Accessing "c:\system volume information\...

[Jon]

I downloaded a virus, but did not execute it. I believe
system restore took a snapshot of the virus before I
deleted it and now my virus protection software says I
have a virus in the "c:\system volume information" folder.

Access is denied when I navigate to that folder. I tried
using safe mode, but the folder does not even exist in
safe mode.

My virus software can't even access that folder.

Please help,

Jon

 

[Guest]

Yes, i've had this virus, what you need to do is boot up with ur winxp cd or boot disk. Get in dos mode and delete those files manually. Of course before you do dat, you'd want to scan ur system and write down the file location and file names that you will be deleting. This could be tedious but as far as i know it is the only way. You've been infected by the backdoor virus.

 

[francis gerard]

I downloaded a virus, but did not execute it. I believe
system restore took a snapshot of the virus before I
deleted it and now my virus protection software says I
have a virus in the "c:\system volume information" folder.

Access is denied when I navigate to that folder. I tried
using safe mode, but the folder does not even exist in
safe mode.

My virus software can't even access that folder.

temporarily disable system restore, then using windows explorer, unhide
system files/folders (explorer, tools, folder options, view tab, show hidden
files & folders, uncheck the boxes for 'hide protected OS files' and 'use
simple file sharing'), then right-click on the \system volume information
folder, select Properties, security tab, press Advanced button. on the
Advanced security settings dialog, click Owner tab, makes sure current owner
says Administrators, check the box 'replace owner on subcontainers and
objects', press Apply and Yes to the confirmation popup, click on the
Permissions tab, check the box 'replace permission entries on all child
objects...', click Yes on the confirmation popup. close the properties
dialog for \system volume information, then right-click on it again and
choose Delete and press Yes on the confirmation popup.

windows will delete the \system volume information folder... and then
automatically re-create a new one a few moments later

re-enable system restore

 

[Bruce Chambers]

Greetings --

The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, then
re-enable System Restore, and reboot one last time. This will delete
all of your Restore Points, including the corrupted one(s), and allow
you start with a clean slate.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[Alex Nichol]

I downloaded a virus, but did not execute it. I believe
system restore took a snapshot of the virus before I
deleted it and now my virus protection software says I
have a virus in the "c:\system volume information" folder.

Access is denied when I navigate to that folder. I tried
using safe mode, but the folder does not even exist in
safe mode.

The virus has got into a restore point. It can do no harm there,
unless you restore to the point concerned. So wait for a new clean one
to have been made (or go to Start - All Programs - Accessories - System
Tools - System Restore and create one manually) then Start - All
Programs - Accessories - System Tools - Disk Cleanup and on the More
Options use the button to delete all but the more recent point - the
virus will go along with the point it is in

To access the folder in Safe mode in XP Home (and this should only be
done to clear it out when you have first disabled System Restore), you
need to boot to Safe Mode and use the Administrator logon. In that have
Folder Options - View set to show Hidden files, and *not* Hide Protected
mode ones

You will then see the SVI folder, and in FAT 32 access it, or (in NTFS)
can right click it and use the Properties - Security tab to give the
Administrator account access to it. On the whole, better not try