System Volume Info Trojan - XP Home Edition

[EXCellR8]

My AV keeps flagging a DLL file located on one of my drives, in the System Volume Information folder. So, I've turned off System Restore (since i never use it anyways) and then i ran the CACLS tool to get necessary permissions. Problem is, I can't seem to find the actual folder itself even with hidden files/folders being viewable. It's not in the "Root" folder of the drive... The drive isn't really that important, it just has games installed on it but the detections are getting annoying as i hear the little error blip every hour or so. What can I do? I am using Avira btw...

[EDIT]: Does disabling System Restore delete everything in the Volume Information?

 

[Bobbye]

Depends on how you do it:

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.

 

[DelJo63]

[edit]: Does disabling system restore delete everything in the volume information?

yes

 

[EXCellR8]

Sorry to respond back so late, work owns me right now...

Anyways, thanks for the help and info. I followed Bobbye's System Restore procedure and it seems to working fine now. This has happened to me once before and I was able to fix it but I don't typically use SR on my systems. This time I kept hearing the error message blip but no window appeared, which was just Avira flagging the file over and over. It's fixed though, so no worries. Thanks again guys!

 

[Bobbye]

About this:

but I don't typically use SR on my systems

In my opinion, System Restore is one of the greatest features of Windows XP (and Vista). I think those who avoid it don't understand what it does-and does not-do. I have a shortcut of SR in my Quick Launch Toolbar to act as a reminder to set my own restore points occasionally.

System Restore can get the user out of a bad situation that might have come from an update or bad install.

I've turned off System Restore (since i never use it anyways)

You deny yourself the availability of a great asset.

There was one member here who kept picking up a malware cleaning thread and telling the user to drop all the restore points- that would fix the malware. After several exchanges, we realized that he thought a system picked up the last restore point each time it was booted, automatically. He did not understand-like you-the significance of malware being picked up in the restore points, what it would or would not do to a system.

Finally we helped him understand that the use of System Restore is user invoked, not automatic and that restoring back to a date would not mean losing personal files and documents.

 

[EXCellR8]

I have since enabled SR again once the deleted my previous restore points, so I am using it again. When I said I don't typically use it, I meant I typically don't make a habit of manually creating points. I honestly can't remember the last time I used SR, years ago. I use disk imaging software and make backups of all my personal data regularly, so the feature has been collecting dust for the most part. Thanks for the input though, everything is running as it should be for the time being.

 

[Bobbye]

Good. All you have to see is one time when you use it to undo a problem! You will be a dedicated user for life!