System Volume Information

G

Glenn E. McWilson

Is there any way to exclude the system volume information folder on a drive from being checked? Defender appears to find a ghost spyware that it then can't remove. It keeps finding "WhenI.SaveNow" in a folder on my E: drive:

E:\System Volume Information\_restore{18ADC34F-8089-425F-A4B9-E78DCEBAA9C0}\RP795\A0098160..exe->(WiseSfx)->(wise0037)

But, when I try to remove it, I get this error:

Failed, 0x80004005. Unspecified error.

Any ideas as to why this might be? When I manually search for the file, it's not there. Or if I do happen to find it and delete, it's back the next scan. Any help would be appreciated.

--
**************************************************
Glenn E. McWilson
(e-mail address removed)
http://community.webshots.com/user/mustafa940 (I keep adding to it!!)
http://www.geocities.com/mcwilsonge (still messin' with it!!)
"Those who judge don't matter and those who matter don't judge."
 
G

Guest

Hello Glenn,

You can go to the System Event log:

Start, Run, type, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected

Have you tried doing the scan and removal in Safe mode?

I think you may have to work at excluding it from the scan, as an interim
measure. Tools, general settings, scroll down to advance settings, and hit
the add button.

I hope this post is helpful.

Еиçеl
 
B

Bill Sanderson MVP

The error on attempting to remove from System Restore data store is
expected.

If you go to accessories, system tools, Disk Cleanup, and let it sit until
it compiles the list of untouched files, then go to the second tab--"more
options??", Theres an option to delete all but the most recent System
Restore restore point.

If you are sure that you won't need previous restore points, you can check
this and hit apply, and it will remove old restore points. That should take
care of this detection. You could perhaps use the UI in General Settings to
exclude this area from scanning, but I think it is probably better to leave
it alone.

--

Is there any way to exclude the system volume information folder on a drive
from being checked? Defender appears to find a ghost spyware that it then
can't remove. It keeps finding "WhenI.SaveNow" in a folder on my E: drive:

E:\System Volume
Information\_restore{18ADC34F-8089-425F-A4B9-E78DCEBAA9C0}\RP795\A0098160.exe->(WiseSfx)->(wise0037)

But, when I try to remove it, I get this error:

Failed, 0x80004005. Unspecified error.

Any ideas as to why this might be? When I manually search for the file, it's
not there. Or if I do happen to find it and delete, it's back the next scan.
Any help would be appreciated.

--
**************************************************
Glenn E. McWilson
(e-mail address removed)
http://community.webshots.com/user/mustafa940 (I keep adding to it!!)
http://www.geocities.com/mcwilsonge (still messin' with it!!)
"Those who judge don't matter and those who matter don't judge."
 
J

Jupiter Jones [MVP]

Glen;
That is telling you there is spyware in System Volume Information (System
Restore).
Similar issues occur with anti virus programs when viruses are in one or
more Restore Points.
You are better off leaving this on so you have more reliability in the
Restore Points.
A better soulyion is as Bill suggested or turnoff/on System Restore which
will delete all Restore Points.
As long as your computer is working fine, there should be no problem getting
rid of the Restore Points you really do not want to use anyway.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


Is there any way to exclude the system volume information folder on a drive
from being checked? Defender appears to find a ghost spyware that it then
can't remove. It keeps finding "WhenI.SaveNow" in a folder on my E: drive:

E:\System Volume
Information\_restore{18ADC34F-8089-425F-A4B9-E78DCEBAA9C0}\RP795\A0098160.exe->(WiseSfx)->(wise0037)

But, when I try to remove it, I get this error:

Failed, 0x80004005. Unspecified error.

Any ideas as to why this might be? When I manually search for the file, it's
not there. Or if I do happen to find it and delete, it's back the next scan.
Any help would be appreciated.

--
**************************************************
Glenn E. McWilson
(e-mail address removed)
http://community.webshots.com/user/mustafa940 (I keep adding to it!!)
http://www.geocities.com/mcwilsonge (still messin' with it!!)
"Those who judge don't matter and those who matter don't judge."
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need some help with system volume information 3
G:\System Volume Information\_restore 4
System Volume Information 2
What does System Volume Information on History Mean? 6
System Volume Information 2
System Volume Information-/restore. Adware infection 1
Possible virus in System Volume Information 8
System Volume 4

Top