Answer
First, see if you have another PC or somewhere where there is a good copy of _restore.exe
run AVG and remove the file from the vault from within the AVG program shut down and restart in DOS mode ( or safe mode and run MS Dos prompt) CD to this Volume directory and delete the file using del _restore.exe
Any screw-ups just reinstall windows, its easier that way as long as the virus can be eliminated, thats the main thing!
Answer
Access is denied to this folder by default. To fix:
Right click on My Computer Select properties Select System restore Check turn off system restore Apply and reboot computer
This will delete all restore points including viruses backed up there. Remeber to turn system restore back on.
Answer
All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and and go into Safe Mode by holding the F8 key down -(kind of at the beginning of bootup). When you're at the DeskTop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT (not PSW.Briss.C) but the actual name of the file, which would have shown up on your Anti-Virus software. You can delete this file from here, also make sure to empty your Recycle Bin.
I have had 4 trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!
P.S. I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.
Answer
I have Windows XP. This worked for me.
Open Control Panel Tools Folder Options View Uncheck "Hide protected operating system files" OK Start Search Files and Folders Enter all or part of trojan file. Search Right click file when found Delete Empty Recycle Bin
Answer
Your virus scanner may not be able to access the folder because it does not have permission to do so. See this article for info on how to gain access to the System Volume Information folder:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q309531
Answer
try this - If the virus is in the system volume information Download AVG from Grisoft.com, it is free. AVG will not pick it up straight away though. Follow the steps in this page and run AVG complete test. AVG should have picked up your virus this time. (You have the option in AVG to run a custom scan where you can set it to scan the system volume information only).
Answer
I am running Windows XP Pro (build 2600) w/SP2 and on this system I am running Avast Antivirus 4.5 Home Edition, ( I alternate between this and Avast Professional when I reformat which is 2x a year) this is an exceptional program as well as it's brother Avast Professional 4.5, upon a daily scan the Home version found this: C:\System Volume Information\_restore{992476EB-89EC-4BBA-ACF9-063EFCB49378}\RP35\A0003426.exe Avast 4.5 Home Edition found and deleted this file, however to be sure I went ahead and did the following: Restart/Safe Mode/Administrator/Desktop/Start/Control Panel/Tools/View/Uncheck both 'hide extensions for known file types' and 'hide protected Operating System files (recommended)' click 'apply' then select 'ok' move towards start/search/all files and folders/*A0003426.exe search yielded nothing after Avast had initially deleted the file in 'normal' startup. I ran Avast Antivirus while in safemode and it came back after scanning the SVI Folder with clean results. Replaced the checkmarks back into the "hide extensions for known file types" and "hide protected Operating System files (recommended)", applied and ok'd, restarted and re-entered normal start-up. Scince I was still bored I re-scanned in normal mode and again Avast found nothing. Well the bottom line is that I didn't have to do much other than carry out this exercise for when I may need to do so again and really have to work. Avast did most if not all the work for me from the get-go.
Answer
incase you are unfamiliar with SVI as I am relatively so, here is a cutout from microsoft website:
SUMMARY This article describes how to gain access to the System Volume Information folder. The System Volume Information folder is a hidden, system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer. You might need to gain access to this folder for troubleshooting purposes. MORE INFORMATION To gain access to the System Volume Information folder, use the steps in the appropriate section. Windows XP Professional or Windows XP Home Edition Using the FAT32 File System 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. On the View tab, click Show hidden files and folders. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Click OK. 6. Double-click the System Volume Information folder in the root folder to open it.
Windows XP Professional Using the NTFS File System on a Domain 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. On the View tab, click Show hidden files and folders. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Click OK. 6. Right-click the System Volume Information folder in the root folder, and then click Sharing and Security. 7. Click the Security tab. 8. Click Add, and then type the name of the user to whom you want to give access to the folder. Choose the account location if appropriate (either local or from the domain). Typically, this is the account with which you are logged on. Click OK, and then click OK. 9. Double-click the System Volume Information folder in the root folder to open it.
Windows XP Professional using the NTFS File System on a Workgroup or Standalone Computer 1. Click Start, and then click My Computer. 2. On the Tools menu, click Folder Options. 3. On the View tab, click Show hidden files and folders. 4. Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change. 5. Clear the Use simple file sharing (Recommended) check box. 6. Click OK. 7. Right-click the System Volume Information folder in the root folder, and then click Properties. 8. Click the Security tab. 9. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK. 10. Double-click the System Volume Information folder in the root folder to open it.
NOTE: The System Volume Information folder is now accessible in normal mode to users of Windows XP Home Edition.
Using CACLS with Windows XP Home Edition Using the NTFS File System In Windows XP Home Edition with the NTFS file system, you can also use the Cacls tool, which is a command-line tool, to display or modify file or folder access control lists (ACLs). For more information about the Cacls tool, including usage and switches, search the Help and Support Center for "cacls." 1. Click Start, click Run, type cmd, and then click OK. 2. Make sure that you are in the root folder of the partition for which you want to gain access to the System Volume Information folder. For example, to gain access the C:\System Volume Information folder, make sure that you are in the root folder of drive C (at a "C:\" prompt). 3. Type the following line, and then press ENTER: cacls "driveletter:\System Volume Information" /E /G username:F Make sure to type the quotation marks as indicated. This command adds the specified user to the folder with Full Control permissions. 4. Double-click the System Volume Information folder in the root folder to open it. 5. If you need to remove the permissions after troubleshooting, type the following line at a command prompt: cacls "driveletter:\System Volume Information" /E /R username This command removes all permissions for the specified user.
The following steps also work if you restart the computer to Safe mode because simple file sharing is automatically turned off when you run the computer in Safe mode. 1. Open My Computer, right-click the System Volume Information folder, and then click Properties. 2. Click the Security tab. 3. Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. 4. Click OK, and then click OK. 5. Double-click the System Volume Information folder to open it.
No comments:
Post a Comment