Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Volume Information


  • Please log in to reply
5 replies to this topic

#1 notinfallible

notinfallible

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:08:22 AM

Posted 01 February 2012 - 11:23 PM

I am wondering what some of these files in the "system volume information" folder are.



chkdsk (this is actually a folder)
6373773drv.isw
mdllog.dat
MountPointManagementRemoteDatabase
tracking.log




I saw these and got suspicious. Anyone know what they are?

Edited by notinfallible, 01 February 2012 - 11:27 PM.

The most important thing in communication is to hear what isn't being said.

BC AdBot (Login to Remove)

 


#2 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:08:22 AM

Posted 01 February 2012 - 11:33 PM

Sorry about the vagueness of my question, I've just never seen these before. I know what chkdsk is, I have never seen a folder named chkdsk though.
The most important thing in communication is to hear what isn't being said.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 01 February 2012 - 11:37 PM

Hello, these look like they belonged to KIS (Kaspersky Intenet Security).

This data is in your System Restore files.

The System Volume Information Folder (SVI) is a part of System Restore, the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is where XP stores System Restore points and other information such as:
  • Distributed Link Tracking Service databases for repairing your shortcuts and linked documents;
  • Content Indexing Service databases for fast file searches;
  • Information used by the Volume Shadow Copy Service (also known as "Volume Snapshot") so you can back up files on a live system;
  • Efs0.log files created by the Encrypting File System (EFS) generated during the encryption and decryption process.
System Restore contains configuration, settings and files that are necessary for your computer to run correctly. This includes:
  • registry configuration information for application, user, and operating system settings;
  • Windows File Protection files in the dllscache folder;
  • COM+ Database; Windows Management Instrumentation Database;
  • IIS Metabase configuration;
  • Files with extensions listed in the Monitored File Extensions list and Local Profiles.
The SVI folder is located on the root of each partition or drive. Inside the SVI folder there is a sub-folder named "_restore{75FEF8DD-9121-4963-A5E8-46DB4BB6F162}". <- the CSLID will vary
and usually two files:
MountPointManagerRemoteDatabase <- 0 byte system file associated with Dynamic Disks/Volumes
tracking.log <- maintenance information stored by the DLT Client service

Inside the sub-folder _restore, there will be another directory called snapshot where you will find a complete registry dumping including a file called _REGISTRY_MACHINE_SAM which is the SAM file for the machine.


If you want to remove them, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Edited by boopme, 01 February 2012 - 11:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:08:22 AM

Posted 01 February 2012 - 11:39 PM

So, it seems, I am good to go.

Thank you for your response. I was just going screen capture it, in case that would help.
The most important thing in communication is to hear what isn't being said.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,326 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 01 February 2012 - 11:44 PM

Yes its not malware,so you are OK..
If you are not having any pc issues,you may still want to Create the point as it will clear all the restore points and free up space.

Have a great day.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:08:22 AM

Posted 01 February 2012 - 11:45 PM

Crap.... I have to leave, but I will be back later tonight. I thought I was home for the night, but something came up. Thank you for you help. I appreciate it.
The most important thing in communication is to hear what isn't being said.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users