Computer Support Forum

I deleted system volume information

Question: I deleted system volume information

I used baku 2 weeks ago and deleted my sytem volume information. Win xp and now no restore,no help,no run etc. Still online and still lost ????

Relevance 100%
Preferred Solution: I deleted system volume information

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: I deleted system volume information

I'm not understanding your problem very well as your post is somewhat brief and hard to comprehend.

1. I'm assuming by "baku" you mean backup? Please confirm.

2. When you say you deleted your system volume information do you mean the actual folder itself, or the contents of the folder?

3. When you say "no restore" do you mean you can not now set a restore point?

Any further details you can give as to what you did and what you are trying to do would be helpful.

12 more replies
Relevance 90.2%

Hey guys:

I'm an idiot!!! Last night I deleted my System Volume Information folder off of a Raid-0 set of hard drives. As I mentioned, this raid set is not drive with my XP on it. This is just a drive for storage of pictures, video, and other programs I prefer not to have on my C:\. I did take go as far as to turn off System Restore before deleting it. Now when I boot up I cannot access the drive at all. It tells me that "The drive is not formatted. Do I want to format it now?."

I don't want to do that and I am wondering if there is a way to create a new System Volume Information folder so I can access the drive again???

Thanks

Answer:Deleted System Volume Information Folder on a Non-Operating system drive???

I think you are connecting the dots...where there is no connection.

Deleting a system volume folder...isn't possible by me, even when system restore is not used (I always disable SR immediately after a clean install). Even though the folders are empty and I don't have SR employed, the system won't allow me to delete these empty folders.

I believe that the problem is your RAID setup...perhaps you ought to try to repair it.

Louis

2 more replies
Relevance 88.56%

Honestly don't know y I deleted it but, I was cleaning files from my drives while in Linux and I deleted the system volume folder from one of my hdds and now all my data is inaccessible. Haven't touched the drive since, would like a surefire way to get it back. Here is my set up64gb ssd Windows 7
1tb hdd internal (deleted system volume folder)
1tb external hdd 50gb Linux partition 950gb ntfs partition
Thanks in advance

Answer:recover deleted system volume information on external drive

Have you had a look at the current version of the HIRENS boot CD. this has lots of free recovery tools on it. I have used it a few times for exactly the purpose you need it for...

Go here: Download Hiren

And scroll down about 3/4 of the way and you will a download link.

hth
Tanya

2 more replies
Relevance 80.36%

Hi. I'm trying to get rid of files and this one is the main one that I have found so far that is getting stuck and not being deleted. It says that "change.log" is being used by other users.

Occasionally as well a chinese website pops up for some reason.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:25, on 17/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\S... Read more

More replies
Relevance 69.29%

I am using Windows XP Pro and recently created a restore point in my System Restore program. This was over a month ago, and I no longer need that restore point. When I defrag with either Diskeeper or Norton Speedisk, I get a report on a good number of defragmented/defragmentable files, most of which are in the Restore folder in my System Volume Information folder. I was able to access my System Volume folder and found the offending file but hesitate to delete that file unless I can be assured that I can do so safely.

Would a simple delete be okay?

Attached is a screenshot of the folder in my Systems Information folder.
 

Answer:Safe to a Delete System Restore Folder from System Volume Information?

7 more replies
Relevance 69.29%

Hey, everyone!

Looking for some advice on getting my GB back, if possible.
I hope I'm posting in the right area.

The other day I had to do a System Restore on my Compaq (Windows XP) so far everything is working fine now. Though, I noticed my computer was running slower than usual. I checked my overall GB usage and found that it had dropped 20GB since the System Restore. My computer is currently 140GB in total and right now only 50% of it is left, making my computer run...not so quickly.

I used TreeSize and found that the missing 20GB was being used in "System Volume Information". I don't mean to sound like a newbie, but what exactly could be suddenly taking up 20GB of my space since the system restore? Is it possible for me to get it back without harming my computer? How do I go about doing that?

Someone mentioned that I should make sure it wasn't trojan/virus related, so I've run anti-virus, anti-malware, PC tuneups, etc. Everything is clean. Any advice?

Thanks so much!

EDIT: Okay well, after searching deeper into the "System Volume Information" I see that all the used GB is coming from a folder inside called "_restore{" and there must be 70+ different files inside, I'm guessing these are system restore points? Most of them are less than 1GB (though there are so many it apparently adds up) but one of them is a whopping 13.3GB by itself. What can I do about all these?

 

Answer:Help! Missing 20GB after System Restore, found in System Volume Information -- Why?

7 more replies
Relevance 68.88%

I had trouble defragging {dbcbca6a-9a27-11df-94f4-028037000300}{3808876b-c176-4e48-b7ae-04046e6cc752} in C:\System Volume Information using defragler. It is more than 2GB large. Is it normal for one system restore to be that large? Norton and MBAM says the my system is clean. Only 31.1 GB total used. Abou 250 GB (I think) total hard drive space

Also the tracking folder is showing weird characters:
?Cf????? ?O?8m   windellstudio15 NW?Dc`A??$??{?? =?e? ? ? ????  ?             ... Read more

Answer:ONE System File in System Volume Information more than 3GB large. Can't Defrag

Defragging does not reduce file size, it only moves files to improve speeds.

Do a disk cleanup maybe its system error storage, or something the operating system stores
Unless it is a virus that is hogging your hard drive space (Inwhich case I would do a scan with Malwarebytes anti malware from malwarebytes.org)
It could be a crucial file, but I would think it would be a bit smaller.

your hard drive has enough space to make that 3 GB look like megabytes....

Keep your eye on that file. If it continually gets bigger, chances are, it could be a virus.

7 more replies
Relevance 68.47%

Is system volume information a virus? There are 2 folders in two seperate hard drives and on one i can delete it but it comes back like three seconds later. On a different hard drive i cant do anything to it at all
 

More replies
Relevance 68.47%

Vista is dumping System Volume information on every HDD ive got and its dumping it all over the place and i carnt defrag nore can i delete any of the files. Theres about 40gb in total..
There is no system protection enabled on the HDDs as i use Vista's backup tool once a week (then store it to a different HDD).
How can i unlock and delete these files, as it seem every other day it grows in size..

Answer:System Volume Information

Hi and welcome to TSF

First I would like you to go to "Folder Options". Click on the view tab and scroll all the way down. When you see " Simple file sharing (recommended) " uncheck that box. The go to each drive that has the System Volume Information. Right click the folder and go to the Security Tab. Click " Add... " and in the text box type in " Everyone ". Click chack names then hit Ok, Apply, and then Ok again. Then go through the folder System Volume Info -> Go through the next folder -> Delete everything that has a blue tint (meaning all the compressed folders.

* Personally I just shut off System Restore function because all it does is hug up drive space and it never fixes anything for me; If you turn it off then all the files will be deleted automatically without the above steps *

3 more replies
Relevance 68.47%

I took the ownership of System Volume Information folder.then i created a folder in it.but now i cant delete that folder.in xp i could do it but not in 7.please help me..

Answer:System Volume Information

  
Quote: Originally Posted by vajeen


I took the ownership of System Volume Information folder.then i created a folder in it.but now i cant delete that folder.in xp i could do it but not in 7.please help me..



Why on earth would you want to take ownership of "System Volume Information" and make a folder in it?

"System Volume Information" = system only and should remain hidden.

Hide it and forget about that folder, messing with "System Volume Information" could get you only deeper into trouble.

2 more replies
Relevance 68.47%

I killed my Linux partition using Partition Magic, everything went as planned, however, now I have a folder under C:/ called "F Drive" which contains the contents of my Linux partitons. I however can't access or delete this folder, any ideas on why? I looked up the System Vol Info, and as far as that is concerend, I have system restore off.
 

More replies
Relevance 68.47%

I am having win7 home basic(64-bit) operating system on my laptop.In each
drive of my hard disk $RICYCLE.BIN,System volume Information and sys folders
of 0 byte size get created before some days. When I unchecked option to show hidden files from folders option folders got hidden.I tried to delete these folders but it's not working.I also tried to delete folder by taking ownership of folder form properties menu of folder.This is decreasing speed of my laptop.I am not understanding if they are system folders or due to virus.Plz reply.

