Denied access to System Volume Information

[AT46]

Hi,

My anti-virus has detected and partially cleaned up Virtumundo from my computer but it says that there are still two components which have to be removed manually:

C:\System Volume Information\_restore1B16EE2E-9342-4425-8B41-1D61C85150F7}\RP46\A0009753.dll

C:\System Volume Information\_restore1B16EE2E-9342-4425-8B41-1D61C85150F7}\RP46\A0009754.dll

However, I am denied access to this folder despite being the Admin.

All anti-virus scans are coming back clean (except for the above which are quarantined) but have attached Hijack This log just to check.

Cheers, any advise is much appreciated

 

[howard_hopkinso]

Your HJT log is clean.

No antivirus programme can clean inside a system restore point, hence the message you are seeing.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html This will delete all your restore points and anything nasty that`s in them.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with your antivirus programme and delete whatever it finds. This includes anything in the virus vault.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

If you have any further virus/spyware problems, please post in this thread.


Regards Howard

This thread is for the use of AT46 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[smore9648]

Is this encryted or from an encrypted folder?