Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan in System Volume Information


  • Please log in to reply
4 replies to this topic

#1 xEnvious

xEnvious

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 17 December 2008 - 01:44 PM

Hello.

I have NOD32 as real time and I use Antivir to do SCANS only (I don't use the real time protection). I hope that's fine? But, I do understand that running two AVs is no good so please don't flame me. :x

So I scanned my computer with Antivir and it detects a trojan in my System Volume Information (SVI) folder. I delete the file anyways and there is no information about that specific trojan.
So, I google a bit around and tried to open the folder but access is denied and there are 0 bytes in the folder.

Therefore, I have a few questions:
Would anyone know what is up with this?
Could it be a false positive since NOD32 never picked up a detection?
Would it also be safer to just clean all old system restore points and turn it back on again?

Thanks to anyone who can help!

BC AdBot (Login to Remove)

 


#2 oneup

oneup

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 17 December 2008 - 07:55 PM

I think system volume information is system restore (I think), so if you have that disabled, then it would be empty, and viruses like to hang out there because when you restore back ,they are still there.

You can have as many antivirus programs as you want, as long as you only have one real time. I have avast and ClamWin, and no problems (except avast scans everything that clamwin scans right after it)

If you get rid of your restore points, they won't be there. That would not be a bad idea to clean them out, but make sure you have atleast one, incase you screw something up. System restore is great, and the virus makers know that.
Posted Image

#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:12:42 AM

Posted 17 December 2008 - 08:17 PM

System Volume Information is a part of System Restore.

Normally, two antiviruses can cause problems because of its realtime protection, as oneup has said. Not sure what happens if you have one on realtime and the other off if there are still resources being taken up. Really, I prefer to only have one AV on a computer layered with multiple Antispyware/malware programs as you can have multiples of those programs (so long as they don't have any conflicting issues).

Other than the System Volume Information, do you have any issues that you need help with?

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 xEnvious

xEnvious
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 17 December 2008 - 09:55 PM

Thanks oneup and scff249 for the replies.

I ran another scan on my computer and it seems AntiVir has deleted the pest or whatever it may have been.
But, I would like to ask one thing: when I see what my AntiVir is scanning, it shows that it's scanning files in System Volume Information folder. However, when I cover my mouse over it, it says it's 0 bytes and I can't seem to "open" it.

Edited by xEnvious, 17 December 2008 - 09:55 PM.


#5 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:12:42 AM

Posted 18 December 2008 - 12:34 AM

Sorry, it's not something I'm familiar with quite much :thumbsup: I'm just around to help with small prelim and cleanup around the site (as well as maybe some random things), so it being 0 bytes is something I don't know about.

I do know, from what I can pick up from research, that the reason why you can't open it is because of a permissions thing. At least I think from the sounds of it. I'm not sure where to find how to enable it, but I can try to look around for a bit if you'd like.

Let's just make a fresh restore point just to be sure.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Tips to protect yourself against malware and reduce the potential for re-infection:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

Edited by scff249, 18 December 2008 - 08:30 AM.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users