Q about D:\System Volume Information folder

[Jorge Cervantes]

I have two, physically separate hard disk drives (C and D).
Virus scan detected infection in D:\system volume information folder.
This folder (hidden folder) cannot be opened.
How can I remove infected files from volume information folder?
Jorge

 

[John John (MVP)]

Is there a Windows XP on that drive? The virus may be inside a Restore
Point.

To gain access to the folder with any Windows XP version you can use the
cacls command at the Command Prompt:

cacls "d:\System Volume Information" /E /G YourUserName:F

How to gain access to the System Volume Information folder
http://support.microsoft.com/kb/309531

John

 

[Jorge Cervantes]

Thanks John,

The restore was turned off quite a while ago because I use True Image
backup system.
So, I assume that the infection might not matter now.
Is that correct?

BTW, I have another related question. I found that both C and D drives have
its own System Volume folders.
I understand that restore only matters to C-drive not to D-drive.
If so, I would rather delete D:\system volume?
Can I do that? If so, how?

Thanks.

Jorge

 

[Ken Blake, MVP]

I have two, physically separate hard disk drives (C and D).
Virus scan detected infection in D:\system volume information folder.
This folder (hidden folder) cannot be opened.
How can I remove infected files from volume information folder?

Did you recently remove this virus from your system, but now find that
it remains in D:\system volume information?

That folder contains restore points, and a virus in a restore point is
completely innocuous *unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days.

 

[Ken Blake, MVP]

Thanks John,

The restore was turned off quite a while ago because I use True Image
backup system.

Not a good idea. True image is an excellent product, and using it for
backup is a good thing to do. But I recommend that you keep System
Restore on anyway. System Restore is not a substitute for backup, and
can (and should) exist alongside it. System Restore is a tool for
restoring the operating system to the state it was a few days (or a
week or two at most) ago. It's meant to be a quick and easy way to
recover from an error you made recently.

So, I assume that the infection might not matter now.
Is that correct?

BTW, I have another related question. I found that both C and D drives have
its own System Volume folders.
I understand that restore only matters to C-drive not to D-drive.
If so, I would rather delete D:\system volume?
Can I do that?

Yes.


If so, how?

Turn off System Restore on D:. That will delete the restore points
there.

 

[Gerry]

Jorge

Right click on the System Volume Information Folder on your D drive and
select Properties. If it is not being monitored by System Restore then
there should be no contents i.e. 0 bytes. Do not delete the folder.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~