Video Screencast Help

System volume information VIRUS

Created: 20 Jan 2013 | 3 comments

Currently I am getting a folder like  "System volume information" , "$RECYCLE.BIN","Config.Msi" . How do I remove from all folders . And also it is affected in Disk "C".

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture

Make sure your system is not infected. For Symantec products, start with downloading the latest Rapid Release definitions.

Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc.  Perform a full system scan in safe mode.

If that fails to detect and remove the infection, there are some useful tools provided by Symantec for helping with finding those hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

4. There are several Threat-Specific Removal Tools provided by Security Response.

If you are unable to remove the threat(s) from your systems, please submit the suspected files toSymantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.

Edit ##

Check this thread

Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder
Article:TECH99567  |  Created: 2002-01-16  |  Updated: 2011-05-26  |  Article URL

Thanks In Advance

Ashish Sharma

pete_4u2002's picture

basicall you need to disable system volume and then scan. Once scan is complete you can enable the system volume.

Brɨan's picture

You need to turn off System Restore. Once you do, this should not come up any more.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.