More replies
Relevance 68.47%

Hi,

I'm running Vista HP 64-bit on my home build PC, and I was trying to clean up my C: drive when I noticed how large the System Volume Information folder was (31Gb on a 120Gb HD). I investigated and I've tried to delete these files.

I've tried searching the problem and most of the answers are that the problem is system restore. I've turned System Restore off, so I know that these files are not associated with this. I've tried to take ownership and delete them. I've tried deleting them in Safe mode, I've tried using a file shredding software, and no joy.

I really need some advice!!!

Answer:System Volume Information

Hi -

Add TakeOwnership to your context menu. Download the .reg file, run it and allow Registry merger to occur -

http://jcgriff2.com/0x2/takeown_icac...ows7_Vista.reg

Bring up an elevated administrative cmd/DOS prompt -
START | type cmd.exe | RIGHT-click on cmd.exe above under "Programs" | select "Run as Administrator" | Paste the following -

Code:

attrib -h -s c:\system information volume\*.* /s /d

Go to the folder, RIGHT-click on it, select "Take Ownership"

See if you can open it now.

Regards. . .

jcgriff2

`

19 more replies
Relevance 68.47%

can anyone please help?for some strange reason my system volume information folder keeps growing by at least a couple of gigs every day.i have disabled system restore completley and deleted all my previous restore points.but it still keeps growing.
 

More replies
Relevance 68.47%

I've checked three of my four computers and only one of them has a folder named "RECYCLER". All the others have a folder named "Recycled", and there is the little recycle bin icon where there would otherwise be a folder icon.

If that's the case, you probably have two files in your root directory named "auto.exe" and "autorun.inf". These are malicious little buggers that seem impossible to get rid of, and they seem to be causing other types of problems in the operating system.

The only way I've been able to get them off of attached devices is to disconnect the host computer from any outside connection, i.e., cable modem, telephone. Then turn off the computer and unplug it for 30 seconds. Also, disconnect the attached device from the computer. Then plug in the host computer and boot it up. Make sure you do not have the above named files in the host. (They may be hidden in the Prefetch folder.)

Once you're sure they are completely out of the host, do the 'turn off', 'unplug', etc. cycle again. Reboot. (You may notice that the computer works a little differently. In my computer, the submenues started showing up when I run the cursor near any particular icon on the desktop. The submenues started working in other places too... but I digress.)

Recheck the host computer and verify that the two above named files are actually gone. If they are, your host computer is clean.

Here's the sad news. I still haven't figured out how to... Read more

Answer:System Volume Information

One other note... When I tried to download a file folder into the mass storage device on my laptop (from the host computer via the wireless router), BitDefender (anti-virus program) recognized "auto.exe" as a virus... I'm still researching that avenue...

4 more replies
Relevance 68.47%

hi, i remember having viruses that couldnt be removed and heard that alot of spyware could be stored in this folder, obviously it restricts my access to it, im wondering if there is 1 way to take off this restriction so that i may access it. also curious about the permanent effects of deleting this folder. thanks

More replies
Relevance 68.47%

XP pro - p4 2.8AVG antivirus detecting worm (Lovsan.A) in C:\System Volume Information\_restore ......AVG will not delete this worm file.Can anyone please steer me to access this folder and delete file (Access Denied via My Computer route).Many thanksTerry

Answer:XP pro System Volume Information

The worm is hidden in your System Restore files which virus checkers don't have access (that's why you are getting the message that AVG cannot remove it.The cure is to turn off Systm Restore temporarily, run your A/V to remove the worm and then re-instate System Restore. It means you will have lost your restore points but that is a small price for getting rid of the nasties.?d

3 more replies
Relevance 68.47%

Just installed a 2nd hard drive as a slave and I accidentally copied a bunch of files from the 1st one to the System Volume Information folder on the 2nd.

To delete these files and put them elsewhere, I have run the

cacls "G:\System Volume Information" /E /G username:F and press ENTER

routine in CMD and get

"Are you sure (Y/N)?"

even with "Y", I get "Access Denied."

Any hints? Safe mode a sure bet? I have Win XP Home, master hard disk FAT32, and new slave hard disk NTFS.
 

Answer:System Volume Information

It may be that the FAT 32 and NTFS file systems on the different drive aren't compatible. From the best of my knowledge, FAT 32 systems/drives can't write to NTFS formatted volumes or partitions. An option may be to convert your master hard drive to the NTFS file system, or to convert your slave drive to the FAT 32 system. I'm sure that there will be more members join the thread to give advice.
 

2 more replies
Relevance 68.47%

So, I set configs to allow 111 GB for System Restore, thinking I'd buy some extra insurance, on a 1.5 TB HDD. And now looking why I can't create Drive Image backup on 250 GB Drive, when I used to. Turns out, the last "critical" update for Win7 restore point is using a whopping 70 GB of space. What's up with that? Usually the restore point directories are in the single digits. Windoze 7, Home Premium, x64.

Answer:System Volume Information 109 GB !!

If we are talking about shadows and shadowstorage, this would be very strange. Usually a shadow (restore point) is between 250MB and 1GB (approximately). Are you sure that those 70GBs are only 1 shadow. I suggest you do the following:

1. Open an elevated Command Prompt (run as admin) and type: vssadmin list shadowstorage That will show 3 numbers - Used, Allocated and Maximum. Allocated is the amount that has been reserved at this point in time and Maximum should be your 111GBs.

2. Again in Command Prompt type: vssadmin list shadows That will list all the restore points you have (on all partitions). They are dated. If you want a convenient program to look at your restore points, get Shadow Explorer.

6 more replies
Relevance 68.47%

does anyone know why w2k has system volume information ?

i know that xp holds the restore points there but w2k does not have system restore,
i have 2 files in the one on my C drive - MountPointManagerRemoteDatabase and tracking.log, all the rest just have tracking.log

ta
 

Answer:system volume information

Hi

Its part of Distributed Link Tracking (DLT) Client
http://technet.microsoft.com/en-gb/library/bb742605.aspx
 

2 more replies
Relevance 68.47%

Hi guys and gals

This is just strange I have found a virus in one of my restore points but No problems are currently in existed. So I have a basic question.. How did a virus get in to my restore points? odd?

File C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP400\A0039023.exe is infected by Win32:PSWtool-S [PUP], Moved to chest this is what the entry stated

After I found that I reset my System Protection. Going to create a Manuel Restore Point. and re run the select area tests.

Thanks

Answer:System Volume Information

Create a New Restore Point[/COLOR][/URL][/B] to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok". Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" tab, then click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these... Read more

4 more replies
Relevance 68.47%

hIYA FOLKS,MY FIRST POSTING - WELL HERE GOES,I HAVE A PROBLEM WITH A FOLDER OF THE ABOVE,(C:\RECYCLER-SYS VOL INFO)..I DELETED THE FOLDER BY MISTAKE,THE THING IS THAT 'TREND ANTI VIRUS' IS STATING THERE IS A SUSPICIOUS FILE THERE,SO HOW DO I GET THE FOLDER BACK IN C:/ KNOWING THAT THE FOLDER STILL EXISTS.I AM ON WINDOWS PROF XP.ALSO,A HARDWARE PROBLEM..MY MACHINE KEEPS GETTING VERY HOT,VERY.!!!!!!!..NOW.!! IS IT THE MOTOR FAN OR MAYBE SOME COMPONENT PROBLEM....THANKS PEOPLE.........WANE K....BOLTON LANCASHIRE - OF THE NORTHERN REGION
 

More replies
Relevance 68.47%

My computer has been sluggish lately. I've scanned with everything. My active scan logs and HJT logs are clean and I've scanned for rootkits.

And Anivir's on access scanner has been detecting trojans in the System volume information
folder but I can't open the folder because access is denied.

This is one of three I've quarantied from the same location

C:\system volume information\_restore{082A6CE9-706C-4F27-9BC0-3693FCF3DE9E}\RP1052\
ao220720.dll

I've turned off and on system restore but that didn't seem to clear it out.

Should I try to delete this folder \RP1052\ with because that's where the 3 files were been found.

Any help would be appreciated
 

Answer:system volume information

http://support.microsoft.com/kb/263455
 

3 more replies
Relevance 68.47%

I have an extremely large file (system volume information) which contains a file named:
"_restore (224E0294-7FFD-9D04-A63B49402B20)". In that file are daily "snapshots" of my files. Each daily snapshot is in a separate folder - consecutively numbered (example: RP460 up to RP561.

