virus in system volume information

[Lou C]

Every once and a while a box will pop up from AVG
Resident Shield that says, Virus Trojan horse Dialer is
found in the file c:\System Volume Information\_restore-
BDEDED9E....YADA YADA\RP137\A0040009.exe.
It says to run AVG for windows to remove it, but when I
do, avg says there is nothing to remove. I try to go to
the folder itself and after having to unhide it, it says
that, C:}System Volume Information is not accessible.
Access is denied.
I then went to the microsoft knowledge base and found how
to make the folder accessable... it says to go to the
start, my computer, tools, folder options, view, show
hidden files and folders, clear the high protected...and
so on. It then says to go back to the folder, right
click it and click properties. Then here is the problem,
it then says click the Security tab....there is no
security tab. There are three tabs, General, Sharing and
Customize....no Security.

So my question....how do I access that folder to get rid
of that file. In fact, when right clicking the folder
and doing properties, it says there are 0 bytes, 0 Files,
0 Folders. So how do I get rid of the virus file if
there is no way to find it, or even see it to make sure
it even exists???
Thanks,
Lou..

 

[Carey Frisch [MVP]]

You'll need to turn-off System Restore, reboot, then turn it back on.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------


| Every once and a while a box will pop up from AVG
| Resident Shield that says, Virus Trojan horse Dialer is
| found in the file c:\System Volume Information\_restore-
| BDEDED9E....YADA YADA\RP137\A0040009.exe.
| It says to run AVG for windows to remove it, but when I
| do, avg says there is nothing to remove. I try to go to
| the folder itself and after having to unhide it, it says
| that, C:}System Volume Information is not accessible.
| Access is denied.
| I then went to the microsoft knowledge base and found how
| to make the folder accessable... it says to go to the
| start, my computer, tools, folder options, view, show
| hidden files and folders, clear the high protected...and
| so on. It then says to go back to the folder, right
| click it and click properties. Then here is the problem,
| it then says click the Security tab....there is no
| security tab. There are three tabs, General, Sharing and
| Customize....no Security.
|
| So my question....how do I access that folder to get rid
| of that file. In fact, when right clicking the folder
| and doing properties, it says there are 0 bytes, 0 Files,
| 0 Folders. So how do I get rid of the virus file if
| there is no way to find it, or even see it to make sure
| it even exists???
| Thanks,
| Lou..

 

[Bruce Chambers]

Greetings --

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, then
re-enable System Restore, and reboot one last time. This will delete
all of your Restore Points, including the corrupted one(s), and allow
you start with a clean slate.

However, if you have Restore Points that you'd really rather not
lose, and know which one is corrupted, very carefully try this:

How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH