What does System Volume Information on History Mean?

[Guest]

I purposely moved PowerReg scheduler to my system and ran a system scan. WD
identified it on the scan results (so far so good). I indicated "Remove" and
it did (so far so good). Then I looked at the History - it showed "Remove"
for action taken (so far so good). History also showed Resources: file:
C:\Program Files\PowerReg Scheduler\PowerReg Scheduler V3.exe and then
file:C:\System Volume
INformation\_restore{B762F58E-........}\RP277\A0058584.exe - What does the
system volume information line mean as it has nothing to do with powerreg (I
did not use a system installer for powerreg, i only did a copy and paste)?

 

[Bill Sanderson]

This is the path to a System Restore restore point. So--although you may
have cleaned the system of PowerReg scheduler, in the meantime, its code has
been stored in one or more System Restore restore points.

It would be good if this was handled better--at least with some way to
research this via help.

Your options are to disable and then enable SR via properties of My Computer
(which will remove ALL restore points) or to go into the accessories, system
tools, disk cleanup dialog, wait through the check for files which could be
compressed, click the second tab, and click the button to remove all but the
most recent restore point.

Surely this could be automated within the program?

 

[Frank Saunders, MS-MVP OE]

I purposely moved PowerReg scheduler to my system and ran a system
scan. WD identified it on the scan results (so far so good). I
indicated "Remove" and it did (so far so good). Then I looked at the
History - it showed "Remove" for action taken (so far so good).
History also showed Resources: file: C:\Program Files\PowerReg
Scheduler\PowerReg Scheduler V3.exe and then file:C:\System Volume
INformation\_restore{B762F58E-........}\RP277\A0058584.exe - What
does the system volume information line mean as it has nothing to do
with powerreg (I did not use a system installer for powerreg, i only
did a copy and paste)?

It means that a Restore Point was made while the malware was installed. If
that restore point is activated the malware will probably be restored. It
can not do any harm unless the Restore Point is restored. The only way I
know to remove it is to turn off system Restore and then turn it back on.

--
Frank Saunders, MS-MVP OE/WM
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[plun]

Hi Frank and Mr Cat

IMHO it´s better to use disc cleanup and "More Options Tab"

http://www.theeldergeek.com/disk_cleanup_utility.htm

"Clicking the Cleanup button in the System Restore section opens a
dialog box where it asks if you are sure you want to delete all but the
most recent restore point. The difference between using this option and
going directly to System Restore is that you have no option to
selectively delete restore points with this method. It's "all but most
recent" or nothing when accessed via Disk Cleanup. Click Yes or No
depending on your choice".

But may RP277 (Restore Point) is the latest ? so then a SR must be
disabled. It´s also possible to check System Volume but thats
maybe "over course"

regards
plun

 

[Bill Sanderson]

I'm with you on this one, Plun. In fact, I did make a reply on this thread
which doesn't seem to show--interesting.

--

 

[Guest]

Thank you for the answer.

 

[plun]

Hi

NNTP and feeds ....

I did a NNTP reset in my reader for all my groups yesterday

regards
plun