Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MountPointManagerRemoteDataBase


  • Please log in to reply
1 reply to this topic

#1 jimvt

jimvt

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:03:04 AM

Posted 20 November 2010 - 04:46 PM

None of my antivirus tools can remove C:\SystemVolumeInformation...............etc
which has the above file in it.

Any ideas?

It won't allow copy and paste.

JD

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 AM

Posted 20 November 2010 - 10:59 PM

The System Volume Information Folder (SVI) is a part of System Restore. This is the feature that protects your computer by creating backups (snapshots saved as restore points) of vital system configurations and files. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. System Restore is enabled by default and contains registry configuration, settings and files that are necessary for your computer to run correctly. See What's Restored when using System Restore and What's Not.

The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. If you can see that folder, then Windows has been reconfigured to show it. On drives or partitions that are not monitored by System Restore, this folder will be very small in size or completely empty, unless Encrypting File System is in use or the Indexing Service is turned on.

In addition to System Restore points, the SVI folder is where the operating system stores other important information such as:
  • Registry configuration information for application, user, and operating system settings.
  • Profiles (local only—roaming user profiles not impacted by restore).
  • Windows File Protection files in the dll cache folder.
  • COM+ Database; Windows Management Instrumentation Database.
  • IIS Metabase configuration.
  • Distributed Link Tracking (DLT) Client databases used to automatically repair and maintain links, such as Shell Shortcuts and OLE links, to files on NTFS volumes.
  • Content Indexing Service databases for fast file searches.
  • Information used by the Volume Shadow Copy Service (also known as "Volume Snapshot") so you can back up files on a live system.
  • Files with extensions listed in the Monitored File Extensions list and Local Profiles.
Inside the SVI folder there is a sub-folder named "_restore{75FEF8DD-9121-4963-A5E8-46DB4BB6F162}" (the CSLID will vary) and usually two files:
MountPointManagerRemoteDatabase <- 0 byte system file associated with Dynamic Disks/Volumes
tracking.log <- maintenance information stored by the DLT Client service which monitors activity on NTFS volumes

Inside the sub-folder _restore, there will be another directory called snapshot where you will find a complete registry dumping including a file called _REGISTRY_MACHINE_SAM which is the SAM file for the machine.

The SVI folder also stores other important information such as:
  • Tracking.log files created by the Distributed Link Tracking Service to store maintenance information.
  • Efs0.log files created by the Encrypting File System (EFS) generated during the encryption and decryption process.
  • Drivetable.txt which holds the System Restore drive letters list, and stores other configuration information such as System Restore space allocation information for each drive.
  • Sr-reg.txt which contains the System Restore registry settings.
  • Rstrlog.txt which contains the restore log file for the last completed restore.
  • Fifo.log which contains the FIFO (first in first out) restore points if there are any.
  • Rp.log or SP-RP.log which contains the list of restore points (name/type/time).
  • SR-chglog.log which contains the change log of file operations on each drive for all restore points.
  • SR-filelist.log which contains a list of all the files that were collected by Srdiag.exe.
The reason the SVI folder is protected is to prevent programs from using or manipulating the files that are inside. These files are inactive while in the data store and are not used by any utility other than System Restore. You should not be tampering with this folder. Doing so could cause problems with proper system functioning.

By design System Restore runs in the background and will automatically create a new restore point every 24 hours (system checkpoints). Restore points can also be manually created by the user at any time. When the allotted disk space is reached, the oldest restore point will be purged on a first in first out (FIFO) basis. Otherwise, restore points over 90 days are purged automatically. Restore points in the SVI folder are identified as _restore{GUID}\RP***\A00*****.xxx file(s) where the *** after RP represents a sequential number. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:

Edited by quietman7, 20 November 2010 - 11:11 PM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users