Q about D:\System Volume Information folder

I have two, physically separate hard disk drives (C and D).
Virus scan detected infection in D:\system volume information folder.
This folder (hidden folder) cannot be opened.
How can I remove infected files from volume information folder?
Jorge

John
Mon May 12 09:59:19 PDT 2008

Is there a Windows XP on that drive? The virus may be inside a Restore
Point.

To gain access to the folder with any Windows XP version you can use the
cacls command at the Command Prompt:

cacls "d:\System Volume Information" /E /G YourUserName:F

How to gain access to the System Volume Information folder
http://support.microsoft.com/kb/309531

John

Jorge Cervantes wrote:
> I have two, physically separate hard disk drives (C and D).
> Virus scan detected infection in D:\system volume information folder.
> This folder (hidden folder) cannot be opened.
> How can I remove infected files from volume information folder?
> Jorge
>
>

Jorge
Mon May 12 10:10:20 PDT 2008

Thanks John,

The restore was turned off quite a while ago because I use True Image
backup system.
So, I assume that the infection might not matter now.
Is that correct?

BTW, I have another related question. I found that both C and D drives have
its own System Volume folders.
I understand that restore only matters to C-drive not to D-drive.
If so, I would rather delete D:\system volume?
Can I do that? If so, how?

Thanks.

Jorge



"John John (MVP)" <audetweld@nbnet.nb.ca> wrote in message
news:uW7JYFFtIHA.3804@TK2MSFTNGP02.phx.gbl...
> Is there a Windows XP on that drive? The virus may be inside a Restore
> Point.
>
> To gain access to the folder with any Windows XP version you can use the
> cacls command at the Command Prompt:
>
> cacls "d:\System Volume Information" /E /G YourUserName:F
>
> How to gain access to the System Volume Information folder
> http://support.microsoft.com/kb/309531
>
> John
>
> Jorge Cervantes wrote:
>> I have two, physically separate hard disk drives (C and D).
>> Virus scan detected infection in D:\system volume information folder.
>> This folder (hidden folder) cannot be opened.
>> How can I remove infected files from volume information folder?
>> Jorge
>

Ken
Mon May 12 11:08:20 PDT 2008

On Mon, 12 May 2008 10:45:13 -0600, "Jorge Cervantes"
<machocraig@hotmail.com> wrote:

> I have two, physically separate hard disk drives (C and D).
> Virus scan detected infection in D:\system volume information folder.
> This folder (hidden folder) cannot be opened.
> How can I remove infected files from volume information folder?


Did you recently remove this virus from your system, but now find that
it remains in D:\system volume information?

That folder contains restore points, and a virus in a restore point is
completely innocuous *unless* you restore from that restore point.

The only way to remove the virus is to turn off System Restore, then
turn it back on, but that will delete *all* your restore points, not
just the infected one(s). Alternatively you can just wait for the
infected point(s) to fall of the end of the chain--a maximum of 90
days.

--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup

Ken
Mon May 12 11:11:58 PDT 2008

On Mon, 12 May 2008 11:10:20 -0600, "Jorge Cervantes"
<machocraig@hotmail.com> wrote:

> Thanks John,
>
> The restore was turned off quite a while ago because I use True Image
> backup system.



Not a good idea. True image is an excellent product, and using it for
backup is a good thing to do. But I recommend that you keep System
Restore on anyway. System Restore is not a substitute for backup, and
can (and should) exist alongside it. System Restore is a tool for
restoring the operating system to the state it was a few days (or a
week or two at most) ago. It's meant to be a quick and easy way to
recover from an error you made recently.


> So, I assume that the infection might not matter now.
> Is that correct?
>
> BTW, I have another related question. I found that both C and D drives have
> its own System Volume folders.
> I understand that restore only matters to C-drive not to D-drive.
> If so, I would rather delete D:\system volume?
> Can I do that?


Yes.


> If so, how?


Turn off System Restore on D:. That will delete the restore points
there.

--
Ken Blake, Microsoft MVP - Windows Desktop Experience
Please Reply to the Newsgroup

Gerry
Mon May 12 14:16:52 PDT 2008

Jorge

Right click on the System Volume Information Folder on your D drive and
select Properties. If it is not being monitored by System Restore then
there should be no contents i.e. 0 bytes. Do not delete the folder.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Jorge Cervantes wrote:
> Thanks John,
>
> The restore was turned off quite a while ago because I use True Image
> backup system.
> So, I assume that the infection might not matter now.
> Is that correct?
>
> BTW, I have another related question. I found that both C and D
> drives have its own System Volume folders.
> I understand that restore only matters to C-drive not to D-drive.
> If so, I would rather delete D:\system volume?
> Can I do that? If so, how?
>
> Thanks.
>
> Jorge
>
>
>
> "John John (MVP)" <audetweld@nbnet.nb.ca> wrote in message
> news:uW7JYFFtIHA.3804@TK2MSFTNGP02.phx.gbl...
>> Is there a Windows XP on that drive? The virus may be inside a
>> Restore Point.
>>
>> To gain access to the folder with any Windows XP version you can use
>> the cacls command at the Command Prompt:
>>
>> cacls "d:\System Volume Information" /E /G YourUserName:F
>>
>> How to gain access to the System Volume Information folder
>> http://support.microsoft.com/kb/309531
>>
>> John
>>
>> Jorge Cervantes wrote:
>>> I have two, physically separate hard disk drives (C and D).
>>> Virus scan detected infection in D:\system volume information
>>> folder. This folder (hidden folder) cannot be opened.
>>> How can I remove infected files from volume information folder?
>>> Jorge