I accidentally run into a adware program today.

While it is running and trying to set up a lot sub adware programs, I
immediately recognized it was a adware so I shutdown the Windows XP sp2
immediately.

Then I boot into safe-mode and did a system restore(the Windows Defender
made a restore point right before I click to setup the adware).

Then it rebooted and I boot into safe-mode again and did a Symentec
Antivirus scanning and found two adwares in the "System Volume Information"
folder.

But Symentec could not delete it. The folder was not accessible. It is a
system folder. I tried to look into it manually and failed getting into it
too.

What can I do to remove the two adwares found in this folder? (I believe it
was because the Windows XP system restore actually made a backup before it
made the restore, so the virus files got backuped into that folder, ...)

Thanks a lot!

If it is ONLY in SystemRestore ("System Volume Information"), the only way
to empty it is to turn off systemrestore, reboot and turn systemrestore on
again.
But it deletes ALL restore points..


--
Tumppi
=================================
Most learned on these newsgroups
Helsinki, FINLAND
(translations from/to FI not always accurate
=================================




"cfman" <(E-Mail Removed)> kirjoitti
viestissä:(E-Mail Removed)...
>I accidentally run into a adware program today.
>
> While it is running and trying to set up a lot sub adware programs, I
> immediately recognized it was a adware so I shutdown the Windows XP sp2
> immediately.
>
> Then I boot into safe-mode and did a system restore(the Windows Defender
> made a restore point right before I click to setup the adware).
>
> Then it rebooted and I boot into safe-mode again and did a Symentec
> Antivirus scanning and found two adwares in the "System Volume
> Information" folder.
>
> But Symentec could not delete it. The folder was not accessible. It is a
> system folder. I tried to look into it manually and failed getting into it
> too.
>
> What can I do to remove the two adwares found in this folder? (I believe
> it was because the Windows XP system restore actually made a backup before
> it made the restore, so the virus files got backuped into that folder,
> ...)
>
> Thanks a lot!
>
>

Thomas Wendell wrote:

> If it is ONLY in SystemRestore ("System Volume Information"), the only way
> to empty it is to turn off systemrestore, reboot and turn systemrestore on
> again.
> But it deletes ALL restore points..
>
>
You are quoting below the signature delimiter. Many newsreaders strip
anything after the sig delimiter, so the OP's post is missing in a reply to
yours. Since you are using OE, there must be a way to quote correctly on
Usenet.

Here is the relevant part of the OP's post:

> Then it rebooted and I boot into safe-mode again and did a Symentec
> Antivirus scanning and found two adwares in the "System Volume
> Information" folder.

If the OP's machine is really clean - and I would certainly suggest s/he go
through systematic checking with more than a Symantec product to be sure -
then s/he can make a new, clean System Restore point and use the More
Options tab in Disk Cleanup to remove all SR points except the new one.

General malware removal steps:
http://www.elephantboycomputers.com/...moving_Malware

System Restore information by MVP Bert Kinney:
http://bertk.mvps.org

Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"

cfman wrote:
> I accidentally run into a adware program today.
>
> While it is running and trying to set up a lot sub adware programs, I
> immediately recognized it was a adware so I shutdown the Windows XP sp2
> immediately.
>
> Then I boot into safe-mode and did a system restore(the Windows Defender
> made a restore point right before I click to setup the adware).
>
> Then it rebooted and I boot into safe-mode again and did a Symentec
> Antivirus scanning and found two adwares in the "System Volume Information"
> folder.
>
> But Symentec could not delete it. The folder was not accessible. It is a
> system folder. I tried to look into it manually and failed getting into it
> too.
>
> What can I do to remove the two adwares found in this folder? (I believe it
> was because the Windows XP system restore actually made a backup before it
> made the restore, so the virus files got backuped into that folder, ...)
>
> Thanks a lot!
>
>


The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell

I would first use Windows Cleanup and remove old System Restore points.
Then re-run your Antivirus scanning program and see if it still shows up.

If it does, then turn-off and then turn-on as posted. Why remove all
restore points if the adware is in the oldest restore point that can be
removed with Windows Cleanup.

And why is the post going to 5 newsgroups?

"Bruce Chambers" <(E-Mail Removed)3t> wrote in message
news:(E-Mail Removed)...
> cfman wrote:
>> I accidentally run into a adware program today.
>>
>> While it is running and trying to set up a lot sub adware programs, I
>> immediately recognized it was a adware so I shutdown the Windows XP sp2
>> immediately.
>>
>> Then I boot into safe-mode and did a system restore(the Windows Defender
>> made a restore point right before I click to setup the adware).
>>
>> Then it rebooted and I boot into safe-mode again and did a Symentec
>> Antivirus scanning and found two adwares in the "System Volume
>> Information" folder.
>>
>> But Symentec could not delete it. The folder was not accessible. It is a
>> system folder. I tried to look into it manually and failed getting into
>> it too.
>>
>> What can I do to remove the two adwares found in this folder? (I believe
>> it was because the Windows XP system restore actually made a backup
>> before it made the restore, so the virus files got backuped into that
>> folder, ...)
>>
>> Thanks a lot!
>>
>>
>
>
> The System Volume Information is the hidden, protected operating
> system folder in which WinXP's System Restore feature stores
> information used to recover from errors. It's really not a good idea
> for you, or an antivirus application, to directly access the contents
> of that folder, unless you expect to have no future use for the
> restore points, in which case it would be simpler just to turn off the
> System Restore feature.
>
> To clear viruses or other malware from the "System Volume
> Information," simply turn off the System Restore feature (Start > All
> Programs > Accessories > System Tools > System Restore, System Restore
> Settings), reboot, then re-enable System Restore, and reboot one last
> time. This will delete all of your Restore Points, including the
> corrupted one(s), and allow you start with a clean slate.
>
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety. -Benjamin Franklin
>
> Many people would rather die than think; in fact, most do. -Bertrum
> Russell