Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to Delete: System Volume Information


  • Please log in to reply
14 replies to this topic

#1 chyrl

chyrl

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:45 PM

Posted 28 June 2009 - 04:13 AM

I'm just wondering why I can't delete the "System Volume Information". Yet isn't it that you can easily delete these folder by just unchecking the hide button on the file option.

I've tried opening the folder by using "cacls" on CMD. All folders and files are easily remove except for one file name "change.log". This "change.log" bothers me a lot, upon accessing the file I started to notice that it increase it file size by 1b/second.

Can anyone have suggestions on how could I remove this folder? This may seemed new but this thing bothers me a lot and now I suspected this folder a reason why my computers' network and performance are malfunctioning.
Data is everywhere to find. So as every byte means a lot to the society.

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 28 June 2009 - 04:27 AM

Have you tried just turning off system restore?

That should delete all the contents of the folder, including the change log

Btw, that file should not be effecting anything on your system.

If you deleted the files in SVI that file should have been deleted too.

Is it only the change file in the most recent restore point you are having trouble deleting?

Edited by Stang777, 28 June 2009 - 04:31 AM.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 28 June 2009 - 04:28 AM

You shouldn't delete the System Volume Information folder as it is where your restore points are kept.

http://www.theeldergeek.com/system_volume_...ion_folder1.htm
http://support.microsoft.com/kb/309531
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 28 June 2009 - 04:36 AM

I was thinking the person was deleting just the files in that folder, as in to get rid of all the restore points. It is better and easier to just turn off System Restore to clear it out so I am kind of at a loss as to why this isn't being done if that is the point. Maybe I am just missing the point.

#5 chyrl

chyrl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:45 PM

Posted 30 June 2009 - 10:58 AM

Unfortunately, I have installed TuneUp Utilities in my computer. To maximize the free space on my computer, I usually delete temp files and restore points. Even so, I've also tried using System Restore point, it didn't also work.

May I ask a question? Isn't that System Volume Information could be remove by simply "Shift+Delete" key?
Data is everywhere to find. So as every byte means a lot to the society.

#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:45 PM

Posted 30 June 2009 - 11:43 AM

Five easy steps:

1. Turn off System Restore from System Properties (Press Windows Key + Pause)
2. Stop and Disable System Restore service (StartMenu ->Run ->services.msc)
3. Take ownership of "System Volume Information". (Right click on folder -> Properties -> Security -> Add. Then add your username.)
4. Clear read only attribute from the folder and sub-items.
5. Delete it


BTW: As soon as you delete it, Windows will create a new empty folder of same name in same location. So its futile job.

#7 joseibarra

joseibarra

  • Members
  • 1,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:45 PM

Posted 30 June 2009 - 12:09 PM

You can achieve your goals of deleting the stuff (until it gets automatically created again), but you are trying to override a built in process that is put in place to help you with problems later by jumping through the proverbial hoops (cacls, etc.) or using third party applications to help you override the built in mechanism. It just isn't natural. :thumbsup:

If you think SR is not working, or you don't like the way it works, there is some flexibility in configuration, so do you have an issue in these areas?

Once you get SR set up and working, it should silently take care of itself quite happily while protecting you at the same time.

Curiosity about how SR works is one thing (and a good thing to know about), but trying to defeat the tried and true built in mechanisms may find you needing SR some day and it might not be there for you.

SR and the folders it keeps have zero to do with your poor network and system performance. You need to look elsewhere.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#8 chyrl

chyrl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:45 PM

Posted 30 June 2009 - 02:18 PM

Unfortunately, this System Volume Information has spread over my network. Likewise, accessing the System Volume Information isn't a hard time for me. I usually use "cacls" command on the CMD. But this file bothers me why I couldn't erase the folder.

The file name is "change.log" This system creeps me as it spreads in every partition I made even freeze the partition, it still would breach in. I've tried several methods on how to terminate this System Volume Information except for one, reformatting all of my computers at once.

I would also like to add, my USB Portables are all infected with this System Volume Information bugs. So even thou I format all of my PCs, this "change.log" would still be in my PC and as well as my network.

Is there something I could do to stop this change.log on the System Volume Information?
These creeps me a lot.
Data is everywhere to find. So as every byte means a lot to the society.

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,876 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:45 PM

Posted 30 June 2009 - 03:15 PM

FWIW: http://74.125.47.132/search?q=cache:xnPEr_...=clnk&gl=us

http://en.wikipedia.org/wiki/Changelog

Louis

#10 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 01 July 2009 - 02:17 AM

Something seems funky here. The change.log file for System Volume Information should only be in the individual restore point folders in the System Volume Information folders for drives that have System Restore turned on. Usually System Restore is only for fixed drives which are hard drives. I just double checked that by putting in my usb flash drive and checked System Restoe to see if I even had the option of turning it on for that drive, I do not. Maybe you are referring to an external hard drive and if so, maybe System Restore will give the option to monitor that drive, I have no way to check that out but all you have to do is turn off the monitoring for that drive. If you turn off System Restore for any given drive and reboot, the System Volume Information folder remains but there are no restore points left in it or being made for it, therefore, there are no change.log files in the System Volume Information folder.

Have you gone into System Properties and turned off System Restore for all drives?

Are you finding that change.log file anywhere other than inside the individual restore point folders in the System Volume Information folder?

Also, just so you know, if you reformat the hard drive and reinstall Windows, you will still have the System Volume Information folder, it is part of Windows and it is a protected operating system folder. That is why you cannot delete the actual folder but you can keep it from putting anything at all in that folder just by turning off System Restore in System Properties. It is really easy to stop this thing from doing anything at all, including giving your computer a way to be restored to a previously working state should anything happen to make it not function correctly. There might still be two system files in that folder that will never change and never do anything, they are just part of the program.

