Thanks to all 6 who posted timely and helpful replies within 4h5min of mycall; the 1st SOLVED my problem, but I also record the 5 next, that can beuseful in some other cases (see below).
1) Thanks "Pegasus [MVP]", Sun 31 May 2009 11:56:03 GMT, for your advice ("Click Start / Help then look for help on Ownership"). It worked perfect. Details:
I forgot to mention my system is a Feb 2006 laptop, Windows XP Pro, Pentium M760 (Dothan 2.0GHz), 2GB, NOT joined to a domain, with SFS (Simple FileSharing) disabled.
I recall that I CANNOT select "C:\System Volume Information": when I Simple-Click or Double-Click it, I get "Access is denied", and the item is NOT selected, so I CANNOT come through this path and choose its Properties.
Now « Start > Help & Support "Ownership" (38 results) > "Take ownershipof a file or folder" » tells to "Right-click the file or folder". And yes, I can Right-Click it DIRECTLY (while I could NOT by first Simple-Clicking it). Then the continuation is as usual:
- Right-click "C:\System Volume Information", "Sharing and Security..." (or "Properties"), "Security > Advanced > Owner > Change owner to", where I currently have:
- ** Administrators
- * Merlin
|_| (cleared) Replace owner on subcontainers and objects
So I check the "Replace owner on subcontainers and objects", select "Merlin", and click "OK", which returns:
_____________________________________________________________
| Security (icon = Black exclamation mark on Yellow triangle)
|_____________________________________________________________
| You do not have permission to read the contents
| ! of directory \??\C:\System Volume Information.
| Do you want to replace the directory permissions
| with permissions granting you Full Control?
|
| All persmissions will be replaced if you press Yes.
|
| | Yes | | No |
|_____________________________________________________________
I clicked Yes; changing permissions took about 1min30sec.
Once reached the "RP305\....exe" archive involved (1,505 KB), I couldn't open it and find the threat, so I deleted the entire "RP305" folder (RP304,RP305, RP306 were restore points of 15, 16, 17 May 2009), and immediately emptied the Recycle Bin (so to not propagate again the faulty item). I alsodeleted the "RP305" folder I had in "D:\System Volume Information\_restore{32-char GUID}\RP305".
2) Thanks to "Touch Base", Sun 31 May 2009 12:07:14 GMT:
To take ownership of the System Volume Information folder:
http://support.microsoft.com/kb/308421>
http://support.microsoft.com/kb/307874
"How to disable simplified sharing and set permissions on a shared folderin Windows XP"
3) Thanks to "JS", Sun 31 May 2009 13:56:17 GMT:
To delete all but the latest restore point:
"Start > All Programs > Accessories > System Tools > Disk Cleanup > More Options> System Restore > Clean up
4) Thanks to "Alan", Sun 31 May 2009 14:51:16 GMT:
http://support.microsoft.com/kb/309531"How to gain access to the System Volume Information folder",
make sure to read the § "Using CACLS with Windows XP Home Edition Usingthe NTFS File System"
5) Thanks to "Jim", Sun 31 May 2009 15:05:12 GMT:
the only SID which has any access to the folder is NTAUTHORIT/SYSTEM (i.e.. Windows XP)
-> My Reply (Michel Merlin): I don't see that name. Anyway I bring back all folders under MY own property and "Merlin" Username (see §1).
6) Thanks to "Shenan Stanley", Sun 31 May 2009 15:54:43 GMT:
Why not using Disk Cleanup OR turning off System Restore
-> My Reply (Michel Merlin): System Restore NEVER brought me any successful help, so I rarely try to use it. I keep it however (just in case) but don't waste time hesitating before removing a part in it that appears a threat. Yet of course, in the same conservative way, I destroy as little as possible. In decades I never used (unless when forced) the barbare simplistic blind processes MS loves to impose on its so-called "customers" (like "removing all but the most recent restore point" - the only "help" Disk Cleanup is offering in this case).
Again, thanks to *all*.
Versailles, Tue 2 Jun 2009 14:45:10 +0200
----- Parent Thread -----www.howtofixcomputers.com/forums/windows-xp/c-system-volume-informati...
www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=micros...
----- Parent Message (links are clickable in OE) -----
From: "Pegasus [MVP]" <
[email protected]>
Newsgroup: news://msnews.microsoft.com/microsoft.public.windowsxp.general
Message: news://msnews.microsoft.com/
[email protected]
Sent: Sun 31 May 2009 13:56:03 +0200 (11:56:03 GMT)
Subject: Re: C:\System Volume Information - Access is denied
This folder contains the Windows System Restore information and is normally accessible to the System Account only. However, you can seize ownership of it. Click Start / Help then look for help on Ownership if unsure how to do it.
----- Parent Message (links are clickable in OE) -----
From: "Michel Merlin" <
[email protected]>
Newsgroup: news://msnews.microsoft.com/microsoft.public.windowsxp.general
Message: news://msnews.microsoft.com/%
[email protected]
Sent: Sun 31 May 2009 13:49:45 +0200 (11:49:45 GMT)
Subject: C:\System Volume Information - Access is denied
My "Security" Suite reports:
C:\System Volume Information\...\RP305\....exe=](Instyler o)=](Instyler Module 11) = Gen:Adware.Heur.4105FAFAFA = Infected (no action was possible, file was in an archive)
So immediately go in Windows Explorer to navigate there and manually remove the threat from the involved Restore Point as I usually do, but this time on clicking "C:\System Volume Information" I am told:
« C:\System Volume Information is not accessible. Access is denied »
What is that? What removed *MY* access to *MY* property?. Please anyone help me recover that basic access (Of course I am logged as an Administrator). TIA,
Versailles, Sun 31 May 2009 13:49:45 +0200
