System Volumn Information file?

Discussion in 'Windows Desktop Systems' started by Illegal_Ops, Mar 11, 2003.

  1. Illegal_Ops

    Illegal_Ops Guest

    Hi, i am using AVG anti virus program. Then suddenly it prompt that there is a virus WIN32\Hantaner virus in
    C:\System Volume Information\restore{9754C57E-A396-4047-9FFA-DB896A1A6AC3}\RP401\A0014078.exe (see attached)

    however when i run a anti virus scan, i could not find the virus, and also i can't find the folder as well. Why is it so? Please help, thanks
     
  2. jroc

    jroc Guest

    What has happened...is you have restore active...and a virus that you had...has been stored in one of your restore options...so unless you delete that particular restore...or let AVP remove it...and and if you decide to restore..using that Date..then you will also be restoring that Virus......System Volume is where the restores are saved.
     
  3. Illegal_Ops

    Illegal_Ops Guest

    Cleanmgr.exe? I could not find it when i run it. Is it part of Win XP application, or is a extra application to download. I have already disable the system restore and restart it.
     
  4. Shamus MacNoob

    Shamus MacNoob Moderator Political User

    Messages:
    4,199
    Location:
    L'Ile Perrot Quebec
    Why would your virus scanner allow a virus to be backed up is a question I would be asking myself, Turn off system restore, and flush the system volume information folders off all drives, empty the recycle bin, reboot , restart system restore, and make a new restore point. But if I were you I would find a virus scanner that was a little better, seems to me if you have a virus that means your virus scanner missed it, I have never ever had a virus land on my harddrives and that going back as far as windows 95, Sure I seen a virus trying to find a seat but it was intercepted as soon as the file was touched ..it was in kazza and as soon as the download started Nortons said naw we dont need this with a nice pop up in my face and there was no way for that file to even enter my computer let alone be stored << LOL too funny to reinfect me later ... so after all that said you need a virus scanner that scans on open, close, move, copy, paste, meaning a live scanner one that is working realtime ... I have not tried AVG<< but I would think it is a realtime scan ...if not find a better virus scanner ...
     
  5. Shamus MacNoob

    Shamus MacNoob Moderator Political User

    Messages:
    4,199
    Location:
    L'Ile Perrot Quebec

    When you right click on your c drive /properties / disc cleanup / the more options tab, remove old restore points is there ...but if the one your talking about is the only one you have ...do what I said and turn off the restore and delete the folders ...they will come back when you restart system restore ....
     
  6. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Perhaps a bit late for this problem today - but hopefully will provide for future reference. Keep in mind although this is referring to NAV - the Symantec Security Virus Scan referenced is free and will work as a second opinion to tell you if it was a false trigger or not.


    Situation:
    You have Norton AntiVirus (NAV) installed. When you scan the computer, NAV does not detect anything. However, when you run a virus scan from the Symantec Security Check Web site http://security.symantec.com/ssc/vc_about.asp?langid=ie&venid=sym&plfid=23&pkj=MMQNOOTGUSDJNRNJWDJ, a virus is detected in one of the following folders:
    For Windows Me:
    C:\_RESTORE
    For Windows XP:
    System Volume Information

    Solution:
    One of the new features of Windows Me and Windows XP is System Restore. This feature, which is enabled by default, is used by Windows to restore files on your computer in case they become damaged. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System Volume Information folder. These folders are updated when the computer restarts.

    If the computer was previously infected with a virus, then it is possible that the virus was backed up in the _RESTORE or System Volume Information folder. Files in the System Restore folder cannot infect the computer unless the computer is restored to an infected restore date. Because of this, NAV excludes the _RESTORE and System Volume Information folders from scanning by default.

    NOTE: Even though the System Restore folders are excluded, your computer is still protected by Auto-Protect if for some reason the infected files are ever restored. If that should happen, Auto-Protect will automatically detect and repair the infected files.

    The Symantec Security Check Web site virus scan does not exclude the System Restore folders. Because of this, the scan will detect any viruses in those folders. If that happens, then follow these steps to make sure that NAV is optimally configured and then scan again with NAV to make sure that no other files except files in the System Restore folder are infected.

    1. Start NAV.
    2. Run LiveUpdate and download the latest virus definitions.
    3. Follow the steps in the document How to configure Norton AntiVirus to scan all files to make sure that the program is configured to scan all the files.
    4. Run a full system scan.

    If NAV does not detect anything, then you have the following options:

    - Leave the computer as it is. The infected file or files will not infect the computer unless you restore the system to the date that includes the infected file or files. Even if you do restore the computer to the date that includes the infected file or files, then NAV Auto-Protect will detect and repair them during the restore process.
    - Follow the steps in the document Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder to disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System Volume Information folder.

    NOTE: All Restore points will be lost when you disable System Restore.
     
  7. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    :eek: bump:eek:

    I guess I posted this for my health - no one sees/comments on!

    Oh well - :huh: :huh:
     
  8. Friend of Bill

    Friend of Bill What, me worry?

    Messages:
    1,572
    Although not infected, and System Restore has been disabled, nice post!:)
     
  9. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Hey SnookBooger - thanx - glad someone is awake!;)
     
  10. RaWShadow

    RaWShadow Guest

    You can take owner ship of the folders so you can access them and delete whatevers in em. You will need to disable simple file sharing first.