Problem with Security and Sharing in XP

Machine details:

Dell C840 laptop, 2 MHz, 1GB ram, 40 GB HDD. XP Pro SP2 with latest updates, Zone Alarm Pro firewall v6.5 and NOD32 v2.5 antivirus; NOD32 has all modules, advanced heuristics and additional data stream scanning activated. I run Windows Defender in the background and it automatically does a quick scan every day. I have SpywareBlaster v3.5.1 installed and I use Ad-Aware’s immunisation feature.

I use broadband internet via BT and the machine can be on-line for days on end. I access the internet through a Netgear DG834GT NATS router, so additional internet security is provided by its hardware firewall.

ZAP is configured so it is set to fully stealth, but its anti-spyware and email monitoring is off (I only want its firewall and don’t want conflicts with other resident scanners). The only program with the unchecked ability to send emails in ZAP’s program control is Outlook.

I regularly perform full system scans with the free versions of: SpyBot S&D v1.4; Grisoft AVG Anti-Spyware 7.5; Emsi a2; Ad-Aware SE Personal 1.06. I update all signatures and databases before full scans, which I usually do weekly. NOD32 is scheduled to automatically do a full system scan weekly.

I use Firefox 2.0 rather than IE7, except when I have no choice (for example, with Microsoft sites); Firefox has various security extensions installed, like NoScript and Adblock Plus. I regularly use GRC.com's port scanner to check that the machine is fully 'stealth' when on-line.

I use CCleaner and Registry Mechanic to clean out cookies, temp files, keep load times down and registry clean - startup takes around 3 minutes. I have used Wintasks and SpyBot utilities to selectively limit the startup list.

OK, that’s the background, my problem is this. If I select a file in “My Documents” then open the right-click context menu and try to select “Sharing and security….” I get an error message saying that Explorer has encountered a problem and needs to close, followed by two consecutive windows, one sending an error report on Explorer, the next sending an error report on Dr Watson.

I have some encrypted folders on my drive (using the XP encryption, not 3rd party) and I can no longer change their encryption settings, nor encrypt any other folders. The problem seems to occur with any folder, whether encrypted or not.

I know that this option was working about 4 weeks ago, when I encrypted a folder. I have recently (last two days) deleted some network places and disabled off-line files for a network I used to use – that’s all I have done with folders or drives.

All other options on the right-click context menu for folders seem to work OK; it seems to be just the security and sharing option that doesn’t work. I’ve shut down the machine and rebooted – no change. I’ve run sfc /scannow , but that made no difference either.

Anyone any ideas?

 

As for your ecrypted files, I recommend you read this KB on best practices when using the EFS. Microsoft's encryption is REALLY touchy to work with. There's a good chance that if you haven't followed this KB, you won't ever see your files again. Hopefully, this article will prove that idea wrong.

As for your application hangs, I would check the event logs for further diagnostic information. To do so, please do the following:

1. Right-click 'My Computer'
2. Select 'Manage'
3. On the 'Computer Management' window, expand 'Event Viewer'
4. In the 'Application' and 'System' logs, look for red x errors, or yellow exclamation mark warnings that coorespond to the time fo the crashes. These are typically from source 'drwtsn'
5. Post back with the event ids and description text

 

Mada,

Thanks for the quick response.

I can still access all my encrypted files and folders, I just can't change the encryption settings by right clicking any more.

If I look down the error logs I get three Application Errors:

Faulting application explorer.exe, version 6.0.2900.2180, faulting module sfsshell.dll, version 2.2.5.0, fault address 0x0001838a.

Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

These two just repeat every time I tried to select the Sharing and Security option on the right click context menu. Sometimes it's just the Explorer fault, without the Dr Watson following.

And I also get a "fault bucket" with different numbers each time, an example is below:

Fault bucket 00733296.

Any ideas? (Oh, and I do have a copy of my encryption key on floppy)

 

Alright! From this we can see that explorer.exe crashes when trying to call the library sfsshell.dll. This means that this, or a dependent application is corrupted, or is an unexpected version.

The first step I would try to fix this would be updating Windows. Hopefully, there is a later version, and it can be replaced with a good copy from Microsoft.

If you're up-to-date, or there are no updates to this part of Windows, then I would try booting into recovery console, and replacing the file with a known good version from disk. Because this is an older version, you will have to check Windows update again to see if there's any patches. Post back if you need any help performing this procedure.