I have System Restore turned on for the drive that has the operating system and it has saved me from problems my computer was having, that occurred for no reason, countless times. I have it turned off for my backup drive that does not have the op system on it as there is no need for me to have it on for that drive since it rarely changes and it in no way effects how my computer runs. On the drive that does not have System Restore turned on, there is still the System Volume Information folder but it is completely empty.

Edited by Stang777, 01 July 2009 - 02:58 AM.


#11 chyrl

chyrl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:45 PM

Posted 01 July 2009 - 02:53 AM

So it means, I have to disable my SR to me to delete the SVI?
Data is everywhere to find. So as every byte means a lot to the society.

#12 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:45 PM

Posted 01 July 2009 - 03:03 AM

Yes, BUT if you delete the entire SVI folder on the drive that has the operating system on it, it will probably only return. You do not need to delete the SVI folder to delete the change.log, you only have to turn off System Restore and reboot. If it happens to leave one restore point folder, after rebooting and leaving System Restore off, you should be able to just manually delete that folder

If you delete the individual restore point folders without turning off System Restore, then it will continue to create new restore points in seperate folders in the SVI folder and those folders will contain new change.log files.

BTW, would you mind answering the questions I asked in my previous post please?

Edited by Stang777, 01 July 2009 - 03:07 AM.


#13 infection13

infection13

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 01 July 2009 - 04:35 AM

have you tried Unlocker?

#14 joseibarra

joseibarra

  • Members
  • 1,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:45 PM

Posted 01 July 2009 - 06:48 AM

I am missing something too I think.

Along with what Stang777 said, there are may be ways to prevent the SVI folder from being created, it may be possible to disable SR in such a way that even if the SVI folder does get created automatically, that nothing (or very little) gets put in it. If that is the goal, it is probably achievable.

In the original post, regarding change.log, it was said: "upon accessing the file I started to notice that it increase it file size by 1b/second".

Can that observation be clarified (what does "accessing the file" mean) and how was it determined that the file size was changing - did you just sit there and watch it with explorer or something? Are you worried that the file will just keep growing forever if you don't do something to stop it? If files are growing and there is no explanation, that would be annoying and should be investigated, explained or fixed.

You also said: "my USB Portables are all infected with this System Volume Information bugs". Describe the nature of the infection. Do you think the portable drive are infected just because they have a SVI folder?

The drives have a SVI folder because SR is turned on for those drives. If you don't like it, turn it off, empty the folder and accept that you might still have a SVI folder on reboot, but nothing in it.

So far, I can't understand the description of any SR bugs that are verifiable, only some observations we need to understand, explain or fix.

I observe in my RP folders, there is a change.log (or a couple change.log.N files) but as far as I can tell, once a new RP is created in a new folder, the old ones in the previous SR folder are finished and the contents don't change anymore (I think). Not all of the files have the same date/time as the creation of the RP and sometimes the one of the chang.log files is later than actual the creation time of the RP which is peculiar in a way, but doesn't seem to be causing any issues.


So, it is not too hard to defeat the purpose of SR by turning it off, deleting the old files/folders, but you may be stuck with an empty SVI folder(s), but there are probably ways to get rid if that too if it is bothersome. We know that SR can be turned off on any and all drives or only work on your boot drive or just turn it off all together.

If you think you are having some abnormal behavior in your SVI folders, that needs to be determined by supplying more information to help understand why you feel that way and what you are seeing. Accumulated RPs also have a configurable maximum capacity before the old ones start to get overwritten.

If you think SR is causing you some other system problems, what are the symptoms of the problems you are having and why do you think they are related to SR? If you disable SR, do your problems go away?

Edited by joseibarra, 01 July 2009 - 06:58 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#15 chyrl

chyrl
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:45 PM

Posted 02 July 2009 - 12:12 PM

I would like to correct the misunderstanding in this thread. I'm just curious of what the SVI's purpose on the OS really is. Anyways, I would like to thank the persons who replied in this thread. I main reason why I've posted this thread is because my computers got infected with a .reg worm virus. My suspections on the SVI was wrong. I've tried already scanning my computers during safe mode using clamWin and I've confirmed that my computers was infected with the hacker.vbs virus program.

Stang777:

Have you gone into System Properties and turned off System Restore for all drives?

Are you finding that change.log file anywhere other than inside the individual restore point folders in the System Volume Information folder?

joseibarra:

If you think SR is causing you some other system problems, what are the symptoms of the problems you are having and why do you think they are related to SR? If you disable SR, do your problems go away?


Actuallly, I was to try it on my computers when I will be back on the duty soon. I'll give you a feedback on it ASAP.

infection13:

have you tried Unlocker?


Never tried it yet. What is this purpose of the unlocker anyways?

joseibarra:

In the original post, regarding change.log, it was said: "upon accessing the file I started to notice that it increase it file size by 1b/second".


I stand corrected on my previous posts, I monitoring the size of the change.log file and it happens to increase it file size by 1byte/second. Maybe because I never updated my OS to date.

joseibarra:

You also said: "my USB Portables are all infected with this System Volume Information bugs". Describe the nature of the infection. Do you think the portable drive are infected just because they have a SVI folder?


I've just later found out that SVI wasn't the bug or reason of breakdowns of my computers. It was the hackers.vbs program that breached our firewall. I wasn't aware of the process of the SVI that's why I suspected it in which later was wrong.
Data is everywhere to find. So as every byte means a lot to the society.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users