If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Strange problem with System Volume Information folder
So NAV, all of a sudden, keeps detecting (and fixing) a trojan in
there. And everytime I try to access that folder to look in it I get the old: "access denied" message. Even though I have said SHOW hidden files, DO NOT Hide protected operating system files (Recommended) ... still the system won't let me in. Anyone have any clues what's up? THanks |
Ads |
#2
|
|||
|
|||
Strange problem with System Volume Information folder
SergioQ wrote:
So NAV, all of a sudden, keeps detecting (and fixing) a trojan in there. And everytime I try to access that folder to look in it I get the old: "access denied" message. Even though I have said SHOW hidden files, DO NOT Hide protected operating system files (Recommended) ... still the system won't let me in. Anyone have any clues what's up? Turn off System Restore. Reboot. Turn on System Restore. Scan with MalwareBytes (Full Scan.) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#3
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 2:32*am, "Shenan Stanley" wrote:
Turn off System Restore. Reboot. Turn on System Restore. Scan with MalwareBytes (Full Scan.) As we speak MalwareBytes is running, will take awhile. But after turning off Sys Rest, rebooting (and confirming that the File View options are set correctly) windows still won't let me look in that folder. That can't be right. Also as a side note, I use Nortan Ghost...should I even bother turning back on Windows Sys Rest? Anything it covers that Ghost doesn't? THanks for your help so far. |
#4
|
|||
|
|||
Strange problem with System Volume Information folder
SergioQ wrote:
On Nov 25, 2:32 am, "Shenan Stanley" wrote: Turn off System Restore. Reboot. Turn on System Restore. Scan with MalwareBytes (Full Scan.) As we speak MalwareBytes is running, will take awhile. But after turning off Sys Rest, rebooting (and confirming that the File View options are set correctly) windows still won't let me look in that folder. That can't be right. Yes, that is right, by default only the System account has access to this folder. Use the CACLS command to grant yourself access to the folder: cacls "c:\System Volume Information" /E /G "User Name":F http://support.microsoft.com/kb/309531 How to gain access to the System Volume Information folder John |
#5
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 6:51*am, SergioQ wrote:
On Nov 25, 2:32*am, "Shenan Stanley" wrote: Turn off System Restore. Reboot. Turn on System Restore. Scan with MalwareBytes (Full Scan.) As we speak MalwareBytes is running, will take awhile. *But after turning off Sys Rest, rebooting (and confirming that the File View options are set correctly) windows still won't let me look in that folder. That can't be right. Also as a side note, I use Nortan Ghost...should I even bother turning back on Windows Sys Rest? * Anything it covers that Ghost doesn't? THanks for your help so far. If you don't already know, turning off/on SR will delete all your RPs, and you will still not be able to access the SVI folder when you are done with that (as you can see) and running MBAM will not grant you access either. If you have had a malicious software attach, it may be best to delete all your RPs anyway since they may contain the affliction. You are not "supposed" to access the SVI folder so there is nothing wrong and it is right. That is the way is is supposed to work. You will not access it using the conventional methods in Explorer unless you circumvent recommended settings, so it would be prudent to put things back when are done. The settings are the way they are for a reason. You can access the folder with cacls if you are compelled to do so (as indicated) but once you get there, what will you do? You would probably want to be sure to uncacls your system when you are done so some mistake doesn't happen later. Since you have NAV installed, trying to use SR to restore to a previous point is likely to fail anyway (try it), so you might also want to read this: http://service1.symantec.com/SUPPORT...05113009323013 If you think you might ever want to use SR, make yourself a RP, reboot and then restore to that last RP just to make sure the mechanism works and you understand the process (aka practice). |
#6
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 6:03*am, Jose wrote:
If you think you might ever want to use SR, make yourself a RP, reboot and then restore to that last RP just to make sure the mechanism works and you understand the process (aka practice).- Hide quoted text - - Show quoted text - Sorry if am confused, but using Norton GHOST, does it matter if I turn off SR? I mean they're independent of each other, yes or no? Thanks |
#7
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 1:53*pm, SergioQ wrote:
On Nov 25, 6:03*am, Jose wrote: If you think you might ever want to use SR, make yourself a RP, reboot and then restore to that last RP just to make sure the mechanism works and you understand the process (aka practice).- Hide quoted text - - Show quoted text - Sorry if am confused, but using Norton GHOST, does it matter if I turn off SR? *I mean they're independent of each other, yes or no? Thanks They are independent but do two different things. You also said you have NAV which to me means Norton Anti Virus. A typical installation of NAV will usually (by design) thwart attempts to restore your system to an earlier date using the Windows System Restore function. None of your RPs will work - infected or not. NAV will not let you restore your system to an earlier date using even a clean RP until you follow their directions in the provided link. Folks will sometimes report "Help! SR is broken!", so the next question (sometimes much later) is "Do you have NAV installed?" If yes, the read this link: http://service1.symantec.com/SUPPORT...05113009323013 That will probably not give relief to their probably infected system though but it is something they can try, and SR might work now. If NAV (or any other malicious software tool) says even one of your RPs is infected, I would consider them all compromised, clean up your system, whack all the old RPs, make a new (clean one), then attempt to restore your system using the new RP just for the fun of it to test the entire System Restore function from end to end and fix it if it doesn't work. If you want to use Ghost, that is fine. I would use both. However, if you are going to put some faith in Ghost (or SR), you should really test it to restore your system at least once to see if it really works. It may appear to be Ghosting just fine, but have you ever tried to use it? Could be surprising. If SR or Ghost doesn't work the way you expect, it would be better to find out before you really need it. |
