system volume information folder

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can someone out there please help me? I have a severe threat in my system
volume information folder that I am unable to open to delete it. Norton 2006
detected it and deleted it, but am unable to get rid of it out of this
folder. Is it okay to just leave it in there, or is there a way of opening
this folder to delete it manually?
 
Simply turn off System Restore, which purges all Restore points.
Reboot the PC and then re-enable SR. Unfortunately, there is no
other way to clear the threat and retain existing points.
Right Click My Computer, Left Click Properties and then the
System Restore (TAB)
Place a check/tic in the box "Turn off System Restore on all Drives"
Click Apply (There will be some time delay as the points are
purged from the SVI folder).
Reboot the PC and then reverse the process to re-enable SR.
 
deb said:
Can someone out there please help me? I have a severe threat in my
system volume information folder that I am unable to open to delete
it. Norton 2006 detected it and deleted it, but am unable to get rid
of it out of this folder. Is it okay to just leave it in there, or
is there a way of opening this folder to delete it manually?
Click to expand...



The System Volume Information Folder contains Restore Points.
You have a virus in a restore point. First of all, note that any virus (or
any other kind of malware) in a restore point is completely innocuous and
can't hurt you in any way *unless* you do a System Restore from that restore
point.

If the virus is only in the restore point, presumably you recently removed a
virus from your system. The virus remains in restore points made before the
virus removal, but isn't present in restore points made afterwards.


Unfortunately, you can't selectively delete restore points. Your only
choices are to delete them all, all but the most recent, or none.


One choice is to delete them all (turn off System Restore, then turn it back
on again), but that choices throws out the clean restore points too. Another
choice is to do nothing (keep the infected restore points), but make sure
that you keep track of when you did the virus removal and be sure never to
restore from any restore point before then. If you choose that option,
within the next several weeks, the infected restore poits will disappear by
themselves, because older restore points are automatically removed to make
room for newer ones.
 
Hi Deb,

The SVI (System Volume Information) folder is where System Restore holds
it's restore points. The SVI folder is a super hidden folder and not
accessible by most if not all antivirus applications. Infections
residing within the SVI are dormant, and will not harm the system until
a restore point containing the infection is used to restore the system.
Once the system is cleaned of the infection and the system is running
correctly, it is then time to empty the SVI folder of it's restore
points. To do so, disable System Restore using the following
instructions. All restore points will be lost. Then re-enable it.

How to Disable and Enable System Restore:
http://bertk.mvps.org/html/disablesr.html

Instructions on how to view the contents of the SVI folder to manually
delete it's contents.
http://bertk.mvps.org/html/tips.html#SRFileLocation
 
deb said:
Can someone out there please help me? I have a severe threat in my system
volume information folder that I am unable to open to delete it. Norton 2006
detected it and deleted it, but am unable to get rid of it out of this
folder. Is it okay to just leave it in there, or is there a way of opening
this folder to delete it manually?
Click to expand...


The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
 
On Wed, 17 May 2006 17:59:12 -0400, "R. McCarty"
Simply turn off System Restore, which purges all Restore points.
Reboot the PC and then re-enable SR. Unfortunately, there is no
other way to clear the threat and retain existing points.
Click to expand...

There are two other approaches:

1) Use the Disk Cleanup wizard to purge all but recent point
- create a new SR point
- go Disk Cleanup, More Options
- purge all but the most recent SR point

2) Kill the malware within SR's SVI subtree

You'd usually do this from Bart PE CDR boot, from where your scanners
and tools have a more unfettered access to the drive. The downside is
that by chopping files out of the backup material whilst the
installation is "under anaesthetic", you may invalidate the state of
the restore points involved.
Right Click My Computer, Left Click Properties and then the
System Restore (TAB)
Place a check/tic in the box "Turn off System Restore on all Drives"
Click Apply (There will be some time delay as the points are
purged from the SVI folder).
Reboot the PC and then reverse the process to re-enable SR.
Click to expand...

I don't like this approach, because this re-enables SR (to maximal
bloat) on all HD volumes. You're assuming the user is happy to have
this state affairs, and/or only has one big C: volume.

Personally, I don't trust scanners running within the infected
installation to tackle active malware, especially malware that passed
through the scanner's gaze in the first place. YMMV.


-------------------- ----- ---- --- -- - - - -
Click to expand...
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
 
Back
Top