Author Topic: System Volume Information: can't remove/delete virus in _restore{AF5...}-files  (Read 10833 times)

0 Members and 1 Guest are viewing this topic.

palbertsma

  • Guest
Hi,

Unfortunately there are some virus files in the folder System Volume Information, under subdirectories like _restore{AF5...}, which cannot be removed/deleted/renamed or what soever. They even cannot be removed/deleted at a new startup.

I tried any possibility, and whether the main directory System Volume Information is read or write protected or not, files in these (sub)directories cannot be removed at all.

So every time that the automatical start of avast! tries to eliminate these virus files, the only thing is to ignore these messages, and let these files remain on the harddisk!

I assume there must be a (better) solution for this!

Who can help????!

Kind regards,

Paul

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
If you disable System restore windows will automatically delete these files.

In XP:

start > right click my computer and choose properties

Choose the system restore tab > check the box beside turn system restore off

the viruses are now safely deleted and you can re-enable it if you wish
"People who are really serious about software should make their own hardware." - Alan Kay

palbertsma

  • Guest
MacLover2000, thanks for your soon reply!

I understand that if System Restore is disabled, all old files, the virus files also, are removed.

But by doing so, also the opportunity of returning to an earlier system configuration is also "removed"!

Isn't there any solution from withing avast!? I can't believe that avast! hasn't any feature for this itself!

I'm still waiting for an other workaround for this.

Offline radicalb21

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 438
  • Be Safe. Be Smart. Use Common Sense.
Hey Palbertsma,

     It's radicalb21. First let me welcome you to the forum. What MacLover2000 told you is correct. There is no way I know of other then what MacLover2000 said. But once you have put a checkmark in  the box on the system restore tab. Restart your machine. Once the system has been restarted do not forget to uncheck the box you checked in the the system restore tab to turn system restore bis is done ack on. Once this is done I would suggest some form of backup to either CD-ROM or DVD medium that way if you become infected you can restore your system to an earlier time prior to infection. Also for future reference you can go into disk cleanup under system tools go under more options tab and click the cleanup button under system restore section and it will delete all but your most recent system restore point. Hope this helps.
« Last Edit: May 20, 2004, 06:14:16 PM by radicalb21 »
iMac 21.5 " Mid 2011 2.7 GHz Intel Core i5
4 GB 1333 MHz DDR3
AMD Radeon HD 6770M 512 MB

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Hi,

One other option is to look at a third-party restore utility.  My new (last fall) system came with Farstone's Restore-IT already installed -- that has the advantage that it creates daily incremental restore points for the whole drive, not just system files.  So I never touch XP's restore at all.

And there's no conflict with System Restore -- if I do need to restore to an earlier point, since the whole drive is "back-dated" that includes Win's own restore-point files.

Since it came as part of my system package, I haven't a clue what it would cost by itself, but that should be easy enough to find.

Best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

palbertsma

  • Guest
It's great that you all answered so soon and you all have been really helpful!

Thank you very much for your concern: it really helped me a way out!

Very kind regards,


Paul

Bernie

  • Guest
In my opinion the option "Boot Time Scan" should also be able to remove the infected files, because this scan is done before Windows XP starts and no restrictions are active at that time.

palbertsma

  • Guest
Bernie,

Thank you for your reply! That's exactly what I thought! I was convinced that avast! was able to remove those files, as before booting Windows they couldn't be in use or in some other way unaccessable, but this didn't work out!

So, unfortunately, we have to accept that: also in other situations I noticed that the Boot Time Scan option doesn't work at all! I think this is a great bug in avast!

Does someone has the same experiences? If so, please, let me know.

Bernie

  • Guest
Quote
I noticed that the Boot Time Scan option doesn't work at all! I think this is a great bug in avast!

Boot Time scan works great at least on my PC! I just did a Boot Time Scan today and it found three Java Trojans in the Java Cache directory. Strange that the online scanner didn't detect them...

PS. (Meanwhile I know that it couldn't be found because it was in a *.zip file)
« Last Edit: May 21, 2004, 11:37:40 PM by Bernie »

pip22

  • Guest
But as for avast missing some trojans, don't forget
that even the best AV programs can miss them cos strictly
speaking they are not viruses. To cover all bases
it's best to install a dedicated trojan scanner as well
as anti-virus.

Pip

Lews_Therin

  • Guest
There is another way to get rid of these files by following the directions at http://support.microsoft.com/default.aspx?scid=kb;EN-US;309531 which allow you to get into the system volume information directory and then manually delete the file or just run avast with the user you enabled on the directory and it will clean the files for you as it does with other files.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
This behaviour is not limited to avast, virtually every AV company when giving indtruction in removal of a virus, warn that in XP you will probably have to disable System Restore because it is protected (windows system, hidden, etc., tec.) and going to be back.

If you are having problems getting the scan at boot I suggest that you download RajZors avast! External Control Tool and run/set it up from their.

I hate System Restore - I see so many people get into a complete mess, going from one restore point to another, to last known good configuration, etc. that they don't really know where there system is at. Resulting in not knowing if the latest windows.updates are applied.

I too would recommend a third party backup/restore program. I use Drive Image 2002 and it takes a full image of my C:, D: partitions and saves it to my second HDD. If I have a problem I copy back the last image. Another Imaging tool is Acronis - True Image 7.0, this has much more functionality than Drive Image 2002, such incrimental image backup... This cuts down on the image creation time time.

The link to show how to view and access System Volume Information, I believe could be more dangerous than disabling SR. MS doesn't got to the kind of trouble to hide it for nothing. This should carry a health warning.

HTH David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security