Each of these folders contain over 130mb of files and are using up my storage capacity on C drive.
Can I delete all but the last few of these folders?

Answer:System Volume Information

Quote:




Can I delete all but the last few of these folders?




NO.

By default the contents of the system volume information folder is not accessible to even an admin account. And for good reason. Any direct deletion or modification of it's contents can, and probably will, corrupt the system restore facility and render it useless.

The disk cleanup utility can delete old restore points and you can also specify how much disk space can be used but do not attempt direct modification of the folder.

Actually I would recommend setting the security attributes of the folder back to what they were to prevent accidental modification. There is really no need to to access the folder at all.

3 more replies
Relevance 68.47%

C:\System Volume Information

I have system protection(restore) turned off.
And it has 4GB of data in C:\System Volume Information.

How can this be. It is also allowing me to go back to a restore point.

Windows 7RC 64Bit.

Answer:C:\System Volume Information

Its part of the system restore feature. So if you dont use that you could disable it and it should remove that folder.

9 more replies
Relevance 68.47%

When I turn off System Restore on my partitioned D drive, there is a still a subfolder in the System Volume Information folder named: _restore{2AA86FA6-CEB4-46B9-A260-A78C7302C6BF}, that remains. When I go to explore it, it contains many files that have long been deleted. Can I go ahead and delete this whole folder? Not the System Volume Information, but just the subfolder; _restore{2AA86FA6-CEB4-46B9-A260-A78C7302C6BF}. BTW, shouldn't that subfolder be automatically erased upon turning the sytem restore off? Thanks
 

Answer:System Volume Information

Tranceaddict said:



When I turn off System Restore on my partitioned D drive, there is a still a subfolder in the System Volume Information folder named: _restore{2AA86FA6-CEB4-46B9-A260-A78C7302C6BF}, that remains. When I go to explore it, it contains many files that have long been deleted. Can I go ahead and delete this whole folder? Not the System Volume Information, but just the subfolder; _restore{2AA86FA6-CEB4-46B9-A260-A78C7302C6BF}. BTW, shouldn't that subfolder be automatically erased upon turning the sytem restore off? ThanksClick to expand...

I am not sure about the auto erasing part of the question, but you can always place the folder in your recycle bin for a bit and see if anything goes screwy (unlikely). It seems to me it is just an old restore point file. You could probably safely delete but, it is always safer to have it handy for a little while before deleting permanently.
 

2 more replies
Relevance 68.47%

Seems I have a problem. I left my house for about 20 minutes, come back to my computer and Norton is open saying it found and quarantined a trojan horse. I don't know how I got it, considering I was gone and everything on my computer was closed.

This was the exact file and location:

File: C:\System Volume Information\_restore{E9431B88-3A8B-4B9F-B2B1-ABBDE576F6FD}\RP339\A0202805.dll

I want to make sure there is nothing else, because with just a .dll it makes me think there is more infected files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:45 PM, on 5/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.... Read more

Answer:C:\System Volume Information\

8 more replies
Relevance 68.47%

there is a folder on my PC called "System Volume information" don't know how it got there, and all access to it is denied even for viewing.when i gointo safe mode to have a look or try to delete it, it is not shown, My OS is xp home, can anyone tell me anything on this

Answer:System Volume information

Do NOT delete it as Windows needs this file/folder..

2 more replies
Relevance 68.47%

Hi - I felt something was wrong so I ran Trend Housecall the free online virus and spyware checker. It came up with over 20 consecutive files stating trojan - spyware and all these were in D:\System Volume Information\.......\A0365396.exe to D:\System Volume Information\....\A0365416.exe.
Trend asked Do I want to fix it I responded yes
any one advise what is going on as I am receiveng numerous american based suspicious e-mails. a lot referring to Cheryl whoever that may be
regards

 

Answer:System Volume Information

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user account ... Read more

2 more replies
Relevance 68.47%

This post is my first; I'd like a second opinion from B C folks before I proceed to fool with VISTA's System Restore Points for the first time.

I run Home Premium 32-bit on a partitioned Gateway laptop with 221 GB allotted to C/ and 57 GB of C/ is in use. Of that 57 GB, 31GB is filled exclusively with -- guess what -- System Volume Information files! I'd like to prune this back a little, but only if doing so won't throw VISTA into a tizzy.

Anybody out there done this already? Anybody wanna try it first? I've searched the B C forums for this topic and haven't found one yet specifically adressing this issue. Here are my sources --

According to this page at TechRepublic:

<<http://techrepublic.com.com/5208-6230-0.html?forumID=228428&start=0&taq=rbxccnbdisc1>>

VISTA's SRP is set to delete old files after 136 years although its XP predecessor did so after a mere 90 days.

Indrajit Chatterjee's Blog 3/25/08 "Reclaiming disc space from 'system volume information' offers the following instructions:
<<http://indrajitc.wordpress.com/2008/03/25/reclaiming-disk-space-from-system-volume-information/>>

Thanks for your attention, folks.

Answer:System Volume Information

Here's a very similar link from the person I consider to be an authority on all things System Restore: http://bertk.mvps.org/html/diskspacev.htmlShouldn't be any problem.

7 more replies
Relevance 68.47%

I have a hidden files called System Volume Information it is 2.11GB in size , does anyone know what it is and is it ok to delete ??cheersbeemerman

Answer:what is System Volume Information ??

click here

3 more replies
Relevance 68.47%

What the heck is in that file and why can't I open it?

In the C: drive, main area, there is a file called System Volume Information, I can't open it, it says access denied

When I defragged the HD it says that whatever the hell is in there is fragmented?

I got a torjan the other day, I thought AVG got rid of it, but AVG pops up a window every now and then saying it is still there, I think it says its in that damn folder Does AVG not detect it because the folder is blocked?

I noticed my computer is kinda slow, so how do I get in that dag folder?

Answer:System Volume Information.....

http://www.theeldergeek.com/system_v...on_folder1.htm

This is what you need to know.

after that, disable system restore and run your av

6 more replies
Relevance 68.47%

Hi:

I am having problems trying to remove Trj/CI.A from the system volume information folder. I can't execute any .exe commands or even get to the command prompt (even in safe mode). My combofix results are listed below. Any help is greatly appreciated.
ComboFix 11-01-29.03 - Sports Xpress 01/30/2011 13:51:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.180 [GMT -6:00]
Running from: c:\documents and settings\Sports Xpress\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sports Xpress\Application Data\Mozilla\Firefox\Profiles\vh8oec4d.default\extensions\{369ff373-e69e-472c-a5fd-9f264422d0f0}
c:\documents and settings\Sports Xpress\Application Data\Mozilla\Firefox\Profiles\vh8oec4d.default\extensions\{369ff373-e69e-472c-a5fd-9f264422d0f0}\chrome.manifest
c:\documents and settings\Sports Xpress\Application Data\Mozilla\Firefox\Profiles\vh8oec4d.default\extensions\{369ff373-e69e-472c-a5fd-9f264422d0f0}\chrome\xulcache.jar
c:\documents and settings\Sports Xpress\Appl... Read more

Answer:Trj/CI.A in system volume information

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It... Read more

2 more replies
Relevance 68.47%

Help! I have recently updated my AVG virus scan and it finds an I-worm virus sitting in my System Volume Information directory.However the virus program cannot access the folder as it can't see it!I can't see this folder in Windows, I can only see it if I go to DOS environment and dir/a:h the c: drive.I cannot access this folder as it says access is denied. Does anyone know how to access this folder? Or even make it visible to programs in Windows?I'm running Windows XP on a Celeron 2 GHz laptop and AVG version6. Thanks!Dave Woods

Answer:System Volume Information

Don't know if this is of any use..... cause don't really know what i'm talking about but....I had a folder that was causing problems a couple of months ago. I ran the virus checker and like you said it couldn't see it... I tried to manually delete it but it wouldn't let me. In the end i ran scandisk and and it found i and i was able to delete it from there.Like i said don't know if that helps but worth a try maybe :)

4 more replies
Relevance 68.47%

Hello. Im a novice so please enlighten me.

my AVG antivirus always displays this message (even though im not running the scan manually)

Threat Detected! while opening file: E:\System Volume Information\_restore{9E74D4F4-A15B-4496-A0F3-77B54401AA42}\A0032793.vbs
Virus Found VBS/small

What do i do? I have tried healing but it failed. if I press move to vault, it says object moved to vault. but then after a few minutes it pops up again.

