Accessing "sys vol info" on NTFS

[Peter Rossiter]

How do I access the "System Volume Information" folder on XP PRO?

I want to access this folder on one of my other partitions (or
"drives"). The partition I want to access is an NTFS partition
and so is the C: partition.

I have tried what is in
http://support.microsoft.com/default.aspx?kbid=309531
but it does not work. This is what i did:

I log on to XP Pro as administrator. I go to:
Windows Explorer > Tools > Folder Options > View tab
select "Show hidden files and folders"
unselect "Hide protected operating system files (Recommended)"
select "Use Simple File Sharing".

I double-click the System Volume Information folder in the root
folder to open it but it denies me access.

I cvan access the SVI on other partition which are in FAT32. But I
can't access either the C: drive's SVI or the other partition's
SVI.

 

[CS]

On Wed, 07 Apr 2004 00:57:55 +0100, Peter Rossiter <[email protected]>
wrote:

You have to take ownership of the "System Volume Information" folder
on an NTFS partition before it will allow you to have access. Go back
to the MSKB and read how to take ownership.

Also, since this folder houses the system restore information for that
drive (drive c), why do you need to access it? If you're having
problems with system restore, just turn it off and turn it on again.
The folder will be cleared along with all restore points.

 

[Peter Rossiter]

Thanks for the info about ownership. I had thought that as
administrator that I would not need to enter my name in the
security tab.

I need to gain access because my AV software (AVG) says there is a
trojan program there.

Do you or anyone else know about the sort of virus or trojan that
can hide in the System Volume Information folder?

Peter



[groups widened for relevace]

 

[Gregg Cattanach]

Thanks for the info about ownership. I had thought that as
administrator that I would not need to enter my name in the
security tab.

I need to gain access because my AV software (AVG) says there is a
trojan program there.

Do you or anyone else know about the sort of virus or trojan that
can hide in the System Volume Information folder?

Peter

What happens is 1) you are infected with a virus, 2) Windows creates a
restore point and stores the infected files in the system volume information
folder, 3) your anti-virus software sees the virus in SysVolInfo. The best
solution is to turn off system restore, reboot, and turn system restore back
on. This will delete all the restore points along with the one that is
infected. You don't want to risk using any of those restore points anyway,
because at least one of them contains the virus and you really don't know
which one it is.

Gregg C.

 

[Peter Rossiter]

What happens is 1) you are infected with a virus, 2) Windows
creates a restore point and stores the infected files in the
system volume information folder, 3) your anti-virus software
sees the virus in SysVolInfo. The best solution is to turn
off system restore, reboot, and turn system restore back on.
This will delete all the restore points along with the one
that is infected. You don't want to risk using any of those
restore points anyway, because at least one of them contains
the virus and you really don't know which one it is.

Thanks for the info.

I probably got the virus from downloading binaries from the
newgroups.

Would that virus program have been installed or executed (if you
see what I mean) for it to get picked up by XP's restore point in
the way you describe?

I am wondering if I was somehow so careless as to run the virus
program.

 

[FromTheRafters]

I probably got the virus from downloading binaries from the
newgroups.

That is one good way to collect malware. ;o)

Would that virus program have been installed or executed (if you
see what I mean) for it to get picked up by XP's restore point in
the way you describe?

Not necessarily. When your AV program first encountered it, it
probably tried to delete it. Before it got deleted, the OS kindly
decided that you might want to have it backed up in a restore
point just in case to had momentarily lost your mind.

I am wondering if I was somehow so careless as to run the virus
program.

If that was the only affected file your AV alerted to, then it is very
likely that it never ran on your machine.

 

[johns]

I need to gain access because my AV software (AVG) says there is a
trojan program there.

Yep, and it is a nasty one too. What you have is an ftp
server pushing mp3s to the world. You were not patched,
and the Danes got you. I just hope you are not on DSL
or faster, because if you are, sooner or later the Music
cops are going to hand you a summons !!!!! and that
is not funny. Do a search on *.mp3, or let your AV
run on that folder and see if it sees mp3s. If it does,
pull off data, etc, and wipe your drive !!!! Get a good
disk imaging program, and a big drive. That is the
easy way to recover back to a known state ... if the
first install was done off line !! I reimage about once
a month, and that has worked fine. Generally I can
totally crash and be back up in about an hour running
clean. Another thing ... if you do have that "mp3 server",
you also have a whole lot of friends out there, and
they will come calling. This is the one time that a
firewall might help, or you are going to be scanned
to pieces.

johns

 

[Ian JP Kenefick]

Hello,

Yep, and it is a nasty one too. What you have is an ftp
server pushing mp3s to the world. You were not patched,
and the Danes got you.

S.T.F.U.!! Your idiotic "contribution" is of no use here.

scanned
to pieces.

Is this a technical term?

The best thing you can do is stop posting in this group.

--
Regards, Ian.

-------------------------------------------------------------------------------------------------------------

English
Adjective
ultracrepidarian

1. Of a critic, giving opinions on something beyond his or her
knowledge.