Re: System Volume Information...WTF
- From: Catamount <Nope@xxxxxxx>
- Date: Thu, 15 Dec 2005 12:10:33 -0500
Max Wachtel wrote:
Nope@xxxxxxx AKA Catamount on 12/15/2005 in <uuTvBkXAGHA.220@xxxxxxxxxxxxxxxxxxxx> after much thought,came up with this jewel:
Catamount wrote:David H. Lipman wrote:Nope. Still there. Any other suggestions?From: "Catamount" <Nope@xxxxxxx>
Ok, so I got this machine that HAD a virus. I am not sure which one as I only found parts of a virus that seem to be parts of several virus'. One of my users did something right and noticed something strange and disconnected from the Internet right away. So anyway, I have this re.exe that Symantec Corp Edition keeps finding as a "Hacktool.HideWindow" in the system volume information folder and leaves it alone. Why does it leave it alone? Who knows, its set to delete such things. I do know that the folder is set so only the system can access it, but I can change that. I am concerned however that this might break something if I go into that folder and mess with it. Anyone know if its safe for me to go in and just delete it?You are using WinXP -- Right ?
Hacktool.HideWindow -- http://securityresponse.symantec.com/avcenter/venc/data/hacktool.h idewindow.html
Under the folder System Volume Information is _restore c:\System Volume Information\_restore
This is the WinXP System Restore cache. Malware can't be removed from this location as it is protected by the OS. If you don't want to get re-infected by restoring it, you need to flush the System Restore cache by disabling System Restore, rebooting the PC and then re-enabling the System Restore. It would be a good idea to create a new restore point after the System Restore cache has been re-enabled.
Thats what I thought and so I turned off system restore, but didn't re-enable. I will re-enable it and see if that clears it up. I will let you know. Thanks David!******************Reply Separator*************************
when you turned off system restore did you reboot?
Yes. I even went through the steps again just to make sure. .
- Prev by Date: Re: tracking source of virus
- Next by Date: Re: System Volume Information...WTF
- Previous by thread: Re: System Volume Information...WTF
- Next by thread: Re: System Volume Information...WTF