Then another kind of threat, desktop.ini, pops up from time to time.

how seriously at threat is my laptop? it runs on xp 2000, intel celeron 1.3GHZ

THANKS SO MUCH in advance.
 

Answer:help please- system volume information

That is in the restore points

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
 

1 more replies
Relevance 68.47%

My System Volume Information folder has 28 of those very large files
that take up 27.2 GB of disk space. The oldest is dated 11-01-2013. This seems to me to be too much . Is it too much? If it is too much, what could cause that to happen?

Answer:System Volume Information - Is it too big?

The System Volume Information folder contains your Windows restore points. Depending on the size of your hard drive, 27 GB isn't that much space.

You can adjust the amount of hard drive space the restore points use. In the Search Bar type Advanced then select View Advanced System Settings then click on the System Protection tab, from there you can adjust the percentage of hard drive used for restore points.

4 more replies
Relevance 68.47%

Hi All,Plz explain what is System Volume Information and how to clean the viruses from System Volume Information.[/font][/size]Regards SSK

Answer:System Volume Information

Hello, It is a part of System Restore; the tool that allows you to set points in time to roll back your computer. The System Volume Information folder is where XP stores these points and associated information that makes them accessible. The Elder GeekCreate a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok". Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" tab, then click the "Clean up" button under Sys... Read more

1 more replies
Relevance 68.47%

Hi, I'd just like to know how to access system volume information on my hard drives if anyone knows how and if it's possible. Thanks.

Answer:Need help on system volume information

Windows XP Professional and Home Edition - FAT32 File System

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Double-click the System Volume Information folder to open.

Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

Windows XP Professional Using the NTFS File System on a Domain

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user y... Read more

3 more replies
Relevance 68.47%

I was defragging with defraggler and i noticed that there were a few defragmented files in System Volume Information but they were huge files which added to about 8gb. It could be more as only the fragmented files add to 8gb.

I was wondering where these files came from? They have long, random letter/number names and range from 200mb - 3gb each

Before my factory settings reset, i used to have only 1 huge file in system volume information which was ~2gb.

is it okay if i delete these files

thanks

Answer:~8-9 GB used in C:\System Volume Information\ ?

They are system restore points.

System Restore

You can safely delete all of them but the most recent one to get the space back if you like, but be aware that you won't have those points to go back to if you ever need to, except the most recent one made. They will be made again after a while, which you can then repeat if you want. Or you can just leave them be.

System Protection Restore Points - Delete

You can also change how much or how little space system restore will take up. Or just leave it like it is.

System Protection - Change Disk Space Usage

3 more replies
Relevance 68.47%

In a recent attempt to clear some space on my hard disk to improve performance, I decided to perform a Treesize scan to identify the folders containing the largest amount of data. According to Treesize, the folder, "C:\System Volume Information" has a capacity of 42.3 GB and is easily the largest on my hard drive. From a search on here, it seems to be the location for System Restore points, even though I've configured that to use just 200 MB of disk space, and only the most recent System Restore point is available to return to.

I'm running Windows XP Home Edition SP2, with a 146 GB hard disk. Any suggestions as to how I can clear this space would be gratefully appreciated. Thanks.
 

Answer:C:\System Volume Information

16 more replies
Relevance 68.47%

I am wondering what some of these files in the "system volume information" folder are.chkdsk (this is actually a folder)6373773drv.iswmdllog.datMountPointManagementRemoteDatabasetracking.logI saw these and got suspicious. Anyone know what they are?

Answer:System Volume Information

Sorry about the vagueness of my question, I've just never seen these before. I know what chkdsk is, I have never seen a folder named chkdsk though.

5 more replies
Relevance 68.47%

Help ! My System Volume Information folder on my PC has started increasing in size and gets bigger every time I reboot.It has now reached a size of over 20GB and still increasing. This is where all the restore points are held. I've run Norton anti-virus scan but no viruses have been found.Can this folder be recreated from scratch ?Has it somehow got corrupted ?Any ideas would be greatly appreciated.Mio

Answer:System Volume Information

You can disable system restore, reboot the machine and then set a new restore point. All the old ones will be gone.

3 more replies
Relevance 68.47%

My system volume information folder is HUGE...it takes almost 20GB of storage, why is it so big?! can i delete stuff in it somehow? i dont want to screw anything up, so some help woul db every nice, thanks

Answer:System Volume Information

It's a very important folder used by System Restore...it's probably so big due to the amount of restore points you have but 20GB is a bit extreme.

You won't be able to access the folder unless you change the security permissions...but I would stronly advise against doing so.

What may help is if you disable System Restore which will delete the restore points, then re-enable it and change the settings.

You can do all that by right clicking 'My Computer' either on your Desktop or Start Menu then select 'Properties'. Choose the System Restore tab and you can turn it off by removing the tick and clicking Appy. When you re-enable, you can click the Settings button and reduce the amount of disk space usage.

Hope that helps :-)

6 more replies
Relevance 68.47%

I have Windows XP Home and I have a problem accessing the System Volume Information folder. My System Restore will not work at reboot, so I would like to do a manual restore with which I am familiar. I tried the cmd prompt command: C:\ cacls "C:\System Volume Information" /E /G SKYNEST:F and I get a corresponding good reply of: process dir: C:\System Volume Information. From what I know it should unlock the folder, but it doesn't. Access is still denied even after a reboot. So, after searching diligently I have come to majorgeeks.com because your community is the best! Can you get my system straightened out? Just so you know, I have no security tab under folder options in My Computer. Also, I cannot clear "Use simple file sharing" in the folder options View tab because it is not there! So, you see I have come a ways and am stuck.

I know I can do a manual restore using Windows Mini XP to access the folder from a CD, but it just seems to be such a round about way when I could just use Resore or get into the System Volume Information Folder.
 

Answer:System Volume Information

skynest said:





I have Windows XP Home and I have a problem accessing the System Volume Information folder. My System Restore will not work at reboot, so I would like to do a manual restore with which I am familiar. I tried the cmd prompt command: C:\ cacls "C:\System Volume Information" /E /G SKYNEST:F and I get a corresponding good reply of: process dir: C:\System Volume Information. From what I know it should unlock the folder, but it doesn't. Access is still denied even after a reboot. So, after searching diligently I have come to majorgeeks.com because your community is the best! Can you get my system straightened out? Just so you know, I have no security tab under folder options in My Computer. Also, I cannot clear "Use simple file sharing" in the folder options View tab because it is not there! So, you see I have come a ways and am stuck.

I know I can do a manual restore using Windows Mini XP to access the folder from a CD, but it just seems to be such a round about way when I could just use Resore or get into the System Volume Information Folder.Click to expand...

You may need to restart the computer to safe mode by pressing F8.

This is from the Microsoft site:

The following steps also work if you restart the computer to Safe mode because simple file sharing is automatically turned off when you run the computer in Safe mode.

Open My Computer, right-click the System Volume Information folder, an... Read more

10 more replies
Relevance 68.47%

I have a virus or malware. Every time I run Ad-ware . I get malware that show up in C:\ System Volume Information.I keep removing it but it just comes back. I add my Hi-jack reporLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:58 PM, on 10/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exeC:\Program Files\iRacing\iRacingService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS&#... Read more

Answer:C:\ System Volume Information

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computerhttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.I get malware that show up in C:\ System Volume Information.The only way to clean that is like this:Turn off System Restore.On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.Check Turn off System Restore.Click Apply, and then click OK.RebootTurn ON System Restore, On the Desktop, right-click My Computer.Click Properties.Click the System Restore tab.UN-Check *Turn off System Restore*.Click Apply, and then click OK.I see a few other issues in this HJT log and would be glad to help you address them if you will post a fresh HJT log.Thanks

2 more replies
Relevance 68.47%

Is this the directory for the Windoze System Restore? If so....can it all be safely deleted? I don't use it anymore as I use GoBack exclusively.
 

