Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hang up when they encounter: C://system volume information/tracking.log


  • Please log in to reply
16 replies to this topic

#1 jkeith9

jkeith9

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 August 2007 - 12:21 AM

I have had the same problem with various virus scanners and spybot type programs. All of these programs (AVG,Bit Defender,Avast,Spy Doctor etc.) hang up when they encounter: C://system volume information/tracking.log.
I have read many web posts on how to access the folder. I have access to system volume information. I have disabled system restore, re-booted etc. Still, all these programs hang up when they encounter this folder and it's contents.
Please help!
Thanks.


Split from "Corrupt System\volume Information\tracking.log, Cannot restore, antispyware and antivirus scans hang". ~acklan~

Edited by acklan, 24 August 2007 - 01:34 AM.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:29 AM

Posted 24 August 2007 - 02:13 AM

Hi jkeith9 and welcome to BleepingComputer.

Have you tried running you scans in safe mode?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:29 AM

Posted 24 August 2007 - 07:09 AM

Is this an accurate location: C://system volume information/tracking.log

Are they all uncapitalized?
If so, the double //'s would indicate that there's a problem with the address for the file (they use \ instead of / )
Also, if they are doubled ( \\ ) then that's another problem - or if they're doubled with a space between them ( \ \ )

Let us know - this may be a virus attempting to hide itself in a file/folder that's similar to what's already on your system.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 jkeith9

jkeith9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 25 August 2007 - 09:37 PM

Sorry, that's my mistake. It's just the folder in the root of C drive: "system volume information" and the file inside, "tracking.log" .

#5 jkeith9

jkeith9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 25 August 2007 - 09:38 PM

Hi jkeith9 and welcome to BleepingComputer.

Have you tried running you scans in safe mode?


Will do, thanks.

#6 jkeith9

jkeith9
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 27 August 2007 - 01:12 AM

I was able to scan the System Volume Information folder in safe mode with AVG free. No virus. This is nice to know but was never my real concern. The problem, just to be clear on this, is that all of the security programs that I have tried hang-up (stop working and just sit there) when they get to this folder. And none of them will abort properly. So as of now the only way I can do a complete scan is to go to safe mode I guess. The programs I've tried (all free versions) are AVG, Bitdefender, Avast, Spyware Doctor and more. AVG hangs when it gets to: System Volume Information/*.*
(That's from my memory so may not be exactly accurate syntax.) This is when doing a scheduled scan of the whole drive or a selective scan of just that folder.
I have set permissions for the folder so that I can access it from XP pro, no problem. I've turned off system restore.
I think that one of the programs showed System Volume Information/tracking.log when it got hung up.
Also, tracking.log will not let me go near it. I can left click once to highlight it, but a right click (to try to check properties) just leads to another endless hang-up with a never ending hourglass. I tried deleting the folder and rebooting with no luck. So, what's next? :thumbsup: Thanks to all.

#7 Wojtek_kurnik

Wojtek_kurnik

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 09 January 2008 - 11:51 AM

Hi, there. Jkeith, have you found a solution for this problem? If not, let me know. I faced the problem and found an ultimate solution.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 09 January 2008 - 03:39 PM

Some discussion with AVG Forum Moderator ref: System Volume Information Stall

The System Volume Information Folder (SVI) is a part of System Restore, the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is where XP stores System Restore points and other information such as:
  • Distributed Link Tracking Service databases for repairing your shortcuts and linked documents;
  • Content Indexing Service databases for fast file searches;
  • Information used by the Volume Shadow Copy Service (also known as "Volume Snapshot") so you can back up files on a live system;
  • Efs0.log files created by the Encrypting File System (EFS) generated during the encryption and decryption process.
System Restore contains configuration, settings and files that are necessary for your computer to run correctly. This includes:
  • registry configuration information for application, user, and operating system settings;
  • Windows File Protection files in the dllscache folder;
  • COM+ Database; Windows Management Instrumentation Database;
  • IIS Metabase configuration;
  • Files with extensions listed in the Monitored File Extensions list and Local Profiles.
The SVI folder is located on the root of each partition or drive. Inside the SVI folder there is a sub-folder named "_restore{75FEF8DD-9121-4963-A5E8-46DB4BB6F162}". <- the CSLID will vary
and usually two files:
MountPointManagerRemoteDatabase <- 0 byte system file associated with Dynamic Disks/Volumes
tracking.log <- maintenance information stored by the DLT Client service

Inside the sub-folder _restore, there will be another directory called snapshot where you will find a complete registry dumping including a file called _REGISTRY_MACHINE_SAM which is the SAM file for the machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Wojtek_kurnik

Wojtek_kurnik

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 09 January 2008 - 11:11 PM

In this case tracking.log, is either infected or is a bug itself. If it blocks any scan, incl. defrag and antivirus-antispyware scans. There is a way to neutralize it. I know the way.
Wojtek

Edited by rigel, 10 January 2008 - 07:35 AM.
Mod edit: Email address removed ~ rigel


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 10 January 2008 - 09:56 AM

In this case tracking.log, is either infected or is a bug itself

And how Wojtek_kurnik can you be so sure of such a conclusion?

