How do you delete the virus on C System Volume Information restore EXE?

Answer 1

Wiki s contributors share some tips:

• All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab) on the Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out.

  You will then need to restart your computer and and go into Safe Mode by holding the F8 key down (kind of at the beginning of bootup). When you're at the Desktop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT (not PSW.Briss.C) but the actual name of the file, which would have shown up on your Anti-Virus software. You can delete this file from here, also make sure to empty your Recycle Bin.

  I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the Restore folder after unchecking the hidden files boxes, then went to Safe Mode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!

  I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the internet.

• I have Windows XP. This worked for me:

  Open Control Panel Tools Folder Options View Uncheck "Hide protected operating system files" OK Start Search Files and Folders Enter all or part of Trojan file. Search Right click file when found Delete Empty Recycle Bin.

• Your virus scanner may not be able to access the folder because it does not have permission to do so. See this article for info on how to gain access to the System Volume Information folder:

http://support.Microsoft.com/default.aspx?scid=KB;en-us;q309531.

• I am running Windows XP Pro (build 2600) w/SP2 and on this system I am running Avast AntiVirus 4.5 Home Edition ( I alternate between this and Avast Professional when I reformat, which is 2x a year). This is an exceptional program as well as its brother Avast Professional 4.5, upon a daily scan the Home version found this: C:\System Volume Information\_restore{992476EB-89EC-4BBA-ACF9-063EFCB49378}\RP35\A0003426.exe Avast 4.5 Home Edition found and deleted this file, however to be sure I went ahead and did the following: Restart/Safe Mode/Administrator/Desktop/Start/Control Panel/Tools/View/Uncheck both 'hide extensions for known file types' and 'hide protected Operating System files (recommended)' click 'apply' then select 'ok' move towards start/search/all files and folders/*A0003426.exe search yielded nothing after Avast had initially deleted the file in 'normal' startup. I ran Avast Antivirus while in safemode and it came back after scanning the SVI Folder with clean results. Replaced the checkmarks back into the "hide extensions for known file types" and "hide protected Operating System files (recommended)", applied and ok'd, restarted and re-entered normal start-up. Since I was still bored I re-scanned in normal mode and again Avast found nothing. Well the bottom line is that I didn't have to do much other than carry out this exercise for when I may need to do so again and really have to work. Avast did most if not all the work for me from the get-go.

Azu shares a tip:

• Merely setting explorer not to hide extensions and protected files will not allow you access to the System Volume Information folder. You will not be able to open it and searches you conduct will ignore everything in it. To access it you must login to an administrator account, right click the folder, click properties, go to security, and add full control to it for your account. Only then will you be able to see what's in it. Unless you use the FAT32 filesystem, in which case this is unnecessary since it lacks privilege functionality.