Answer:C:\System Volume Information???

Yes and yes. You can clear your restore points . see here http://www.majorgeeks.com/vb/showthread.php?p=342176#post342176
 

11 more replies
Relevance 68.47%

what is system volume information? this has 12.6gb against it and when i opened it, it shows 12.6gb of _restore against it. when i opened restore folder, it shows folders giving size and number starting with RPxxxxx.

Answer:system volume information

madaboutplants,Some infoclick hereHTH

7 more replies
Relevance 68.47%

I built a new computer with a 160 gig drive in it. This drive has 2 partitions, one with Win XP Prof on it. I took my old 80 gig drive out of my old computer(which also has 2 partitions) to transfer files to the new drive. This drive had win 98 on one partition but I did not have it bootable. I've had it in the new computer for about 5 months now and want to reformat it to clean it all off. I noticed that there is a folder there that is called System Volume Information. The sub-folders are restore folders with current files in it. Why are the restore files being stored on this drive and not the new one with XP on it and is it all right to delete these files?
 

Answer:System Volume Information

I don't know why it would create the current files in those folders, but Iknow that the Vol Info on my C: drive is not accessible.

If you aren't sure what will happen if you reformat the secondary drive, just unplug it and run the PC as normal...give it some time, and if it all works properly, I wouldn't worry about it - just make sure that it is set to cable select or slave, replug it in, and reformat.

MBN
 

2 more replies
Relevance 68.47%

Hey guys,

Just a quick question, I've a 80gig hard drive, partitioned in two; 52gig on C, & 24gig on D,

When I ran Treesize pro while doing a spring clean to clear some space, It shows that System Volume Information is occuping 22 GIG on my C Drive - ?!?!?!?!

What is System Volume Information within windows??

I can't open the folder within treesize, and I don't want to delete it wothout knowing what exactly it's purpose is...

Screenshot

Please help!!

Cheers

Sticker
 

Answer:System Volume Information - XP - ???

Have a look here.......

http://www.theeldergeek.com/system_volume_information_folder1.htm
Debe
 

1 more replies
Relevance 68.47%

Does anyone know WHERE I can FIND:
C:\System Volume Information\ ???

I just can't find it anywhere under WINDOWS or as System 32 subfolder. My anti-spy app, says I got all kinds of
INFESTED trojans, droppers, keyloggers etc. located there.

Answer:C:\System Volume Information\ ???

i believe its a hidden folder, make sure u make all hidden folders and OS files viewable by going to windows explorer, tools menu, folder options, vies tab

4 more replies
Relevance 68.47%

Recently my spyware programs get locked on the "System Volume Information\tracking.log" folder. They work okay in Safe Mode. I found instructions to allow access to the folder, even though Microsoft's Instructions were inaccurate. However, I deleted the file in Safe mode and it reappeared upon reboot.
 

Answer:System Volume Information

Instead of changing permissions on the folders and thus allowing malware possible access to them, just use Disk Cleanup to delete all but the last of the restore points. If the last one also is infected, make a new one (when your machine is clean, of course) and delete the previous one with Disk Cleanup.
 

3 more replies
Relevance 68.47%

I have this directory named System Volume Information on my hard drive. You can't even access it. So, what good is it and what is it?

Answer:System Volume Information

http://support.microsoft.com/kb/309531

2 more replies
Relevance 68.47%

I have recently come up against this message:-The file or directory \System Volume Information \1 {3808876b-c176-4e48-b7ae-04046e6cc752} in corrupt and unreadable.This maeeage occures when I unlock a WesternDigital 'My Book essential 1TB' external USB Drive.I am advised to run chkdsk on this drive, but when i do windows advises me to restart windows to continue, but the drive automatically locks.Any help would be gratefully received.thanks in advance...

Answer:system volume information

It's system restore, if you disable it and reboot and then re-enable it it will most likely be fixed. If you do not use system restore then i would keep it disabled.

8 more replies
Relevance 68.47%

I could do with a bit of help here. While doing a bit of analysing I discovered that on my notebook the System Volume Information folder was using 12gb. This rather staggered me but I discovered this was caused by System Restore. I turned off System Restore and rebooted. This emptied the folder as I expected. I then turned it back on, set a restore point and all is fine. About 600mb now.
The thing that has me baffled though is that my desktop computer was showing zero in that folder. System restore was turned on and many restore points had been set. So where is all that information gone. I should point out that both computers are running Vista Home Premium with SP1 and all updates. I turned off System Restore, rebooted then turned System Restore on again, set a couple of restore points, but the folder is still zero. I tested a Restore point and that worked fine. I'm afraid I'm at a loss. Obviously the information is somewhere. Suggestions would be greatly appreciated.
 

Answer:System Volume Information

Read:--> How to gain access to the System Volume Information folder

Also:

Clear system restore points


Clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

 

5 more replies
Relevance 68.06%

I bought my computer used and have never been able to make a System Image disc for back-up purposes and I've had some other problems with "Backup and Restore" as well. I always get this error: "The backup application could not start due to an internal error: Server execution failed (0x80080005)." By doing research I discovered that this happens because the SYSTEM does not own the "System Volume Information" file, the user does instead (me).
When I got the computer I took ownership of the entire C drive because I kept having permission problems. Now I know better and would not do that again, but I guess the only problem it caused was with "Backup and Restore" - two years on and I haven't had any other problems.
Anyways, I've tried changing ownership of System Volume Information, but it won't let me. I've found several ways to take ownership, but how can I get Windows to let me give ownership back to the SYSTEM? Or is there a way to return the file to its default state, or maybe copy a new version and delete the old one? Thanks for your help.

Here is the post where I found the solution to my backup problem:
Starting Windows 7 Backup : Server execution failed(0x80080005) ????

I apologize if I'm not supposed to post links - I'm new here

Answer:Need to give ownership of System Volume Information to SYSTEM

Links are OK as long as they're not advertising, objectionable material, solutions that would harm a computer etc.

2 more replies
Relevance 67.65%

Hi,

I have two partitions on my disk. One for the the operating system (xp pro) and the other one for data and so on. The other day decided to unmark the "hide system files and folders" option, just to try and experience.

Now, on my data partition root appeared a folder that names itself "system volume information". I cant acess that folder, and the system alerts me of some kind of nfts allocation table error, or something like that, when i try to acees it
What is that folder? Should i be worried?

Regards...
 

Answer:System Volume Information Folder

System Volume Information Folder

How to gain access to the System Volume Information folder
 

3 more replies
Relevance 67.65%

Is this normal?
How can I free up some space?
Thank you!

More replies
Relevance 67.65%

Since System Volume Information is a locked file, obviously it can't be defragged, but on my secondary computer it is broken into 25 pieces, which are scattered across the volume. This inteferes with proper organization of other data, and I'm wondering if there is a means to put the pieces
together?

EDIT: If I'm not mistaken SVI is also where shadow copies are located, but I used system cleanup to remove any extra shadow copies, so that there are now only 3.

Answer:System Volume Information *Defrag*

Disable System Restore. Delete all restore points. Re-enable.

1 more replies
Relevance 67.65%

hi.
i did a virus scan and it came up with this:

KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, July 19, 2005 23:58:04
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/07/2005
Kaspersky Anti-Virus database records: 131145
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 41167
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 1694 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{7D98AD5D-6286-4C1D-9CEE-9009D230B3F3}\RP51\A0036748.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{7D98AD5D-6286-4C1D-9CEE-9009D230B3F3}\RP51\A0036750.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{7D98AD5D-6286-4C1D-9CEE-9009D230B3F3}\RP52\A0036909.exe Infected: Trojan.Win32.Crypt.e
C:\System Volume Information\_restore{7D98AD5D-6286-4C1D-9CEE-9009D230B3F3}\RP52\A0036942.exe Infected: Trojan.Win32.Crypt.e

the problem is,i cant find where the viruses are.i have done a search in files and folders but ... Read more

Answer:can not find System Volume Information

Those viruses are in your System Restore. Go to Start and right click My Computer and select Properties. Under the System Restore tab put a check mark in Turn off System Restore and click Ok. Repeat this process and Turn on System Restore. This will create a new Restore Point that won't be infected.

3 more replies
Relevance 67.65%

I delete it, but it stays there, nothing happened. How can I delete it?
And is it safe to do?

