Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird System Info Folder


  • Please log in to reply
3 replies to this topic

#1 OldNick

OldNick

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 26 February 2008 - 11:02 PM

I recently had a virus picked by my virus checkers(s). I have AVG AV as resident, but scan using Comodo F/W's virus portion.

Both said that the offending file was in the System Volume Information folder.

I am denied access to that folder, although obviously the virus checkers were not. I checked on the wbe and followed the ways to gain access to the folder, but they failed.

In the end I used AVG's AV to delete the virus files, not just quarantine them.

I then used Western Digital's Data Lifeguard tools to copy the entire disk to another disk. It failed to be able to copy the System Volume Information files. IT said that these were probably not critical, as Windows would rebuild the files.

So that's one way to get rid of the virus! <G>.

However, although I have asked to Show Hidden Files and Folders and to allow access to system files, I still cannot get in, and neither could Data Tools, which seems weird.

Where to from here? Has the virus placed some sort of lock on the folder?

Thanks for any help

Nick

Here is the virus info BTW. As I say, the file no longer exists. However it may pop up again. I am not sure if this file is the "parent" or the "child"

Object name A0276161.exe
Object path C:\System Volume Information\_restore{8A14A32E-494D-466B-9FC9-B29C23AF1CE4}\RP409\

Discovery Trojan horse Generic5.VTJ
Date of detection 2/21/2008 5:34:20 PM

Source computer PSYZYGY
Finder Nick

File size 34.5 KB (35328 bytes)
Healable No

Source Moved object
Status Infected

Edited by OldNick, 26 February 2008 - 11:07 PM.


BC AdBot (Login to Remove)

 


m

#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:08:58 PM

Posted 26 February 2008 - 11:26 PM

Hi OldNick :flowers:
You are denied access to that folder and so is your AV. The System Volume Information folder is protected by windows. The virus hasn't done anything it just got backed up by system restore. To be on the safe side you might like to set a new restore point and then run disk cleanup, click on the more options tab at the top and select clean up under system restore.

Hope that helps! :thumbsup:
-BTW to get into the folder copy C:\System Volume Information\_restore{8A14A32E-494D-466B-9FC9-B29C23AF1CE4}\ into the address bar in explorer.

Edited by Tomo2, 26 February 2008 - 11:28 PM.

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:58 AM

Posted 27 February 2008 - 08:36 AM

The usual way to clean viruses out of the System Restore Points is to turn off System Restore and reboot. That will delete all System Restore points. Then you can turn it back on and make a new, uninfected restore point.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:58 AM

Posted 27 February 2008 - 07:06 PM

The fact that malware can be in SR files...is a major reason many suggest temporarily turning off SR...when known users are attempting to eliminate malware on their systems.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users