Virus in System Volume Information Folder

[Kieron Capehorn]

My virus checker tells me I have a trojan horse in this folder. When I run
my virus checker to check my entire computer it cannot get rid of it. Any
advice??

Thanks

 

[Will Denny]

Hi Kieron

You will need to stop/start System Restore - this will, however, delete all
existing checkpoints:

Right click on My Computer, select Properties and then the System Restore
tab. Enable 'Turn off System Restore on all drives' and click Apply>OK.
Then reboot your PC. After that first reboot go back into System Restore,
disable 'Turn off System Restore on all drives' and click Apply>OK. Then
reboot your PC again. After this second reboot the virus would have been
deleted and you will have a newly created checkpoint.

 

[MowGreen [MVP]]

Kieron,

As long as you do not use System Restore to roll the system back to
that restore point then IT CAN NOT INFECT THE SYSTEM.
That specific restore point will be replaced due to restore's FIFO
function. You CAN flush all but the most recent restore points by
utilizing Disk Cleanup from Start, Programs, Accesories, System
Tools, Disk Cleanup. Click the Advanced tab and then click the
System Restore button.
OR, you can flush the entire restore hierarchy by disabling and then
reenabling System Restore IF the restore point is fairly new and for
some reason you feel a compulsion to get rid of it.


MowGreen [MVP]
===============
*-343-* FDNY
Never Forgotten
===============

 

[CS]

My virus checker tells me I have a trojan horse in this folder. When I run
my virus checker to check my entire computer it cannot get rid of it. Any
advice??

Thanks

Turn off System Restore. Reboot. Turn on System Restore again. The
information (virus) stored in the System Volume Information Folder
will be deleted.

NOTE: All your previous restore points will likewise be deleted. But
this can not be prevented if you wish remove the virus from that
folder.

 

[Ken Blake]

In

My virus checker tells me I have a trojan horse in this folder.
When
I run my virus checker to check my entire computer it cannot
get rid
of it. Any advice??

That's the folder which contains system restore points. A virus,
worm, trojan, etc. there is completely innocuous unless you
restore the restore point it's in.

So you have three choices:

1. Delete *all* restore points by turning off System Restore,
then turning it back on.

2. Delete all restore points but the most recent (assuming that
that's not the one it's in). Go to Start | Programs |
Accessories | System Tools | Disk Cleanup. This choice is
available on the More Options tab.

3. Don't do anything, but just wait. As more restore points are
made each day, and older ones deleted, the infected one will
eventually fall of the end of the chain.

 

[Bruce Chambers]

My virus checker tells me I have a trojan horse in this folder.
When
I run my virus checker to check my entire computer it cannot get rid
of it. Any advice??

Thanks

The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH

 

[Alex Nichol]

My virus checker tells me I have a trojan horse in this folder. When I run
my virus checker to check my entire computer it cannot get rid of it. Any
advice??

That contains the restore points. The virus has been included in one of
them. It can do no harm there, unless you restore to the point
concerned. So wait for a new clean one to have been made (or go to
Start - All Programs - Accessories - System Tools - System Restore and
create one manually) then Start - All Programs - Accessories - System
Tools - Disk Cleanup and on the More Options use the button to delete
all but the more recent point - the virus will go along with the point
it is in