Answer:tell me how to delete System Volume Information on D:

Windows needs that. Well, it certainly wants it.


See: http://indrajitc.wordpress.com/2008/...e-information/

9 more replies
Relevance 67.65%

I recently became infected with three Trojan Downloaders. I did a virus scan using AVG; ran Ewido in Safe Mode; and did an online virus scan with Kapersky.
All three were successful in identifying these Trojans. Ewido listed them within the System32 folder, whereas each virus scan listed them within the System Volume Information file.
I did a manual check to see that they have been eliminated from the System32 folder, but I'm not sure if they're still with the System Volume Information folder.
Hence...my question. How do I get into this folder?
I have performed the following steps, but to no avail...

1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options.
3. On the View tab, click Show hidden files and folders.
4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
5. Clear the Use simple file sharing (Recommended) check box.
6. Click OK.
7. Right-click the System Volume Information folder in the root folder, and then click Properties.
8. Click the Security tab.
9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.
10. Double-click the System Volume Information folder in the root folder to open it.

...and then when I click on the folder I get the message:

C:\System Volume Information is not accessible
Access is d... Read more

Answer:Accessing System Volume Information

Hi, Read about cleaning up infected files found in System Restore area here:

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Use the instructions for your version of Windows, only XP and Windows ME have system restore...
What you have to do, is after making sure all is OK, all malware cleaned, turn off System Restore, then turn it back on, and create a new first Restore Point...windows does it all after the first one is made.

(I have the steps which I can post for turning off Restore, turning it back on, creating a new Point which I can post, just like to confirm that all malware is gone.)

BUT are you sure everything is fixed, including ad-spyware?

If you post the log from Ewido, and a Hijackthis log, maybe we can help you with anything that was not fixed....

Make a NEW scan with Ewido please, not the old log....

Here are Hijackthis directions, if you need them:

Click here to download HJTsetup.exe
Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
the next step can be skipped if you are on your computer, and it has Internet access that works.

By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
C... Read more

3 more replies
Relevance 67.65%

Hi,
Is it possible to move the System Volume Information folder to an internal HDD (D:\)?
The problem is that the C:\ drive is an SSD with limited capacity and I'd rather not use it for system restore points since there's a 1 TB HDD right next to it...
Thanks

Answer:Moving System Volume Information

Hi,
The System Volume Information file contains System Restore and is a critical operating system file which should be left in its default location. So I would not recommend you move it to an internal HDD .
If you?re worried about the
limited capacity, I suggest you turn on or turn off system protection for a particular disk to save the space.
Please refer to the following article:
Turn System Restore on or off
http://windows.microsoft.com/en-in/windows7/turn-system-restore-on-or-off
You can also limit the amount of disk space reserved for system restore. When you limit the amount of space, older Restore Points will be deleted if the space is not enough. 

Click the Start   Click on System Protection.Select the drive you want to change and click Configure.Under Disk Space Usage you can see how much space is already allocated for system restore and how much is actually being used.  Drag the slider to the amount you?re willing to give away (recommended: 5-8% of your hard drive) and hit
Apply.
Regards,
Yolanda

2 more replies
Relevance 67.65%

Hi,

I have a 40gb hd. Found a folder on it called 'System Volume Information'. It's 3.5gb

Is this where all my sys restore info goes? Explorer wont let me look at the files

Any ideas?
cheers

Answer:System Volume Information folder

i believe u r correct. really wanna find out since it wont let u in is delete all but the most recent restore point in disk clean up and see what the size of the folder is afterwards. that is alot of restore points to be using up 3.5 gigs and my restores fail neways when i try to go back to more than a week or 2 prior. so i would reclaim ur disc space to use for better things than holding useless old restore points.

2 more replies
Relevance 67.65%

Hey all! So first my specs: Vista Home Premium SP2,  AMD Phenom 9500 Quad-core Processor 2.20 GHz, 6GB RAM, 64 Bit OS.
 
  Ok so the problem:  My c:/ drive is filling up with unaccountable data.  Seems like its lost 120+ GB in the last couple months!  I ran WinStatDir and came up with about 290GB of "unknown" data.  Ran disk cleanup, went to "restore and shadow copies" and erased all but recent.  Gained about 12 GB. Did some research, then ran SpaceMonger (in administrator).  Came up with up 284.4 GB of unscannable data in 2 folders: c:/SystemVolumeInformation and c:/windows/system32/logfiles/Wmi/RtBackup.  the windows folder has about 6kb.  System volume information contains about 285GB!  It seems most people having this problem, it appears to be system restore backups.  I've deleted them a couple times through disk cleanup now ,but the files in systemvolumeinformation persist.  Any ideas if these are backups and if I can get rid of them?  Any help is greatly appreciated.  Thanks.
 

Answer:280 gb of data in system volume information!!!

Hi pipermac These are indeed "restore points" used by the System Restore feature of Windows. To delete them, right-click on Computer and select Properties. Click on Advanced System Settings in the left pane, and click on the System Protection tab. From there, click on the Configure... button followed by Delete at the bottom. This will delete all the current restore points. Once this is done, I suggest you to create a new one, just in case.

6 more replies
Relevance 67.65%

Right now System Volume Information is taking up 60GB+ on a 218GB drive. I tried limiting the size of the shadow copies but due to registry errors caused by some cleaner I can't run VSS or anything regarding System Restore. I'm not comfortable with messing with my registry, so is it okay for me to delete all the files?

Thanks.

Answer:Deleting System Volume Information Okay?

Hi welcome to the forum.
Have you tried this to see if it helps:-
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

13 more replies
Relevance 67.65%

hey guys.
I have a problem... I am using a portable hdd.
and theres a problem- all of a sudden when I connect it to the usb, it asks me to format the drive. There are files on the drive. My guess is- it is because I deleted the "system volume information" folder via the hard disk itself, and not from windows. so now, I can't read the drive.
What can I do, to extract those files for safe keeping? PLS help

Answer:help! System volume information? format?

a fairly fail safe way is to try and put it IN a pc by removing the hdd from the case and installing it

5 more replies
Relevance 67.65%

As there are malware to be removed in my System Volume Information folder, I must access the folder to remove them. The solution for access, provided by MS is incomplete. It states that once I have provided access to the Hidden Files, etc, I click on Properties & then on the Security Tab. However, there is NO Security tab.I am running XP Pro SP3. Anyone have a resolution?

Answer:System Volume Information folder

The link below ahould be of some help.System Volume Information Folderhttp://www.theeldergeek.com/system_...As far as getting rid of the infected files in that folder the normal way is to turn off System Restore, restart the computer then turn on System Restore again. This will purge all of the System Restore files including the virus infected files."Make sure that you turn System Restore on again. How to turn off and turn on System Restore in Windows XPhttp://support.microsoft.com/kb/310405Tufenuf

4 more replies
Relevance 67.65%

Hi, I need help accessing/getting into: System Volume Information folder in both my hard drives...It won't let me in and when I try to open it says this:


"C:\System Volume Information is not accessible. Access is denied."


Please help. Thanks.

(Windows XP Pro. User)

Answer:Need help accessing system volume information

Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options.
3. On the View tab, click Show hidden files and folders.
4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
5. Clear the Use simple file sharing (Recommended) check box.
6. Click OK.
7. Right-click the System Volume Information folder in the root folder, and then click Properties.
8. Click the Security tab.
9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.
10. Double-click the System Volume Information folder in the root folder to open it.

5 more replies
Relevance 67.65%

There seems to be quite a bit of postings & frustration with virus found in "System Volume Information" folder, and solutions on how to clear them. My question is how & why does it get there in the first place if my anti-virus program - Mcafee, deletes something - BTW it does put in a QUARANTINE folder, how/why/where does the system restore mechanism pick it up hours later? And how do I make sure the virus file is really, really, really, deleted at the time of initial detection & deletion?

Answer:virus in System Volume Information

"really, really, really" man are you kidding?if antivirus kills a virus or deletes a file thats all , its gone)

5 more replies
Relevance 67.65%

I tried to format my 2GB USB drive in NTFS Format in WINDOWS XP. When i format the drive, it was formatted successfully, but inside the formatted drive one of the folder is created named as "System Volume Information". I tried to delete the folder, it says "Access Denied" also remove my USB drive safely but it show and error like "the Generic Volume is used in another program...". why it will happens, the folder "System Volume Information" is a virus?.. how can i overcome this problem... reply me as soon as possible.. thanks to all...

