Virus in System Volume info folder

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi

My AVG resident shield detected Netsky.D in the system volume info folder.
But the virus scanner couldn't find or delete it until I added the Local
Administrators group to the folder (Only SYSTEM had access before.) Question
is - what is the impact of what I've done? Are users excluded from this
folder just to keep them from fiddling, or is there a better reason?

Regards
Steve
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

System Volume Information is where the System Restore information is held.
It is likely the virus has corrupted the information stored in that
location. Whenever something such as this happens in that area, you need to
clear it entirely. The way to do this is to turn off System Restore, reboot
and turn it back on.

Open System in Control Panel, go to the System Restore tab, select "Turn off
System Restore on all drives," click apply, reboot the system and then turn
System Restore on. You then might want to make a manual restore point and
restore to it just to be sure System Restore is functioning as it should.
Start\All Programs\Accessories\System Tools\System Restore.

--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/

"Steve W" <antispamsteveW@=No-Spam=.org> wrote in message
news:emh3KwQQEHA.3944@tk2msftngp13.phx.gbl...
> Hi
>
> My AVG resident shield detected Netsky.D in the system volume info folder.
> But the virus scanner couldn't find or delete it until I added the Local
> Administrators group to the folder (Only SYSTEM had access before.)
> Question
> is - what is the impact of what I've done? Are users excluded from this
> folder just to keep them from fiddling, or is there a better reason?
>
> Regards
> Steve
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Steve W wrote:

> My AVG resident shield detected Netsky.D in the system volume info folder.
> But the virus scanner couldn't find or delete it until I added the Local
> Administrators group to the folder (Only SYSTEM had access before.) Question
> is - what is the impact of what I've done? Are users excluded from this
> folder just to keep them from fiddling, or is there a better reason?
>
System Restore made a copy of the virus as part of its system restore
points, but you corrupted the restore point chain by letting your AV
damage the SVI folder.

Turn SR off and back on and don't use your AV to clear SVI again.
Manually create a restore point then go to the cleanup tool
(cleanmgr.exe) to delete all but the last restore point.

--
Kent W. England, Microsoft MVP for Windows Security
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

>-----Original Message-----
>Hi
>
>My AVG resident shield detected Netsky.D in the system
volume info folder.
>But the virus scanner couldn't find or delete it until I
added the Local
>Administrators group to the folder (Only SYSTEM had
access before.) Question
>is - what is the impact of what I've done? Are users
excluded from this
>folder just to keep them from fiddling, or is there a
better reason?
>right click on my computer then go down to properties.
once that opens click the tab for system restore there
with me a box you can check that says turn system restore
off check it the click apply once that is finished uncheck
the box then click apply again. now it will not be in your
system restore folder

>Regards
>Steve
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Thanks for your help guys, I've done what you recommended.

Regards
Steve

"Steve W" <antispamsteveW@=No-Spam=.org> wrote in message
news:emh3KwQQEHA.3944@tk2msftngp13.phx.gbl...
> Hi
>
> My AVG resident shield detected Netsky.D in the system volume info folder.
> But the virus scanner couldn't find or delete it until I added the Local
> Administrators group to the folder (Only SYSTEM had access before.)
Question
> is - what is the impact of what I've done? Are users excluded from this
> folder just to keep them from fiddling, or is there a better reason?
>
> Regards
> Steve
>
>