Virus stuck in "System Volume Information"

  • Thread starter Hansel & Gretel Motel
  • Start date
H

Hansel & Gretel Motel

Over the last few months I have picked up a number of viruses that AVG has
removed for me but I get pop ups occationally that say there is an infected
file in "System Volume Information". It has the same file name as the
original infection but it does seem to be gone from the hard drive and
running AVG doesn't find any new virus.

Anyone know what's happening and how I can remove the file from "System
Volume Information"?
 
J

Jupiter Jones [MVP]

System Volume Information is the system Restore data.
Turn off/on System Restore to delete corrupted files:
Start/All Programs/Accessories/System Tools/System Restore.
Click System Restore Settings on left side.
Check "Turn off System Restore", click OK, follow prompts and reboot.
This deletes ALL Restore Points including corruption.
Then go back and turn on system Restore and create a Restore Point.
 
T

Ted Zieglar aka Rocky

System Volume Information contains your restore points. Antivirus software
does not remove viruses from restore points. Your only recourse is to erase
all restore points and start over.

To do this, turn off System Restore on all drives and reboot. After the
computer starts again, turn on System Restore.

Ted Zieglar
 
W

Will Denny

Hi

You will need to stop/start System Restore - this will also delete all
existing checkpoints:

Right click on My Computer, select Properties and then the System Restore
tab. Enable 'Turn off System Restore on all drives' and click Apply>OK.
Then reboot your PC. After that first reboot go back into System Restore,
disable 'Turn off System Restore on all drives' and click Apply>OK. Then
reboot your PC again. After this second reboot the virus would have been
deleted and you will have a newly created checkpoint.
 
H

Hansel & Gretel Motel

Thank you for that info, it's much appreciated. I still have another problem
I can't figure out. Whenever I fire up the computer or someone else logs on
IE automatically runs c:\staff.html. I have deleted that file and a few
others like x.bat from the root folder but every time I log on those files
reapear. I have run AVG and add aware but they don't find any problems. The
startup folder is empty and win.ini and system.ini are nut running anything
(unless they are being modified when I'm not looking). Staff.html is being
run by x.bat along with regedit /s. Some .reg file is setting a lot of dword
entries to 00000000.

I have looked but can't find a way to fix it, or even understand what is
happening. Any ideas?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus in System Volume Information folder 3
system volume information virus 1
System Volume Information = virus W32\Nachi.worm? 2
virus in System Volume Information folder 2
I worm netsky 3
Virus detected in System Volume Information 3
Virus in System volume information 3
System Restore Virus-Help!!!! 3

Top