Virus in system volumn restore file



Don
07-09-2005, 11:36 PM
My Bit Defender virus program has popped up a virus alert stating that
"c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ...} is
infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has blocked
this virus - your computer has NOT been infected." I would like to delete
that particular file just to be safe. I tried from the safe mode but it
would not allow me to access the files in my system volumn information
folder (after turning off my system restore and restarting in safe mode.) Is
there another way to get rid of it?

Don

Doug Knox MS-MVP
07-09-2005, 11:36 PM
Turning System Restore off and back on flushes the System Restore cache. The file should be gone. It is virtually impossible to identify a single file in a System Restore Point, since they're all renamed.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Don" <harley4don@npgcable.com> wrote in message news:OBspPuOXFHA.2076@TK2MSFTNGP15.phx.gbl...
> My Bit Defender virus program has popped up a virus alert stating that
> "c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ....} is
> infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has blocked
> this virus - your computer has NOT been infected." I would like to delete
> that particular file just to be safe. I tried from the safe mode but it
> would not allow me to access the files in my system volumn information
> folder (after turning off my system restore and restarting in safe mode.) Is
> there another way to get rid of it?
>
> Don
>
>

Don
07-09-2005, 11:36 PM
Thanks for the knowledge update ... I do appreciate it.

"Doug Knox MS-MVP" <dknox@mvps.org> wrote in message
news:%23mcvLzOXFHA.1152@tk2msftngp13.phx.gbl...
Turning System Restore off and back on flushes the System Restore cache. The
file should be gone. It is virtually impossible to identify a single file
in a System Restore Point, since they're all renamed.


"Don" <harley4don@npgcable.com> wrote in message
news:OBspPuOXFHA.2076@TK2MSFTNGP15.phx.gbl...
> My Bit Defender virus program has popped up a virus alert stating that
> "c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ...}
> is
> infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has
> blocked
> this virus - your computer has NOT been infected." I would like to delete
> that particular file just to be safe. I tried from the safe mode but it
> would not allow me to access the files in my system volumn information
> folder (after turning off my system restore and restarting in safe mode.)
> Is
> there another way to get rid of it?
>
> Don
>
>

Doug Knox MS-MVP
07-09-2005, 11:36 PM
You're welcome. :-)

By the way, you can get access to the System Volume Information folder.

http://support.microsoft.com/default.aspx?scid=kb;en-us;309531
How to gain access to the System Volume Information folder

But as I said, it doesn't do much good :-(

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Don" <harley4don@npgcable.com> wrote in message news:eN3WbDPXFHA.1468@tk2msftngp13.phx.gbl...
> Thanks for the knowledge update ... I do appreciate it.
>
> "Doug Knox MS-MVP" <dknox@mvps.org> wrote in message
> news:%23mcvLzOXFHA.1152@tk2msftngp13.phx.gbl...
> Turning System Restore off and back on flushes the System Restore cache. The
> file should be gone. It is virtually impossible to identify a single file
> in a System Restore Point, since they're all renamed.
>
>
> "Don" <harley4don@npgcable.com> wrote in message
> news:OBspPuOXFHA.2076@TK2MSFTNGP15.phx.gbl...
>> My Bit Defender virus program has popped up a virus alert stating that
>> "c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ....}
>> is
>> infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has
>> blocked
>> this virus - your computer has NOT been infected." I would like to delete
>> that particular file just to be safe. I tried from the safe mode but it
>> would not allow me to access the files in my system volumn information
>> folder (after turning off my system restore and restarting in safe mode.)
>> Is
>> there another way to get rid of it?
>>
>> Don
>>
>>
>
>

Ron Martell
07-09-2005, 11:36 PM
"Don" <harley4don@npgcable.com> wrote:

>My Bit Defender virus program has popped up a virus alert stating that
>"c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ...} is
>infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has blocked
>this virus - your computer has NOT been infected." I would like to delete
>that particular file just to be safe. I tried from the safe mode but it
>would not allow me to access the files in my system volumn information
>folder (after turning off my system restore and restarting in safe mode.) Is
>there another way to get rid of it?
>
>Don
>

Another option is to use Disk Cleanup from the Accessories - System
Tools menu. Go to the More Options tab and click on the Cleanup
button in the System Restore (bottom) section. That will remove all
but the most recent System Restore point, and System Restore will
remain active, avoiding the need to reboot the computer and then turn
System Restore back on again.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

Bruce Chambers
07-09-2005, 11:37 PM
Don wrote:
> My Bit Defender virus program has popped up a virus alert stating that
> "c:\system volumn information_restore{fde0c025-926e-452d-855e-e1add ...} is
> infected with: Worm.VB.CZ" ZIt goes on to say that "BitDefender has blocked
> this virus - your computer has NOT been infected." I would like to delete
> that particular file just to be safe. I tried from the safe mode but it
> would not allow me to access the files in my system volumn information
> folder (after turning off my system restore and restarting in safe mode.) Is
> there another way to get rid of it?
>
> Don
>
>


The System Volume Information is the hidden, protected operating
system folder in which WinXP's System Restore feature stores
information used to recover from errors. It's really not a good idea
for you, or an antivirus application, to directly access the contents
of that folder, unless you expect to have no future use for the
restore points, in which case it would be simpler just to turn off the
System Restore feature.

To clear viruses or other malware from the "System Volume
Information," simply turn off the System Restore feature (Start > All
Programs > Accessories > System Tools > System Restore, System Restore
Settings), reboot, then re-enable System Restore, and reboot one last
time. This will delete all of your Restore Points, including the
corrupted one(s), and allow you start with a clean slate.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH


Virus in system volumn restore file