Finally, if the above doesn't resolve your problem, I would try profiling the library with Dependency Walker. This will show you every other file that sfsshell.dll calls, and what functions it expects to find there. If you see any errors (they're highlighted in red), take note of the file name, and attempt the above steps on THAT file. Keep in mind that there may be two files listed that aren't really a problem. These are mpr.dll and msjvm.dll (iirc). These are typically flagged as problem files, when they aren't necessarily. For example, msjvm.dll is part of the Microsoft Java Runtime, which is no longer supported, and as such, is not installed on alot of systems.

 

Mada,

Thanks for the response. Just to let you know, I was able to copy all the encrypted folders to a USB hard drive, losing the encryption on the way. I did this in case your prophesy of doom came true during the fix. With the confidence that my data was safe, I was then also able to decrypt each folder actually on the hard drive by using the "advanced" button in the "properties" for each one. So encryption still seems to work.

Now I feel my data's safe, I'll apply your fix and report back

Thanks so far.

 

LOL, sorry... I don't mean to scare you, it's just that I've had some bad experiences with EFS, as have a few other users here.

 

OK, fixed.

I did a search for sfsshell.dll and the only place it occurred was in a "Program Files" folder for a freeware application called Simple File Shredder from Scar5. I tried to uninstall this, initially failed, then I finally got it off the laptop by renaming all it's old files and directories, reinstalling it then uninstalling it completely.

With it gone, the right-click menu functionality for Sharing and Security was restored. Victory.

I then reloaded SFS and, guess what, the problem returned. Uninstall it and the problem goes away. So it looks like there's something in the way SFS has been added to the folder context menu that seems to screw up one of the other context menu options.

Now I've had SFS installed since April, I use it extensively to shred confidential files and I've not noticed a problem before. I actually got it as a free download from MajorGeeks, and I wanted it's high-security 7-pass capability

It makes me wonder whether I originally applied encryption using the context menu or whether I applied it to each folder via its properties. And this context menu issue has been sittting there all along, only to be discovered today when I tried to use the context menu route to encrypting a folder. I'm positive I encrypted AFTER I installed SFS

Anyway, thanks Mada. I'll get onto Scar5 to make them aware and to see if they've got a fix. I guess I could always hack the registry to remove the "Sharing and Security" option from the context menu.

 

As a replacement, might I suggest CCleaner? It is also capable of 7-pass, secure file deletion, and is free!

 

Hey Mada,

Just for info, I went to Scar5, had a look in the forum for SFS and, guess what, about 5 days ago this issue was raised, with others joining in to confirm. So it's definitely a Scar5 SFS issue.

In case anyone else reads this, the fix is to uninstall SFS, then re-install it with the shell extension option unchecked during the install - this stops SFS putting the context menu option in and screwing with the "Sharing and Security" menu item.

As MajorGeeks lists SFS, perhaps a little pressure from this forum on Scar5 to fix it, stat?

 

Hey Mada,

I have CCleaner installed and I use it for cookies and such, but I wasn't aware I could use it as an on-demand shredder for customers data files (Word, Excel, and the like). Have I missed something in its menus?

Thanks for the help, by the way. Without you I wouldn't have tracked the problem down.

 

Yes, sir!
On the 'Options' section of CCleaner, select 'Settings'. At the bottom of the screen, you should see 'Secure Deletion:' as well as several options for the security of the deletion.

 

I know this is an ancient message, but...

No folder encryption on my system. Everything has been fine up until about 2 months ago, when I started getting the exact same crashes as listed above. I installed SFS on my system back before at least 2008. In April everything was still working fine. In May, the errors started.

If I hadn't found this message, I'd be screwed, as I did a lot of looking before finding it, and everyone else was oblivious to the fix. I posted the fix on another board (where I had requested help already) and wanted to "bump" this message, and thank Wiseloki for the fix!

Many thanks!

 

Good grief Cosgrove, that was an old post of mine! That old Dell laptop has long been consigned to paperweight status. Still using XP, though, on a newer Optiplex mini-tower.

However, just for your info I junked SFS completely ages ago, as Scar5 no longer support it, and I now use Eraser from Heidi, which is also Freeware and Open Source. You can also integrate it with Sandboxie. And it has no context menu issues. :cool

Check it out.

 

There is a lot of ancient software out there quitly lurking on a lot of PCs, waiting to cause headaches :confused

My current easer prog is CC Cleaner, but I will check out Eraser. Many thanks again for an ancient fix to a new problem.