VIRUS in System Volume Information. how can I access that??

Toggle sidebar Toggle sidebar
P

projecteda

Member
Jan 26, 2004
26
0
0
I received the I.Worm/Bagle.J from downloading a file off of a P2P network. my up-to-date AVG successfully found the virus but hasn't fully destroyed it. I have run AVG virus scan many times, but it will not pick up the following virus location:

C:\System Volume Information\_restore{03E37C7E-5BB3-4953-8A7F-403F464AD18E}\RP64\A0013864.exe

This is the I.Worm/Bagle.J virus, but I get the above message when my system exits the screen saver. AVG tells me I have this once I exit the screen saver. It seems to only find it when im in screen saver. How can I fully rid myself of this problem? Thanks!
 
Mem

Mem

Lifer
Apr 23, 2000
21,476
13
81
Here you go,

You'll have to manually delete the infected files found in the c:\System Volume Information\_Restore folder, they are part of the Win Xp backup (those backup files were created when the system was infected).
The System Volume Information folder is a hidden, system folder that the System Restore service uses to store its information and restore points.
There is a System Volume Information folder on every partition on your computer. No application except the System Restore service is allowed to access this folder.
In order to delete the infected content of _restore please follow the steps:
1. Right click the My Computer icon on the Desktop and click on Properties;
2. Click on the System Restore tab;
3. Select each drive and:
a) click Settings;
b) Move the ruler to miniminum;
c) Press OK and confirm the eventual confirmation;
4. Put a check mark next to 'Turn off System Restore on All Drives';
5. Click the 'OK' button;
6. You will be prompted to restart the computer. Click Yes.
When System Restore is disabled the content of the folder is deleted, the infected files included.
Afterwards you can re-enable the System Restore service should you want to use it.
Click to expand...
 
S

Smilin

Diamond Member
Mar 4, 2002
7,357
0
0
you can actually just grant yourself permissions to the sysvol folder and then delete that particular restore point. Delete the rp folder in it's entirety. A partial restore point is a bad thing. You don't need to clear the whole sysvol folder.

by default only system has permissions to these files, not admins or anyone else.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom