System Volume Information

[Bobbi]

I've received a message from my anti-virus program that a "potentially
unwanted program" is located in my System Volume Information folder, but
I've been denied access to that folder by the system so I can't remove it
manually. Apparently my antivirus and antispyware programs can't either. Is
there a way to get access?

I think restores points are stored there.

Bobbi

 

[Pegasus \(MVP\)]

I've received a message from my anti-virus program that a "potentially
unwanted program" is located in my System Volume Information folder, but
I've been denied access to that folder by the system so I can't remove it
manually. Apparently my antivirus and antispyware programs can't either.
Is there a way to get access?

I think restores points are stored there.

Bobbi

Yes, the restore points are there. You can gain access to this folder
by seizing ownership of it. Click Start / Help, then look for help on
"Ownership" if unsure how to do it.

 

[Ken Blake, MVP]

I've received a message from my anti-virus program that a "potentially
unwanted program" is located in my System Volume Information folder, but
I've been denied access to that folder by the system so I can't remove it
manually. Apparently my antivirus and antispyware programs can't either. Is
there a way to get access?

I think restores points are stored there.

That's correct. That's where restore points are saved.

Any form of malware--whether spyware, virus, or anything else--in a
restore point is completely innocuous and can do nothing at all
*unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days. Note that that alternative may keep some non-infected restore
points, but also requires care and good record-keeping to make sure
you don't accidentally restore the infected restore point.

On the other hand, you need to consider the question of how the virus
got there. It got there because your computer was infected elsewhere,
and went into the restore point while it was infected. So unless
you've already removed the virus from outside of the restore point,
you can't have a virus that's *only* in a restore point.

 

[Bobbi]

Thanks. I think I understand.
Bobbi

That's correct. That's where restore points are saved.

Any form of malware--whether spyware, virus, or anything else--in a
restore point is completely innocuous and can do nothing at all
*unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days. Note that that alternative may keep some non-infected restore
points, but also requires care and good record-keeping to make sure
you don't accidentally restore the infected restore point.

On the other hand, you need to consider the question of how the virus
got there. It got there because your computer was infected elsewhere,
and went into the restore point while it was infected. So unless
you've already removed the virus from outside of the restore point,
you can't have a virus that's *only* in a restore point.

 

[Ken Blake, MVP]

Thanks. I think I understand.

You're welcome. Glad to help.

 

[Curt Christianson]

How to take ownership of a file or folder in Windows XP
http://support.microsoft.com/kb/308421