?
Solved

C:\System Volume Information\_restore

Posted on 2006-06-12
14
Medium Priority
?
15,376 Views
Last Modified: 2012-05-05
Anytime I run a scan (ewido, AVG, /ad-ware,  really any scanner) I notice a TON of files of C:\System Volume Information\_restore followed by a lot of letters and numbers... i d/l the new WindowsDefender and ran a scan and it found some threats that none of my other scanners found, like, for example, MarketScoreRevlanevent,  something like that, and some others, the alert level on some of these was Severe, and some were high...

What are these files...?i've looked and looked for this folder where these files are and I can't find 'em, i did the "show hidden files thing" and all that, still no luck...

Also one more thing, while I wuz' runnin' Windows Defender, my AVG viurs program popped up a few times saying it detected trojans, so i cleanted them...

So what's the deal?
0
Comment
Question by:Monkeyrod
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +4
14 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 16887915
Please take a look at:

http://www.theeldergeek.com/system_volume_information_folder1.htm

In short:

If you've done much wandering around in Windows Explorer you might have noticed a folder called System Volume Information and wondered what purpose it serves. It's actually a part of System Restore; the tool that allows you to set points in time to roll back your computer. The System Volume Information folder is where XP stores these points and associated information that makes them accessible. If you have System Restore enabled but don't see this folder, go into [Tools] [Folder Options] [View] and click the radio button next to [Show Hidden Files and Folders] and it will be visible.

All information can be found there, don't want to copy& paste it complety.

Tolomir
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 16887925
This is some more information about virii residing in that folder:

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000092513515106

Norton AntiVirus detected a virus in the _RESTORE or the System volume information folder, but it cannot repair, quarantine, or delete the infected file.

Solution:
About System Restore
Windows uses System Restore to restore files on your computer in case they become damaged. System Restore is enabled by default. Windows Me keeps the restore information in the _RESTORE folder. Windows XP stores this information in the System volume information folder. These folders are updated when the computer restarts. If the computer is infected with a virus, the virus could be backed up in these folders.

Repairing System Restore
By default, Windows prevents System Restore from being modified by outside programs. Because of this, any repair attempts made by Norton AntiVirus will fail. To work around this, you must disable System Restore, and restart the computer. This will purge the contents of the _RESTORE or System volume information folder. You must then run a full system scan. To do this, find your operating system in the list below and follow the steps. Click the icon to the left of your version to either expand ( ) or collapse ( ) that section. (If you cannot expand a section, then read the document Cannot expand sections in a Symantec Knowledge Base document.)

Tolomir
0
 

Author Comment

by:Monkeyrod
ID: 16888431
Ok I understand system restore (it's saved me a hundred times!), but it seems like I should delete the really old ones...is this safe??
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 400 total points
ID: 16888991
yes of cause, all you loose is the ability to restore back to those old "backups"

0
 

Author Comment

by:Monkeyrod
ID: 16889634
I cannot find the folder that system volume info. is in, I have XP Home Edition SP2...I looked at the first link you gave me and it says if you have NTFS file system you have to use msconfig and all that crap, or use safe mode...

Before I do that, where should this folder be located?
0
 
LVL 10

Assisted Solution

by:GuruGary
GuruGary earned 800 total points
ID: 16890057
I don't know of a way to selectively delete restore points.  I think you have 2 choices: Delete ALL the restore points, or delete all restore pointes except for the most current restore point.  Here are instructions:

To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the more options tab and then select Clean up in the System Restore dialog box.

To delete all the restore points on your computer, disable and re-enable system restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK.
0
 
LVL 6

Assisted Solution

by:DCreature
DCreature earned 400 total points
ID: 16890552
These folders are usually hidden, you probably have virus / adwares in the past where your System Restore saved it together with restore data in case your computer ever need to be restored to previous state.

However, beause your restore data has those nasties, you wouldn't want to keep the previous restore data.

Basically what you have to do is to turn off System Restore following these steps:

1) Go to System Properties, click on System Restore tab, click on Turn off System Restore (or it may appear as Turn off System Restore on All drives) checkbox. Clik Apply, click OK.

2) If it asks you to restart computer, save all your works, and restart yoru computer.

3) once you logon to Windows again, the restore data would have been deleted together with those nasties.

4) You now want to go back into System Properties, and uncheck the checkbox in order to turn the System Restore back on again, restart your computer.

5) To be safe, once you logon on to Windows, go to System Restore (Start > All Program > Accessories > System Tools > System Restore) tool. Then save restore data if possible to keep yourself safe guarded from future failures.

Though System Restore has saved your many times in the past, I would recommend taking a Ghost image of your drive every two weeks or so, as a secondary measure, its well worth it.
0
 
LVL 6

Assisted Solution

by:Booda2us
Booda2us earned 400 total points
ID: 16890603
Here is a link to help you gain access to,  ' C:/system volume information' folder:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q309531 
Here is a workaround to view SVI for Win XP Professional using  NTFS File System on  Standalone Computer:
 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. On the View tab, click Show hidden files and folders. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Clear the Use simple file sharing (Recommended) check box. 6. Click OK. 7. Right-click the System Volume Information folder in the root folder, and then click Properties. 8. Click the Security tab. 9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK. 10. Double-click the System Volume Information folder in the root folder to open it.

There is a SVI file on every partition on HDD....Hope this helps ya out.....Booda2us
0
 

Author Comment

by:Monkeyrod
ID: 16890664
I tryed GuruGary's idea of using disk cleanup(because it looked the most simple), and i think that took care of it
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 16895261
When running any kind of antivirus/spyware on a windows XP machine...it is recommended to turn off system restore.  Otherwise your system restore will make backup copies of deleted files, even if they are viruses.  Then everytime you run a scan, you will get notified of these files in _restore directory.

If you plan on restoring to a previous point anytime soon...you should not disable system restore...but rather....boot into safe mode, by pressing F8 on startup....then run your antivirus/spyware scan.
0
 

Author Comment

by:Monkeyrod
ID: 16897153
OK now i'm confused, when I run my antivirus program (AVG), Ewido, or ad-ware, does it put these backup copies in the same place that I would create my own restore point manually, or when windows makes a restore point when uninstall some programs... I would like to know this so when I delete old restore points usinng disk cleanup, it will delete all these files...
0
 
LVL 10

Expert Comment

by:GuruGary
ID: 16897651
From the Disk Cleanup utility, click on the "more options" tab and then select Clean up in the System Restore dialog box.
0
 
LVL 10

Accepted Solution

by:
GuruGary earned 800 total points
ID: 16897740
Or if you are trying to make sure all the bad files from all the programs get deleted, then clear your AntiVirus vault from AVG, then clear your Ewido quarantine, then clear your Ad-Aware quarantine, then clean up your old restore points.
0
 
LVL 10

Expert Comment

by:bbrunning
ID: 16898847
Disable systems restore:
Right-Click my computer/Properties/System Restore

Click the check box to disable system restore.

Reboot in safe mode and run all your scans.

Reboot in normal mode and enable system restore

Right-Click my computer/Properties/System Restore

Uncheck the box to re-enable restore.

Create a restore point from the current point. If the scan found all the spyware then you should be okay and not find anymore spyware in that directory.

Search Google for these for scanning
Spybot
adaware
scanspyware - not free but finds a ton the other 2 don't
and of course windows defender
0

Featured Post

Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question