Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:54am
   Mischel Internet Security Forum
   TrojanHunter
   Frequently Asked Questions (Moderators: Helena, Gavin_Coe, Magnus)
   Malware in System Volume Information folder ?		 « Previous topic | No topic »
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Malware in System Volume Information folder ?  (Read 4026 times)
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Malware in System Volume Information folder ?
« on: Feb 6th, 2006, 4:22am »
This procedure describes how to remove malware found in the C:\System Volume Information folder.
 
The System Volume Information folder is the location where Windows XP stores the System Restore elements.  Most modern malware scanners include the System Restore folder in their scan.  However, none are fully capable of removing malicious elements from this folder.  When malicious elements are found in this folder, the only way to reliably remove malware (trojans, spyware, adware, viruses, worms, key loggers, etc.) from the System Restore folder is to:
 
 
1.  Disable System Restore
 
2.  Reboot the computer
 
3.  Enable System Restore
 
4.  Manually create a new starting System Restore point using the Help and Support routine found at START-Help and Support.
 
XP Users:  See the link below for how to manually create a Restore Point.
 
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/balle w_03may19.mspx
 
5.  Rescan the computer system to ensure all malware is eliminated.  
 
 
If assistance is needed for how to disable/enable System Restore:  
 
Windows XP
 
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200111191227403 9?OpenDocument&src=sec_doc_nam
 
Windows ME
 
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200101251312223 9?OpenDocument&src=sec_doc_nam
 
Windows Vista
 
1.  Go to START>CONTROL PANEL>SYSTEM>System Protection
 
2.  Uncheck or Check the primary hard drive to turn OFF or turn ON System Restore.
 
3.  Click on Apply and confirm.
 
4.  Reboot computer.
 
NOTE:
 
1.  When System Restore is disabled, all restore points are lost.  Windows will rebuild new restore points and check points based on its system restore algorithm/parameters.  
 
2.  Computer systems with multiple hard drives or multiple partitioned hard drives will have a System Volume Information folder for each partition (located on the respective partition).  Windows permits disabling/enabling System Restore on a partition basis.  Users may wish to permanently disable System Restore on selected partitions based on what the partition is used for.  
 
3.  Always remember to Turn ON System Restore after you have cleared the System Volume Information folder.
 
Applies to all versions of TrojanHunter.
« Last Edit: Nov 15th, 2007, 11:17am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | No topic »
Search
Members
Login
Register