siliconman01
Global Moderator
Trojans! Chew 'em Up, Spit 'em Out...
Gender: 
Posts: 7358
|
 |
Malware in System Volume Information folder ?
« on: Feb 6th, 2006, 4:22am » |
|
This procedure describes how to remove malware found in the C:\System Volume Information folder.
The System Volume Information folder is the location where Windows XP and Vista store the System Restore elements. Most modern malware scanners include the System Restore folder in their scan. However, none are fully capable of removing malicious elements from this folder. When malicious elements are found in this folder, the only way to reliably remove malware (trojans, spyware, adware, viruses, worms, key loggers, etc.) from the System Restore folder is to:
1. Disable System Restore
2. Reboot the computer
3. Enable System Restore
4. Manually create a new starting System Restore point using the Help and Support routine found at START-Help and Support.
XP Users: See the link below for how to manually create a Restore Point.
http://support.microsoft.com/kb/948247
Vista and Windows 7 Users: See the link below for how to manually create a Restore Point.
http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for- windows-vistas-system-restore/
5. Rescan the computer system to ensure all malware is eliminated.
If assistance is needed for how to disable/enable System Restore:
Windows XP
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?do cid=20080421114858EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb
Windows ME
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?do cid=20080421120723EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb
Windows Vista
1. Go to START>CONTROL PANEL>SYSTEM>System Protection
2. Uncheck or Check the primary hard drive to turn OFF or turn ON System Restore.
3. Click on Apply and confirm.
4. Reboot computer.
Windows 7
1. Go to START>CONTROL PANEL>SYSTEM>System Protection>System Protection tab
2. In the "Protection Settings" window, highlight the desired available hard drive.
3. Click on the "Configure" hot button.
4. Bullet or un-Bullet "Turn off system protection"
5. Click on Apply and OK.
6. Close the System Properties window and close the Control Panel
7. Reboot computer.
NOTE:
1. When System Restore is disabled, all restore points are lost. Windows will rebuild new restore points and check points based on its system restore algorithm/parameters.
2. Computer systems with multiple hard drives or multiple partitioned hard drives will have a System Volume Information folder for each partition (located on the respective partition). Windows permits disabling/enabling System Restore on a partition basis. Users may wish to permanently disable System Restore on selected partitions based on what the partition is used for.
3. Always remember to Turn ON System Restore after you have cleared the System Volume Information folder. (The System Volume Information folder is automatically "cleared/cleaned" when you turn OFF System Restore and reboot.)
Applies to all versions of TrojanHunter.
|
| « Last Edit: Dec 15th, 2011, 11:27am by siliconman01 » |
 IP Logged |
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
|
|
|
Buy Now
Search
Members
Login
Register
Mischel Internet Security Forum
Notify of replies
Send Topic
Print
Author
