adware found in System Volume Information ...

C

cfman

I accidentally run into a adware program today.

While it is running and trying to set up a lot sub adware programs, I
immediately recognized it was a adware so I shutdown the Windows XP sp2
immediately.

Then I boot into safe-mode and did a system restore(the Windows Defender
made a restore point right before I click to setup the adware).

Then it rebooted and I boot into safe-mode again and did a Symentec
Antivirus scanning and found two adwares in the "System Volume Information"
folder.

But Symentec could not delete it. The folder was not accessible. It is a
system folder. I tried to look into it manually and failed getting into it
too.

What can I do to remove the two adwares found in this folder? (I believe it
was because the Windows XP system restore actually made a backup before it
made the restore, so the virus files got backuped into that folder, ...)

Thanks a lot!
 
T

Thomas Wendell

If it is ONLY in SystemRestore ("System Volume Information"), the only way
to empty it is to turn off systemrestore, reboot and turn systemrestore on
again.
But it deletes ALL restore points..


--
Tumppi
=================================
Most learned on these newsgroups
Helsinki, FINLAND
(translations from/to FI not always accurate
=================================
 
M

Malke

Thomas said:
If it is ONLY in SystemRestore ("System Volume Information"), the only way
to empty it is to turn off systemrestore, reboot and turn systemrestore on
again.
But it deletes ALL restore points..
Click to expand...
You are quoting below the signature delimiter. Many newsreaders strip
anything after the sig delimiter, so the OP's post is missing in a reply to
yours. Since you are using OE, there must be a way to quote correctly on
Usenet.

Here is the relevant part of the OP's post:
Then it rebooted and I boot into safe-mode again and did a Symentec
Antivirus scanning and found two adwares in the "System Volume
Information" folder.
Click to expand...

If the OP's machine is really clean - and I would certainly suggest s/he go
through systematic checking with more than a Symantec product to be sure -
then s/he can make a new, clean System Restore point and use the More
Options tab in Disk Cleanup to remove all SR points except the new one.

General malware removal steps:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

System Restore information by MVP Bert Kinney:
http://bertk.mvps.org

Malke
 
B

Bruce Chambers

cfman said:
I accidentally run into a adware program today.

While it is running and trying to set up a lot sub adware programs, I
immediately recognized it was a adware so I shutdown the Windows XP sp2
immediately.

Then I boot into safe-mode and did a system restore(the Windows Defender
made a restore point right before I click to setup the adware).

Then it rebooted and I boot into safe-mode again and did a Symentec
Antivirus scanning and found two adwares in the "System Volume Information"
folder.

But Symentec could not delete it. The folder was not accessible. It is a
system folder. I tried to look into it manually and failed getting into it
too.

What can I do to remove the two adwares found in this folder? (I believe it
was because the Windows XP system restore actually made a backup before it
made the restore, so the virus files got backuped into that folder, ...)

Thanks a lot!
Click to expand...


The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell
 
L

Lawrence J. Gardner

I would first use Windows Cleanup and remove old System Restore points.
Then re-run your Antivirus scanning program and see if it still shows up.

If it does, then turn-off and then turn-on as posted. Why remove all
restore points if the adware is in the oldest restore point that can be
removed with Windows Cleanup.

And why is the post going to 5 newsgroups?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Re: Deleting the System Volume Information folder 1
System Information 1
System Volume Information folder FAT32 vs. NTFS 4
System volume information access denied 10
How can I restore files from System Volume Information 7
Delete folder System volume Information? 5
Problems with C:\System Volume Information\tracking.log 20
Adware Blocks System Restore 10

Top