#8
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 1:53*pm, SergioQ wrote:
On Nov 25, 6:03*am, Jose wrote: If you think you might ever want to use SR, make yourself a RP, reboot and then restore to that last RP just to make sure the mechanism works and you understand the process (aka practice).- Hide quoted text - - Show quoted text - Sorry if am confused, but using Norton GHOST, does it matter if I turn off SR? *I mean they're independent of each other, yes or no? Thanks ....the day you need it is not the day to find out it doesn't work |
#9
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 3:55*pm, Jose wrote:
...the day you need it is not the day to find out it doesn't work The day I bought Ghost, I also bought an identical HD and made sure that it worked. But this infected SRP is still buggin me. Came out of the blue, I ran the MalwareBytes advice above, it found no threat, etc. If I have SR OFF...why can't I get into that volume? |
#10
|
|||
|
|||
Strange problem with System Volume Information folder
On Nov 25, 4:38*am, John John - MVP wrote:
Yes, that is right, by default only the System account has access to this folder. *Use the CACLS command to grant yourself access to the folder: cacls "c:\System Volume Information" /E /G "User Name":F I tried it and got: No mapping between account names and security IDs was done. And yes, used the right drive letter and the current user name.. tried with the username in quotes and without. Any thoughts? |
#11
|
|||
|
|||
Strange problem with System Volume Information folder
SergioQ wrote:
If I have SR OFF...why can't I get into that volume? You do not have the necessary permission for your account (ACL) to gain access to the folder. I believe John John has already given you this information. How to gain access to the System Volume Information folder http://support.microsoft.com/kb/309531/en-us -- William Crawford |
#12
|
|||
|
|||
Strange problem with System Volume Information folder
SergioQ wrote:
On Nov 25, 4:38 am, John John - MVP wrote: Yes, that is right, by default only the System account has access to this folder. Use the CACLS command to grant yourself access to the folder: cacls "c:\System Volume Information" /E /G "User Name":F I tried it and got: No mapping between account names and security IDs was done. And yes, used the right drive letter and the current user name.. tried with the username in quotes and without. Any thoughts? Try the other methods he http://support.microsoft.com/kb/309531 How to gain access to the System Volume Information folder John |
#13
|
|||
|
|||
Strange problem with System Volume Information folder
John John - MVP wrote:
SergioQ wrote: On Nov 25, 4:38 am, John John - MVP wrote: Yes, that is right, by default only the System account has access to this folder. Use the CACLS command to grant yourself access to the folder: cacls "c:\System Volume Information" /E /G "User Name":F I tried it and got: No mapping between account names and security IDs was done. And yes, used the right drive letter and the current user name.. tried with the username in quotes and without. Any thoughts? Try the other methods he http://support.microsoft.com/kb/309531 How to gain access to the System Volume Information folder John And he still can't resolve the trojan issue by gaing access, another solution is to simply to turn OFF (and then later back on) System Restore, to start afresh. THAT will, of course, delete the prior System Restore points, and start clean from there. |
#14
|
|||
|
|||
Strange problem with System Volume Information folder
SergioQ wrote:
So NAV, all of a sudden, keeps detecting (and fixing) a trojan in there. And everytime I try to access that folder to look in it I get the old: "access denied" message. Even though I have said SHOW hidden files, DO NOT Hide protected operating system files (Recommended) ... still the system won't let me in. Anyone have any clues what's up? Shenan Stanley wrote: Turn off System Restore. Reboot. Turn on System Restore. Scan with MalwareBytes (Full Scan.) SergioQ wrote: As we speak MalwareBytes is running, will take awhile. But after turning off Sys Rest, rebooting (and confirming that the File View options are set correctly) windows still won't let me look in that folder. That can't be right. Also as a side note, I use Nortan Ghost...should I even bother turning back on Windows Sys Rest? Anything it covers that Ghost doesn't? THanks for your help so far. That *is* right. The System Volume folder is for holding system restore points. You have no need to gain access to these files and even if you had full access (which is possible just by taking ownership/changing permissions) - your AV software will be unable to actually clean the files inside the system restore points. By having you turn off System Restore and reboot - you lost all the restore points and thus the corrupted/infested/infected files you were finding inside the images. The bad side effect is that you cannot use those to restore the system files to an earlier point - but since some of the earlier points were infested/infected - my contention is you would not have wanted to use those anyway. ;-) The MalwareBytes scan I suggested was to better ensure you were clean of malware infestations. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#15
|
|||
|
|||
Strange problem with System Volume Information folder
I believe John John has already given you this information. How to gain access to the System Volume Information folderhttp://support.microsoft.com/kb/309531/en-us I could be wrong but thought I mentioned that this did not work for me. it's the simplest method, and went no where |
Thread Tools | |
Display Modes | |
|
|