Recently, my PC started having an issue. sppsvc
would fail to load. When trying to manually initiate it, I would get an Error 5: Access is Denied
message.
Now, I used EventVwr and Process Monitor to see what's going on. This suspicious little message made me wonder:
Upon exploring that file, I realized that something was horribly wrong. I can't copy it or do anything to it without needing admin permissions which would always loop ("You need permission from Administrator" > "You need permission from NETWORK SERVICE"). Doing additional testing, I figured out that I can't even open the file. It's like it's just there but can't have anything done to it.
I tried fixing permissions myself. Output of ICACLS on this file:
C:\Windows\System32\spp\store\2.0>ICACLS data.dat
data.dat BUILTIN\Administrators:(F)
NT SERVICE\sppsvc:(F)
NT AUTHORITY\SYSTEM:(F)
BUILTIN\Users:(R)
Successfully processed 1 files; Failed processing 0 files
C:\Windows\System32\spp\store\2.0>
I am unsure on how to proceed. I am also unsure if this file even really exists. What would happen if I were to delete it?
Yes, I know that "reinstalling Windows" would probably be the best option, but it is one I am not able to do. I am willing to do anything to my system as long as:
- I never format the OS
- I don't expose myself to every virus ever made in the history of ever.