Virus in System Volume info folder

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi

My AVG resident shield detected Netsky.D in the system volume info folder.
But the virus scanner couldn't find or delete it until I added the Local
Administrators group to the folder (Only SYSTEM had access before.) Question
is - what is the impact of what I've done? Are users excluded from this
folder just to keep them from fiddling, or is there a better reason?

Regards
Steve
4 answers Last reply
More about virus system volume info folder
  1. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    System Volume Information is where the System Restore information is held.
    It is likely the virus has corrupted the information stored in that
    location. Whenever something such as this happens in that area, you need to
    clear it entirely. The way to do this is to turn off System Restore, reboot
    and turn it back on.

    Open System in Control Panel, go to the System Restore tab, select "Turn off
    System Restore on all drives," click apply, reboot the system and then turn
    System Restore on. You then might want to make a manual restore point and
    restore to it just to be sure System Restore is functioning as it should.
    Start\All Programs\Accessories\System Tools\System Restore.

    --
    Michael Solomon MS-MVP
    Windows Shell/User
    Backup is a PC User's Best Friend
    DTS-L.Org: http://www.dts-l.org/

    "Steve W" <antispamsteveW@=No-Spam=.org> wrote in message
    news:emh3KwQQEHA.3944@tk2msftngp13.phx.gbl...
    > Hi
    >
    > My AVG resident shield detected Netsky.D in the system volume info folder.
    > But the virus scanner couldn't find or delete it until I added the Local
    > Administrators group to the folder (Only SYSTEM had access before.)
    > Question
    > is - what is the impact of what I've done? Are users excluded from this
    > folder just to keep them from fiddling, or is there a better reason?
    >
    > Regards
    > Steve
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Steve W wrote:

    > My AVG resident shield detected Netsky.D in the system volume info folder.
    > But the virus scanner couldn't find or delete it until I added the Local
    > Administrators group to the folder (Only SYSTEM had access before.) Question
    > is - what is the impact of what I've done? Are users excluded from this
    > folder just to keep them from fiddling, or is there a better reason?
    >
    System Restore made a copy of the virus as part of its system restore
    points, but you corrupted the restore point chain by letting your AV
    damage the SVI folder.

    Turn SR off and back on and don't use your AV to clear SVI again.
    Manually create a restore point then go to the cleanup tool
    (cleanmgr.exe) to delete all but the last restore point.

    --
    Kent W. England, Microsoft MVP for Windows Security
  3. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    >-----Original Message-----
    >Hi
    >
    >My AVG resident shield detected Netsky.D in the system
    volume info folder.
    >But the virus scanner couldn't find or delete it until I
    added the Local
    >Administrators group to the folder (Only SYSTEM had
    access before.) Question
    >is - what is the impact of what I've done? Are users
    excluded from this
    >folder just to keep them from fiddling, or is there a
    better reason?
    >right click on my computer then go down to properties.
    once that opens click the tab for system restore there
    with me a box you can check that says turn system restore
    off check it the click apply once that is finished uncheck
    the box then click apply again. now it will not be in your
    system restore folder

    >Regards
    >Steve
    >
    >
    >.
    >
  4. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Thanks for your help guys, I've done what you recommended.

    Regards
    Steve

    "Steve W" <antispamsteveW@=No-Spam=.org> wrote in message
    news:emh3KwQQEHA.3944@tk2msftngp13.phx.gbl...
    > Hi
    >
    > My AVG resident shield detected Netsky.D in the system volume info folder.
    > But the virus scanner couldn't find or delete it until I added the Local
    > Administrators group to the folder (Only SYSTEM had access before.)
    Question
    > is - what is the impact of what I've done? Are users excluded from this
    > folder just to keep them from fiddling, or is there a better reason?
    >
    > Regards
    > Steve
    >
    >
Ask a new question

Read More

Configuration Virus Microsoft Windows XP