitions with diskpart and deploying a wim file with imagex. In fact, the system reserved partition is optional. You can install Windows on a single partition no problem.

That drive is there for compatibility with other OSes, and for drive encryption.

Basically you have another issue if you can't hibernate.

Link to comment
Share on other sites

The system reserved partition can be labeled anything. I do many installs by booting to windows pe, creating the partitions with diskpart and deploying a wim file with imagex. In fact, the system reserved partition is optional. You can install Windows on a single partition no problem.

That drive is there for compatibility with other OSes, and for drive encryption.

Basically you have another issue if you can't hibernate.

Thus the reason I suggested turning it off....(hibernation) so that it will remove the current Hyberfile.sys

Followed by

DeFragmentation

Then turning it back on-

So the system will then create a new Hyberfile.sys

Next-

Hiding the drive through GPEDIT.MSC (to make sure it is not available)

Also suggested shrinking the partition and creating a new one to move the page file to that new drive.

I have found this fixed an issue with a friends system and hibernation- (somehow the location of the page-file was affecting hibernation)

Link to comment
Share on other sites

can you please show us a screen shot of this changed label? Pictures are always better than words. The hibernate file is on the C drive is it not, not sure what that partition would have to do with anything other than this is normally where your boot files are. What error do you get in the event log when you try and hibernate?

Link to comment
Share on other sites

Hello

As you know Windows 7 makes a System Reserved partition which is called "System Reserved". It does not have any drive letter assigned. Sometimes I cannot hibernate my PC because this partition removes its label "System Reserved" and changing it to "". To fix it I have to assign a driver letter to it (making it visible) then remove the drive letter. THEN I can hibernate.

Why does this happen and how can make it permanently "System Reserved" with no drive letter and hidden?

Thank you

Why not just delete the reserved partition, reclaim the space, and calibrate the drive alignment if needed. There are only a couple of very specific Windows tasks that could use that partition.

Link to comment
Share on other sites

Did the defrag thing that was suggested and the label is still being removed.

Ran MBAM and MSE (this time I finished it) and it found nothing.

Next time it happens Ill screenshot it.

Link to comment
Share on other sites

so how about a screenshot now showing its current state, then will have as reference when you say it changes.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.