The Distributed Link Tracking Client service monitors activity on NTFS volumes and stores maintenance information in a file called Tracking.log, which is located in a hidden folder called System Volume Information at the root of each volume...If the Distributed Link Tracking Client service is stopped, the links on your computer will not be maintained or tracked.

How NTFS Works - Distributed Link Tracking
An overview of Distributed Link Tracking

If you do a Google search on scan hangs on tracking.log, you will find many similar reports about this issue involving various causes and possible solutions. Are all these folks complaining about "hanging scans" infected too?

I'm always interested in learning, so if you can provide evidence of an infected tracking.log on someone else's computer, I'd certainly like to see it and broaden my awareness.

Edited by quietman7, 10 January 2008 - 09:59 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Wojtek_kurnik

Wojtek_kurnik

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 10 January 2008 - 11:18 AM

bleepin' Janitor, here is my answer. Forgive me any language mistakes. I am from abroad.

My computer worked perfectly. Suddenly my virus scanner stopped when reading tracking.log. I tried to use on-line scanners (kaspersky, bitdefender, etc.). Back to square one.

I used Google browser to find a solution. Entered millions of forums. I didn't find anything that would effectively solve the problem. What did I do? I changed settings in my Windows Explorer to be able to view system files. Then I entered cacls command for every partition to be able to edit/delete them. Well, deleting tracking.log from System Volume Information for each partition didn't help, as after computer restart the file was back again and symptoms were the same. Therefore, in safe mode, I edited the tracking.log files in System Volume Information folder (for each partition seperately), removed in Note Pad every single sign (nulled the contents) - just in case, did "rewrite" and in file properties I totally blocked any access to the file. Now everything works fine. HD is being scanned fully, no problems with system restore points.

My conclusion: Maybe tracking.log is a part of Windows System, I don't know that, but mine was evidently infected or it was replaced by a malicious bug. My system works perfectly now with empty tracking.log file and with a full blockade on access to it.

Regards,

Wojtek

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 10 January 2008 - 03:22 PM

I used Google browser to find a solution. Entered millions of forums. I didn't
find anything that would effectively solve the problem.

That's because there is no "one size fits all" solution. This 'hanging' issue seems to be common with many scanners as evident by the amount of complaints in the Google search links and various suggestions to resolve it.

My conclusion: Maybe tracking.log is a part of Windows System, I don't know
that, but mine was evidently infected or it was replaced by a malicious bug

That is speculation which is formed by conjecturing with little hard evidence rather than a conclusion which necessitates a proposition be arrived at by logical reasoning. You may have arrived at a solution but offered no real evidence to support that the issue was caused by a "malware infected" tracking.log.

However, there is evidence that a tracking.log can become corrupted as explained in EventID: 12503.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Wojtek_kurnik

Wojtek_kurnik

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 10 January 2008 - 07:49 PM

Quiteman7, what is this all about?
This problem has been reported in various forums. This happens when something (malware) attacks tracking.log Are you a dfender of Windows System? I have written my comments. Is this not obvious to you?

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:29 AM

Posted 11 January 2008 - 12:05 AM

jkeith9, I hope you are following along here as I've been researching this issue for your benefit too.

Wojtek_kurnik, I think you are confusing what your reading with the fact that some malware can be backed up into System Restore Points. While that is true, it does not result in the "hang" issue described in this thread or others I have researched. I can find no evidence of malware being related to the tracking.log causing scanners to hang.

AntiVir PersonalEdition Support Forum -> issue resolved after adding the file "C:\System Volume Information\tracking.log" to the exceptions list for the scanner.

AntiVir PersonalEdition Support Forum -> issue appears related to Zone Alarm's file system filter from Kaspersky Labs ("KLIF.sys"), that seems to interfere with AntiVir and causes the hang at tracking.log.

AntiVir PersonalEdition Support Forum -> issue appears related to Zone Alarm's file system filter from Kaspersky Labs ("KLIF.sys"), that seems to interfere with AntiVir and causes the hang at tracking.log. HijackThis log checked and no malware found.

ZoneAlarm User Forum -> issue resolved after excluded the SVI folder from scanning. The folder C:\System Volume Information has access denied as a default setting when System Restore is enabled so Zone Alarm was hanging during its scan.

Kaspersky Lab Forum -> unable to resolve issue; no evidence caused by malware.
AVG Forum -> issue resolved for some; problem related to Zone Alarm
AVG Forum -> issue resolved; problem related to Zone Alarm
AVG Forum -> issue possibly caused by external drive
AVG Forum -> issue resolved after trying multiple suggestions
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Wojtek_kurnik

Wojtek_kurnik

  • Banned
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 PM

Posted 11 January 2008 - 08:24 AM

Well, in my case uninstalling Zone Alarm didn't help.
Another thing is, that disabling SVI from being scanned can lead to a situation, that possible other malware located i this directory would not be detected by antimalware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users