• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 15408
  • Last Modified:

C:\System Volume Information\_restore

Anytime I run a scan (ewido, AVG, /ad-ware,  really any scanner) I notice a TON of files of C:\System Volume Information\_restore followed by a lot of letters and numbers... i d/l the new WindowsDefender and ran a scan and it found some threats that none of my other scanners found, like, for example, MarketScoreRevlanevent,  something like that, and some others, the alert level on some of these was Severe, and some were high...

What are these files...?i've looked and looked for this folder where these files are and I can't find 'em, i did the "show hidden files thing" and all that, still no luck...

Also one more thing, while I wuz' runnin' Windows Defender, my AVG viurs program popped up a few times saying it detected trojans, so i cleanted them...

So what's the deal?
0
Monkeyrod
Asked:
Monkeyrod
  • 4
  • 3
  • 3
  • +4
5 Solutions
 
TolomirAdministratorCommented:
Please take a look at:

http://www.theeldergeek.com/system_volume_information_folder1.htm

In short:

If you've done much wandering around in Windows Explorer you might have noticed a folder called System Volume Information and wondered what purpose it serves. It's actually a part of System Restore; the tool that allows you to set points in time to roll back your computer. The System Volume Information folder is where XP stores these points and associated information that makes them accessible. If you have System Restore enabled but don't see this folder, go into [Tools] [Folder Options] [View] and click the radio button next to [Show Hidden Files and Folders] and it will be visible.

All information can be found there, don't want to copy& paste it complety.

Tolomir
0
 
TolomirAdministratorCommented:
This is some more information about virii residing in that folder:

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106

Norton AntiVirus detected a virus in the _RESTORE or the System volume information folder, but it cannot repair, quarantine, or delete the infected file.

Solution:
About System Restore
Windows uses System Restore to restore files on your computer in case they become damaged. System Restore is enabled by default. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System volume information folder. These folders are updated when the computer restarts. If the computer is infected with a virus, the virus could be backed up in these folders.

Repairing System Restore
By default, Windows prevents System Restore from being modified by outside programs. Because of this, any repair attempts made by Norton AntiVirus will fail. To work around this, you must disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System volume information folder. You must then run a full system scan. To do this, find your operating system in the list below and follow the steps. Click the icon to the left of your version to either expand ( ) or collapse ( ) that section. (If you cannot expand a section, then read the document Cannot expand sections in a Symantec Knowledge Base document.)

Tolomir
0
 
MonkeyrodAuthor Commented:
Ok I understand system restore (it's saved me a hundred times!), but it seems like I should delete the really old ones...is this safe??
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TolomirAdministratorCommented:
yes of cause, all you loose is the ability to restore back to those old "backups"

0
 
MonkeyrodAuthor Commented:
I cannot find the folder that system volume info. is in, I have XP Home Edition SP2...I looked at the first link you gave me and it says if you have NTFS file system you have to use msconfig and all that crap, or use safe mode...

Before I do that, where should this folder be located?
0
 
GuruGaryCommented:
I don't know of a way to selectively delete restore points.  I think you have 2 choices: Delete ALL the restore points, or delete all restore pointes except for the most current restore point.  Here are instructions:

To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the more options tab and then select Clean up in the System Restore dialog box.

To delete all the restore points on your computer, disable and re-enable system restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK.
0
 
DCreatureCommented:
These folders are usually hidden, you probably have virus / adwares in the past where your System Restore saved it together with restore data in case your computer ever need to be restored to previous state.

However, beause your restore data has those nasties, you wouldn't want to keep the previous restore data.

Basically what you have to do is to turn off System Restore following these steps:

1) Go to System Properties, click on System Restore tab, click on Turn off System Restore (or it may appear as Turn off System Restore on All drives) checkbox. Clik Apply, click OK.

2) If it asks you to restart computer, save all your works, and restart yoru computer.

3) once you logon to Windows again, the restore data would have been deleted together with those nasties.

4) You now want to go back into System Properties, and uncheck the checkbox in order to turn the System Restore back on again, restart your computer.

5) To be safe, once you logon on to Windows, go to System Restore (Start > All Program > Accessories > System Tools > System Restore) tool. Then save restore data if possible to keep yourself safe guarded from future failures.

Though System Restore has saved your many times in the past, I would recommend taking a Ghost image of your drive every two weeks or so, as a secondary measure, its well worth it.
0
 
Booda2usCommented:
Here is a link to help you gain access to,  ' C:/system volume information' folder:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q309531 
Here is a workaround to view SVI for Win XP Professional using  NTFS File System on  Standalone Computer:
 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. On the View tab, click Show hidden files and folders. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Clear the Use simple file sharing (Recommended) check box. 6. Click OK. 7. Right-click the System Volume Information folder in the root folder, and then click Properties. 8. Click the Security tab. 9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK. 10. Double-click the System Volume Information folder in the root folder to open it.

There is a SVI file on every partition on HDD....Hope this helps ya out.....Booda2us
0
 
MonkeyrodAuthor Commented:
I tryed GuruGary's idea of using disk cleanup(because it looked the most simple), and i think that took care of it
0
 
Ron MalmsteadInformation Services ManagerCommented:
When running any kind of antivirus/spyware on a windows XP machine...it is recommended to turn off system restore.  Otherwise your system restore will make backup copies of deleted files, even if they are viruses.  Then everytime you run a scan, you will get notified of these files in _restore directory.

If you plan on restoring to a previous point anytime soon...you should not disable system restore...but rather....boot into safe mode, by pressing F8 on startup....then run your antivirus/spyware scan.
0
 
MonkeyrodAuthor Commented:
OK now i'm confused, when I run my antivirus program (AVG), Ewido, or ad-ware, does it put these backup copies in the same place that I would create my own restore point manually, or when windows makes a restore point when uninstall some programs... I would like to know this so when I delete old restore points usinng disk cleanup, it will delete all these files...
0
 
GuruGaryCommented:
From the Disk Cleanup utility, click on the "more options" tab and then select Clean up in the System Restore dialog box.
0
 
GuruGaryCommented:
Or if you are trying to make sure all the bad files from all the programs get deleted, then clear your AntiVirus vault from AVG, then clear your Ewido quarantine, then clear your Ad-Aware quarantine, then clean up your old restore points.
0
 
bbrunningCommented:
Disable systems restore:
Right-Click my computer/Properties/System Restore

Click the check box to disable system restore.

Reboot in safe mode and run all your scans.

Reboot in normal mode and enable system restore

Right-Click my computer/Properties/System Restore

Uncheck the box to re-enable restore.

Create a restore point from the current point. If the scan found all the spyware then you should be okay and not find anymore spyware in that directory.

Search Google for these for scanning
Spybot
adaware
scanspyware - not free but finds a ton the other 2 don't
and of course windows defender
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 3
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now