Answer:System Volume Information Folder in USB?

It's not a virus.

It's a system folder present on most NTFS volumes and is used primarily for system restore points (this folder is where they're saved to). It's intentionally set up so you can't simply delete it. To do that, you'll have to give yourself ownership of the folder and then assign yourself full access permissions.

If this folder bothers you, you might format your USB stick as FAT32 instead.

3 more replies
Relevance 67.65%

I ran Ad-Aware and it found a BFK installation exe in C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP29 So I found the file and it was renamed "A0018604.exe" . I looked around in the registry where it is supposed to be but did not see anything familiar with what a keylogger removal website was telling me. So I am a bit confued as to why an installation file would be on my computer but it is not installed. I understand the process part of the hijack this log but I cannot read the rest. So I was wondering if I was missing something.
"Hijack this log"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:54 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.... Read more

Answer:BFK Keylogger In C:\System Volume Information

I scanned again today and found another bfk installer. This one was still located in the system volume folder but was renamed and in another file. Anyone have any ideas?
 

1 more replies
Relevance 67.65%

Hi, my anti-virus software, Trend Micro, keeps popping up this message about a keylogger called the Perfect Keylogger stuck in my system volume information. I know that this folder is just for my System Restore information, but it concerns me that this keylogger is in there, since if I have to use my system restore, I'll have to deal with getting rid of it all over again. I already got past the access denied stuff for the System Volume Information folder using cacls, but the sub directory that contains the keylogger is also denying me access. However, I can't use cacls to grant me access, because it too says access denied when I try. I was wondering if anyone knows a way for me to get access into that subdirectory so I can shred that file. You had a similar thread about this here: http://forums.techguy.org/showthread.php?p=2648044, and you seemed to handle that nicely.
 

Answer:Keylogger in System Volume Information

7 more replies
Relevance 67.65%

The SVI takes up about 8 GB on my Hard Drive. If I were to delete the SVI folder (or at least most things in it) would there be adverse effects on my computer? Could some please explain what the SVI is, in general?

Thank you,
Jonathan
 

Answer:Deleting System Volume Information

15 more replies
Relevance 67.65%

I've noticed that, at least once a day, my Dell Dimension computer gets very busy writing System Volume Information to the disc. According to the resource monitor, the file is C:\System Volume Information\{a98f790-and the rest of the file name looks like a very long registry entry}. At the moment, it's writing upwards of 200,000,000 B/sec to the hard drive. And then it just stops.
It doesn't seem to be causing any problems, or slowing the system down. But I'd like to know what the heck it's doing.
Any thoughts?

Thanks,
Scott
 

Answer:System Volume Information Activity

6 more replies
Relevance 67.65%

I intend to delete the file below but cannot find it on my computer ( Windows XP Pro )
# C:\System Volume Information\_restore{A9810597-5075-486E-AD8B-945DDC602D99}\RP565\A0119712.exe
Can anybody explain where this file is located and how to find it ?

Thanks

Anton ABC
 

Answer:Where to find c:\System Volume Information

10 more replies
Relevance 67.65%

adaware SE detects spyware in system volume information, and it wont seem to go. how do i access this file to delete it.

Answer:spyware in system volume information

System Restore for XP:
: Right click on the My Computer icon on your desktop and select properties.
: Click on the system restore tab.
: Check the box that says "Turn off system restore on all drives". Click OK.
: Click Yes when you are prompted to restart the computer
: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.


For Windows Me:
: Right-click My Computer, and then click Properties.
: On the Performance tab, click File System, or press ALT+F.
: On the Troubleshooting tab, click to select the Disable System Restore check box.
: Click OK twice, and then click Yes when you are prompted to restart the computer.
: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.


Lobos

1 more replies
Relevance 67.65%

Im trying to cleanup after my daughter opened an unknown file on messenger and infected the computer with a version of Isass.My mainproblem now is that I can't get into System volume information.Any suggestions would be appreciated.

Answer:Can't open system volume information

click heregood luck...

10 more replies
Relevance 67.65%

I have a Virus, it resides in a folder called "Sytem Volume Information" and is a Trojan.I am running XP SP1.........can anyone help me out?This Virus seems to be detected by my Virus checker once every half an hour or so. Each time I delete it, it comes back as a slightly differen file name with lots of numbers in.

Answer:A Virus in "System Volume Information".

WrathMaster2, when you have done a virus scan and deleted the virus, have you turned off system restore?If I remember correctly, system volume information is the hidden system folder where your restore point data is held. If the virus is in there, anti-virus s/w wont be able to delete it as it's a system protected folder.From advice given on this forum(and elsewhere),if your anti-virus s/w does find a virus, you should turn off your system restore function to make sure the virus is removed totally as, as it looks like with your system, the virus can lodge in your restore point data.Hope this helps, dagwoood.

3 more replies
Relevance 67.65%

C:\System Volume Information" /E /G Zombie :F

None of the cmd commands would work at all I've tried everything and its says the commands aren't real.

The command above is my example it did nothing.

I have a virus inside my Sysem Volume Information folder I wanted to see what VirusTotal.com would say if I sent the file to them. But dumb enough I'm not allowed to get into that folder even know I can see it. The OS doesn't allow me to just click into the folder its self.

C:\System Volume Information\_restore{7DC0BD25-810A-4646-9B02-25E7BB3740C2}\RP38\A0014125.exe (The A0014125.exe is the virus and the only file in the folder.

Anybody have any ideas what I should do?

Because this "virus" or spying .exe file came from FreeMake Video Converter.

Yet, I can only view with add now Quarantined Items.

Answer:Trying to get into System Volume Information Folder.

How to gain access to the System Volume Information folder

3 more replies
Relevance 67.65%

I recently upgraded to Vista Home Premium. I Run Nod32 V3 virus software,but find that it does not scan System restore files. I have taken ownership of the folder and sub files but still cannot scan for malware. I used to use XP pro and had no problems scanning the restore files. The message in the Nod32 log file reads "error opening". Any help with this matter would be most welcome.
Thanks

Answer:System Volume Information Files

You might consider that if Nod32 can't open them, neither will malware, so
there really is no point to scanning them. Vista buttons down the system
much tighter than XP -- and I cannot stress enough it is NOT XP - so please
don't keep trying to make it work like XP. Learn how Vista works, and come
to appreciate that much of the third party tools you had to install in prior
versions is already there in Vista, or there is greatly reduced need for it.
Much now runs automatically in the background, and except for the disk
light, you won't even know it's running. It's possible that Nod32 comes in
a Vista compatible version that understands Vista a bit better than the
version you are using.
Good luck.
"jswas" <[email protected]> wrote in message
news:[email protected]
>
> I recently upgraded to Vista Home Premium. I Run Nod32 V3 virus
> software,but find that it does not scan System restore files. I have
> taken ownership of the folder and sub files but still cannot scan for
> malware. I used to use XP pro and had no problems scanning the restore
> files. The message in the Nod32 log file reads "error opening". Any help
> with this matter would be most welcome.
> Thanks
>
>
> --
> jswas
> ------------------------------------------------------------------------
> jswas's Profile: http://winvistaclub.com/forum/member.php?userid=569
> View this thread: http://winvistaclub.com/forum/s... Read more

3 more replies
Relevance 67.65%

Yes, thats it Please click Start > Run, type notepad in the runbox and press enter.Copy/paste the following text into Notepad and save it as fixme.bat in the same location as bootkit [email protected] off
remover.exe fix \\.\PhysicalDrive0
exitExit Notepad and doubleclick on fixme.bat to run it. After a reboot, rerun remover.exe and let me know what is now listed under MBR status."After a reboot, rerun remover.exe and let me know what is now listed under MBR status."It now says:OK <DOS/Win32 Boot Code Found>Sounds like good news. ? One strange event, however, immediately following the above. Icon in system tray - "Windows has found new hardware" I think it said. Then a notice that the software needs a restart for the new hardware, or something similar. I haven't rebooted though.??(Haven't installed anything new on the computer since I discovered the Trojans several days ago).hi there i am having the same problem as blixx i followed the instructions like you said to do however, when it gets to these steps first making the fixme.bat file and do a restart i then begin to rerun remover.exe and under the MBR status there is no change mine is still Unknown boot code i re-read all the previous steps and the only difference i could notice was the fact that blixx has xp and i'm using vista ? maybe thats why mines is still the same ?hope u can help thanks

Answer:System volume information infection

Never follow instructions that are specific for another user! You can do quite some harm that way!

