virus in System Volume Information

Mcafee Virusscan plus 2009
February 13, 2010 at 20:31:17
Specs: Windows XP
There seems to be quite a bit of postings & frustration with virus found in "System Volume Information" folder, and solutions on how to clear them. My question is how & why does it get there in the first place if my anti-virus program - Mcafee, deletes something - BTW it does put in a QUARANTINE folder, how/why/where does the system restore mechanism pick it up hours later? And how do I make sure the virus file is really, really, really, deleted at the time of initial detection & deletion?

See More: virus in System Volume Information

Report •

#1
February 14, 2010 at 08:06:09
"really, really, really" man are you kidding?
if antivirus kills a virus or deletes a file thats all , its gone)

Report •

#2
February 14, 2010 at 11:59:29
This is from the Microsoft website Link

Quote
"System Restore's purpose is to return your system to a workable state without requiring a complete reinstallation and without compromising your data files. The utility runs in the background and automatically creates a restore point when a trigger event occurs. Trigger events include application installations, AutoUpdate installations, Microsoft Backup Utility recoveries, unsigned- driver installations, and manual creations of restore points. The utility also creates restore points once a day by default."

You can't delete anything from within a System Restore Point hence why McAfee cant remove it, the restore Point has to be deleted.

smifff

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

#3
February 14, 2010 at 12:22:42
smifff - Thanks for the reply,

The problem I am having is that Mcafee does do an actual deletion & generates an alert. In reality the file is lurking/sitting out there somewhere on the drive, and I guess when system idles long enough, the file - now with some meaningless hash name, gets tripped up and another alert gets generated??? Is it possible for Mcafee, or for that matter any other anti virus program, to just delete it so it doesn't get to the SVI folder at all? Hard to explain these things to mgmt :-) when the hash file alerts come in,,,


Report •

Related Solutions

#4
February 14, 2010 at 12:57:19

As you can see there are various things that trigger a System Restore Point generation, but to stop it before it gets to SVI folder I dont know best ask on the McAfee forums Here

If you still have the virus try one of the online virus scanners
List Here or MalwareBytes free version Here

Can you tell us what it was called when first detected.

smifff

Help to avoid an infection use FREE protection
nowyoudo.co.uk


Report •

Ask Question