Hello, Today,i foolishly downloaded a program that contained infected files and upon me running the program spread lots of infected files in my System Volume Information folder,i did a full scan with my Kaspersky,which detected around 47 of them and deleted them. But after the scan i entered the folder,and found still some random .exe files that start with A004,it's on my disc "D" which contains only games,music and videos,so i won't die if something happens to my files on that partition. I searched a lot,i found a way to enter the folder but i couldn't find a way to delete it or the files inside,the System Restore is disabled for that partition. I tried some commands that i found,but still no use. Even tried that program which unlocks/forcibly deletes files,but no luck. Any help would be appreciated. Thanks.
System Volume Information is system folder. It contains all system backups and restore points. Don't worry you loose only backup of previous state of your system (because it contains virus). You can empty this folder with live distribution of linux/winpe ...
you can delete anything in this folder at any time providing you have the necessary permissions. right click the folder, go to security and click add, then type your user name and check full control, then apply. this should give you full control--not ownership which is absolutely never necessary and hardly ever works as intended regardless of all the useless tutorials on how to do so. the problem is system will always re-take ownership because it has the permission to changer owner and permissions... after you have full control you should be able to delete any file in the folder. if not do the same thing for each file and then delete it. if that doesn't work because the exe is in use, then make sure and terminate the process that's using it or it itself and then delete. peace
I have a full control over the folder,and i tried taking full control of the files inside seperately and still when i press "Delete" nothing happens... ;/
Have you tried restarting your pc and then deleting this folder? Normally when you enter safemod it can be deleted
if you boot your computer from local hdd: you can delete system volume information only if your file system is fat32, if it is ntfs you can't do this !!! you must boot system from different location (cd/dvd/usb) and then you can delete those files. <eos> or 1. disable system restore (monitorig drive) 2. restart 3. check status of system restore (monitoring drive off) 4. take ownership and full access 5. delete
I have NTFS :/ @nero100,i don't want to reformat,although will probably do as my last option. Tried a few tools to get rid of the files like ComboFix and still nothing...
Sorry to hear that,but if you donĀ“t find any program you will have to format. Look for some more programs,but i doubt they will help.
well, sounds to me like you should go back to the first response and delete the folder from a live cd. the system will re-create it next boot. i would run a scan with malewarebytes' and maybe another spyware program just to be sure you are really "disinfected"
Yeah i did a scan with Spybot S&D(found 317 threat level 1 and 5 infectd files),Malwerbytes(found 3 trusted objects),downloaded Winpatrol and Spywareblaster to increase security as they are highly suggested.
and let me guess the files are now gone and/or can be deleted? i wouldn't install any of those programs honestly. i've used them and they are worthless compared to spybot and malwarebytes' and any good AV such as Avira or Avast. i have spybot installed and rarely use it. and by rarely i mean i only use it to "immunize" my browsers and host file. Avira will not let you download anything that has any type of questionable content (whether good or bad) if you have heuristics set on high (that is unless the file/archive is password protected, in which case it can't be scanned of course). no need for those programs you mentioned eating up resources. best policy is to stay away from questionable sites and "unknown" uploaders. though i know it's hard, it's the best way to stay clean. use malwarebytes' and spybot in emergencies and let your free (or paid if you feel necessary which i don't ever think it is) AV program do the realtime and snoop work unless you suspect it missed something, ie. high cpu usage at idle...
I'm usually careful,this s**t happened accidentally you can say ;o And the files that were in the System Volume Information are still there and still can't be deleted xD,so I assume they're supposed to be there. I dunno some people suggested and said that winpatrol and spywareblaster sometimes managed to detect something their other security programs couldn't detect...
you can try takeownership Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\runas] @="Take Ownership" "NoWorkingDirectory"="" [HKEY_CLASSES_ROOT\*\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F" [HKEY_CLASSES_ROOT\Directory\shell\runas] @="Take Ownership" "NoWorkingDirectory"="" [HKEY_CLASSES_ROOT\Directory\shell\runas\command] @="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" "IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t" Save as: InstallTakeOwnership.reg Code: Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\*\shell\runas] [-HKEY_CLASSES_ROOT\Directory\shell\runas] Save as: RemoveTakeOwnership.reg Personally i would boot from a LIVE cd to delete those files as already stated.
I took ownership already,it won't let me delete still,i even took ownership of the files inside it separately,still won't let me. And i don't know how to delete them using the Live CD... xD