Where's the Documentation?

[CityguyUSA]

It seems to be deleting my Terabyte Backup software. I saw, just today by accident in a notification, that it supposedly renamed a service that was installed by Terabyte Image For Windows. How do I track this down and ultimately stop it from doing this:?

I installed Process Hacker on 12/11/2022 and the next day it had deleted the entire Image For Windows install folder on a networked machine. A machine that Process hacker wasn't even installed on. I'd like to verify that this is what happened but how?

I also had some trouble running MS Office 2010 as it removed something that required Office to do a corrective installation. Again, I'd like to verify that this is what happened, why it happened and how to prevent it from happening again.

I also want to see what else it might have done.

[jxy-s]

It seems to be deleting my Terabyte Backup software. I saw, just today by accident in a notification, that it supposedly renamed a service that was installed by Terabyte Image For Windows. How do I track this down and ultimately stop it from doing this:?

Based on what you're describing I think you are observing System Informer notifying you of services being modified. The program is notifying you with a toast notification, it is not modifying your services.

I installed Process Hacker on 12/11/2022 and the next day it had deleted the entire Image For Windows install folder on a networked machine. A machine that Process hacker wasn't even installed on. I'd like to verify that this is what happened but how?

I also had some trouble running MS Office 2010 as it removed something that required Office to do a corrective installation. Again, I'd like to verify that this is what happened, why it happened and how to prevent it from happening again.

I also want to see what else it might have done.

System Informer wouldn't be able to look at previous activity in this regard. Sounds like some other actions occurred which caused this?

[Masamune3210]

Are you sure your backup software didnt do a automatic update or something? Because service name modification and backups being messed with both sound like they would be involved with that. As for Office breaking, take it from someone who works in a school, Office breaks constantly, whenever it feels like, especially the newer 365 versions

[dmex]

Because service name modification and backups being messed with both sound like they would be involved with that.

There's no delete functionality or modifications. All it does is show a notification when changes are being made by third party software.

Are you sure your backup software didnt do a automatic update or something?

It does not make any changes to the system whatsoever.

[Masamune3210]

I meant their backup solution getting a update, not system informer

[CityguyUSA]

So the day after I installed System Informer was the day I started getting events in my log saying the system couldn't find the backup program which is scheduled to run everyday backing up different stuff. When I went looking for the backup folder it was gone directory and all. I didn't expect that System Informer had done it until I got that weird notification that some service was renamed and it was a service installed by my backup software that had been there for years. When I went looking for the "renamed service", in services.msc. which actually consisted of 2 notifications the first one I wasn't able to read the 2nd one I said something to the effect of the TB_ service was renamed to some random string of numbers I couldn't find it anywhere in the services list but I couldn't find the TB__ either. Unlike the disappearing folder that happened on a networked computer this happened on my laptop.

Now I need to find these notifications if that's possible. MS saves everything else of much lower importance so hopefully I can track all this back. I used Process Explorer years ago so I wasn't aware of any destructive capabilities but one of the reviewers made it sound like it was really out of control. But I need to find what happened and why? Maybe something in the software has been hacked? I just don't know. I've never had something so strange target just MS Office and Terabyte Image For Windows on 2 computers. There is nothing in Image for Windows that does any weird stuff when it executes I've been using it for years. I thought maybe because it had access to the hard drive by sector that maybe that had caused some theory of maybe being a process that shouldn't be happening but certainly nothing should be removed without some confirmation.

[CityguyUSA]

Just found this related to my Remote Access Software.

But it doesn't exist under services

That was the end of the services beginning with "M".

[ge0rdi]

Those MpKsl* services seem to be related to Windows Defender. See #561.

[CityguyUSA]

Today I was notified about a service created TBOFLHelper.sys created which is related to Terabyte Backup Software but as soon as the notification was received I immediately checked the services running. There is no TBIOBLHelper.sys. Curiosity arose and I opened the notification window. Tthere was a matching message saying that the service was deleted. Both notifications with timestamp 7:01pm and it's 7:15pm. A bit of a delay in reporting anything.

I guess there's no way to track back what happened to the Terabyte Installation on either device from the other day regardless if Process Hacker was involved or not? I've not had any response on how one would accomplish such a task and yet it would seem imperative that such a process existed for all or any strange goings on.

BTW you are referring to this app by System Informer but the app still says Process Hacker at the top.

[dmex]

notifications with timestamp 7:01pm and it's 7:15pm. A bit of a delay in reporting anything.

Windows delays and suppresses notifications depending on updates or login time not for critical information that must be acted on immediately by design: https://learn.microsoft.com/en-us/windows/win32/shell/notification-area#notification-and-notification-area-guidelines

I guess there's no way to track back what happened to the Terabyte Installation on either device from the other day regardless if Process Hacker was involved or not?

There's only going to be 2-3 reasons why files vanished. Either the anti-virus deleted the files. The program was using temporary files for an update or someone with remote access preformed the deletion. Process Hacker is designed more for viewing current realtime activity rather than historical activity which is better suited for logging utilities like procmon: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

BTW you are referring to this app by System Informer but the app still says Process Hacker at the top.

The project was rebranded and you're running an old version.

[CityguyUSA]

Windows delays and suppresses notifications depending on updates or login time not for critical information that must be acted on immediately by design: https://learn.microsoft.com/en-us/windows/win32/shell/notification-area#notification-and-notification-area-guidelines

This had nothing to do with "quiet time" secondly it's not Win7 and 3rd these notifications weren't ever reported until I installed whatever you want to call it. To be of any value especially for potentially malicious processes you don't want a delay.

We're not talking temporary files we're talking the removal of the entire installation. And some impact to MS Office which I only know it had popped up a dialog asking to fix itself, I don't recall the exact wording nor was it like a normal repair function. There may be others that I haven't uncovered yet.

I'm using 2.39.124. Note the words Process Hacker in the title bar.