Do you have your Vista DVD at hand?

7 more replies
Relevance 67.65%

i got a secondary drive that use to be a main till i crashed that computer lol... now when i crashed that pc i put all my files on a old pc wiped the drive clean then copied the files back to the drive they were on... i've run a virus scan with trend micro on the drive and i get nothing showing up...

but when i used vice versa (folder comparison tool) to check whats in my e:/ drive with whats in a folder i had important information in... i get this pop up that says cannot read from e:\system volume information
then it starts to give me i cant read from any folder once i get that ofcourse i goto e: and i can get into any folder and play with them as much as i like (havent tried coping them yet but i suspect i might hit an issue with that)

now lastly i figured id try to goto "e:\system volume information" even though with view hidden files / folders that folder never shows up... when i did this i get an access denied windows popup... any1 got any ideas ? i think i might have to back it all up go threw the files 1 by 1 and dban the drive 100% clean next week... but id love any advice, thanks all...
 

Answer:system volume information... virus??

That's normal, system volume information is where Windows stores the data for System Restore which is only has system access. There should be one on every hard drive because you can enable System Restore for each hard drive.

If you want to see what's in there try this http://www.theeldergeek.com/system_volume_information_folder1.htm
 

2 more replies
Relevance 67.65%

I have followed advice given in previous posts but still cannot access my SVI folder. I have WINXP Home with NTFS I have followed the advice on click here however I can only get as far as right clicking the SVI Folder and choosing 'Sharing & Secuity'. The next stage says choose the security tab but the only tabs available are general/sharing/customize. Is there something else I need to switch on somewhere? BTW I am trying to track this down as my system restore wont work. It shows dates highlighted but when you choose to restore is finally comes up restore failed no matter which point I choose so I am starting with trying to look into my SVI folder. Many Thanks

Answer:Accessing System Volume Information?

May be a silly question but, when you are attempting to gain access to this property you are logged in as Administrator?

5 more replies
Relevance 67.65%

I have System Protection turned on on my OS drive and have about a dozen restore points available. Max space for system restore is set at 5.3GB. When I run WinDirStat it shows System Volume Information at zero for Size, Items, Files and Subdirs. What gives?

EDIT - Just ran TreeSize Free and that does show 4GB used for SVI. Both programs were run 'As Administrator'

I prefer the way WinDirStat displays the results but it looks from this that they may not always be correct.

Answer:WinDirStat and System Volume Information

By default the System Volume Information folder has security settings that do not permit access by any user account, including an admin account. This is to protect the important data it contains from inexperienced users. Long history has shown that users do need to be protected from themselves. They want the protection, but often without understanding the implications. By default all software a user runs inherits his rights and privileges. WinDirStat runs this way and is thus unable to read the contents of the folder and is unable to account for it's contents. Windows Explorer and similar utilities have the same issue.

TreeSize gets around this problem by using a service that runs under a system account with higher rights that can read the folder. Designing software that works this way is more complex, particularly when the security implications are considered. The developers of WinDirStat and many other similar utilities chose to do things the easy way and accept the problems.

3 more replies
Relevance 67.65%

Moved a few drives from a server running winxp to one running 2k.
Any special way you guys know of to delete these folders? I cannot uncheck the 'Hidden' attribute because it is greyed out.
 

Answer:System Volume Information folder

turn off system restore

http://support.microsoft.com/default.aspx?scid=kb;en-us;309531
 

4 more replies
Relevance 67.65%

I have searched the forums and found some of what I needed. Ran a complete scan and came up with 41 of these C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046563.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046561.EXE

Couldn't figure out why and decided to consult those with much more knowledge than myself. Logs attached as you have requested. Not sure if/what type of issue I have. Please assist. Thank you..
Ashley.

I thought Avast was disabled and I was wrong. I couldn't get to it in time.
 

Answer:C:\system volume information\_restore

Welcome to Major Geeks!




ahauck00 said:





Ran a complete scan and came up with 41 of these C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046563.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678154B0-CAC5-42FC-84FB-B848B662BEF1}\RP386\A0046561.EXEClick to expand...

What scan are you referring too? Do you have a log? All you are showing above are system restore points. You are not showing me any problems and your current logs are clean.

What malware problems are you currently having?
Have you had some malware issues in the past and never disabled System Restore after removing the malware?

Where is the requested log from SUPERAntiSpyware?
 

23 more replies
Relevance 67.65%

Hello everyone. I can't access to System Volume Information on xp home, NOT PROFESSIONAL. I read Microsoft tutorials, but nothing. Could any help me, please?
A jpg of what I see.
Thankyou

Answer:System Volume Information on Xp sp3 home

Hello everyone. I can't access to System Volume Information on xp home, NOT PROFESSIONAL. I read Microsoft tutorials, but nothing. Could any help me, please?A jpg of what I see.ThankyouIs there a reason you want to access this folder? It is kept locked out because of its sensitive nature in dealing with system restore.

1 more replies
Relevance 67.65%

I know it's not recommended but I want to backup my restore points for 3 reasons. 1) In case malware wipes them out. I know W7 permissions are designed to prevent just that (which could be the problem), but this is a precaution. 2) My C drive is very small and can't hold too many restore points. Right now the RP allotted space is something like 14gb which is all I'm willing to give. 3) My PC is configured to create a restore on boot so frequent restarts of course lead to deletion of older restore points. My plan is to create a bi-weekly reminder to backup my restore points. When it reminds me I'll give myself permission to the folder, back it up, set permissions back to the way it was for security reasons. By the way, I prefer system restore over IMG backups because they are long, troublesome, and take a lot of space.

I got permission to the SVI folder but permissions won't let me copy the restore points. I went to the permissions settings of an individual restore point file and I don't even have access to the permissions. I only have access to the owner tab but it won't let me add an owner. What am I missing?
 

Answer:System Volume Information Permissions

Any suggestions?
 

1 more replies
Relevance 67.65%

HI:
I'm new in using the combofix.
My PC's problem was the RECYCER and VOLUME SYSTEM INFORMATION
Those 2 files or whatever they're called were in my PC for a long time
I hope it ends after running combofix

Answer:RECYCER and VOLUME SYSTEM INFORMATION

Hello I have moved you from the XP forum to the Am I Infected forum.How is your computer running now? You should not run Combofix on your own. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an u... Read more

4 more replies
Relevance 67.65%

Hi All
I've got this virus C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP294\A0017770.EXE and I would like to know what it does and how it appears. I note from other postings it is quite popular but no one has explained how dangerous it is.
Paul
 

Answer:what does c system volume information virus do?

7 more replies
Relevance 67.65%

I have a 418mb frag on my computer i will post the log from defrag and hijackthis. i am trying to remove or repair this fragment. I have a copy of SDfix already but i want to consult somebody first before i use it.

Defrag log:
Volume Windows (C
Volume size = 18.64 GB
Cluster size = 4 KB
Used space = 10.93 GB
Free space = 7.71 GB
Percent free space = 41 %
Volume fragmentation
Total fragmentation = 2 %
File fragmentation = 4 %
Free space fragmentation = 0 %
File fragmentation
Total files = 70,892
Average file size = 246 KB
Total fragmented files = 2
Total excess fragments = 409
Average fragments per file = 1.00
Pagefile fragmentation
Pagefile size = 1.41 GB
Total fragments = 1
Folder fragmentation
Total folders = 3,784
Fragmented folders = 1
Excess folder fragments = 0
Master File Table (MFT) fragmentation
Total MFT size = 89 MB
MFT record count = 75,001
Percent MFT in use = 82 %
Total MFT fragments = 3
--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
9 418 MB \System Volume Information\_restore{41EF47F8-A08E-463E-882B-3D130BBCF183}\RP217\A0038065.exe

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:27 AM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services... Read more

More replies