virus in system volume information

[Lou]

Every once and a while a box will pop up from AVG
Resident Shield that says, Virus Trojan horse Dialer is
found in the file c:\System Volume Information\_restore-
BDEDED9E....YADA YADA\RP137\A0040009.exe.
It says to run AVG for windows to remove it, but when I
do, avg says there is nothing to remove. I try to go to
the folder itself and after having to unhide it, it says
that, C:}System Volume Information is not accessible.
Access is denied.
I then went to the microsoft knowledge base and found how
to make the folder accessable... it says to go to the
start, my computer, tools, folder options, view, show
hidden files and folders, clear the high protected...and
so on. It then says to go back to the folder, right
click it and click properties. Then here is the problem,
it then says click the Security tab....there is no
security tab. There are three tabs, General, Sharing and
Customize....no Security.

So my question....how do I access that folder to get rid
of that file. In fact, when right clicking the folder
and doing properties, it says there are 0 bytes, 0 Files,
0 Folders. So how do I get rid of the virus file if
there is no way to find it, or even see it to make sure
it even exists???
Thanks,
Lou..

 

[Leonard Severt [MSFT]]

Every once and a while a box will pop up from AVG
Resident Shield that says, Virus Trojan horse Dialer is
found in the file c:\System Volume Information\_restore-
BDEDED9E....YADA YADA\RP137\A0040009.exe.
It says to run AVG for windows to remove it, but when I
do, avg says there is nothing to remove. I try to go to
the folder itself and after having to unhide it, it says
that, C:}System Volume Information is not accessible.
Access is denied.
I then went to the microsoft knowledge base and found how
to make the folder accessable... it says to go to the
start, my computer, tools, folder options, view, show
hidden files and folders, clear the high protected...and
so on. It then says to go back to the folder, right
click it and click properties. Then here is the problem,
it then says click the Security tab....there is no
security tab. There are three tabs, General, Sharing and
Customize....no Security.

So my question....how do I access that folder to get rid
of that file. In fact, when right clicking the folder
and doing properties, it says there are 0 bytes, 0 Files,
0 Folders. So how do I get rid of the virus file if
there is no way to find it, or even see it to make sure
it even exists???
Thanks,
Lou..

The virus is in a System Restore point. The easiest thing to do is
delete all your restore points.

Leonard Severt

Windows 2000 Server Setup Team

 

[Lou]

How do you delete all your restore points???

-----Original Message-----


The virus is in a System Restore point. The easiest thing to do is
delete all your restore points.

Leonard Severt

Windows 2000 Server Setup Team

 

[Steve Nielsen]

You need to Turn off System Restore:

Right click My Computer
Click System Restore tab
Checkmark Turn off System Restore

Run your a/v scan to clean up any infections (make sure your a/v is uup
to date)

Then go back and turn System Restore back on.

Steve

 

[Ramesh [MVP]]

Lou,

Turning off the System Restore monitoring will clear all your restore points.

Start/Run and type Sysdm.cpl
System Restore tab > Turn off system restore.....

 

[Bruce Chambers]

Greetings --

To clear viruses from the "System Volume Information," simply turn
off the System Restore feature (Start > All Programs > Accessories >
System Tools > System Restore, System Restore Settings), reboot, then
re-enable System Restore, and reboot one last time. This will delete
all of your Restore Points, including the corrupted one(s), and allow
you start with a clean slate.

However, if you have Restore Points that you'd really rather not
lose, and know which one is corrupted, very carefully try this:

How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH