System Volume Info

So I have this virus DOWNLOADER something or other and my VS tells me that it's in the System Volume Info...which I believe is the System Restore...is there a way to get to them and delete just the ones that contain the virus? I know I can just turn off Restore and that will get rid off all the backups but I'd like to keep a few since there know good.

Thanks for ypur imput.
MPC458

 

They just LOVE those Restore Points!

Viruses hibernate in Restore Points if they can get there because that's a wonderful operating base for them. You just cleaned out everything else, then you used a Restore Point, and shazzam! it's baaaack!

Okay, now, the answer is YES to your question. You can do it. I'm not sure I'd recommend that you do it, but it can be done.

If the machine is otherwise working just fine, and the only problem is that your Anti-V has spotted this beast hiding in your RPs, why not get the A-V to kill it (let it delete the RP), then shut down Sys Restore and reboot, to get rid of all of your RPs, JIC, and then reset Sys Restore and let it make a new RP and start again?

However, If you want to do the thing you asked about, it's easy. Your A-V prog should have told you exactly where the beast is, so you can delete just that RP and re-run your A-V. In fact, the A-V program should offer to do the killing for you. If not, mebbe it's time for a better A-V.

But if you're not sure about the location exactly, just that it's in the SVI folder in the RPs, you can still hack away and hope to preserve some good RPs.

Make sure your Explorer window settings are set to show everything (hidden and system and extensions, and forget the silly icons: you want DETAILS!) and open the SVI folder and choose, say, the five or six oldest RPs -- the ones with the lowest numbers -- and Delete them. Empty the Rec Bin. Then run your A-V prog, and see whether it spots the beast. If not, you should be OK. If it's still there, go for the next five or six oldest RPs, and repeat the process until you get an All Clear from your A-V prog. That'll preserve your "last goods" if the beast isn't hiding in the most recent ones.

But again, If I were you and I had an ugly little beast camping out in my RPs, I'd tell my AV program to kill it first, and then I'd clear out the SVI folder completely, by shutting down SR and rebooting.

Good luck.

 

Virus's and Xp

Well Wisewiz I was able to delete the virus from the RP after I scanned right from the SVI.... hope this did it.

Thanks again

 

Glad you got it.

Today and tomorrow, though, check for AV updates, get 'em, install 'em, run the AV, and make sure the beast doesn't show up again.

Just the cautious approach before the champagne corks fly.