|
Quite often Anti Virus scanners locate a virus, quarantine it then you find that the next day it's back again. What has happened is that Windows has included the virus into a System Restore Point when it creates one. The folder that contains the restore point information is the "System Volume Information" folder which is a protected folder.
You may not even be able to see the folder at all.
There are two methods of ridding yourself of the virus if the scanner is incapable. Both require you to be logged on as an administrator. First Method The first method is to remove all the restore points. Unless you are 100% sure you will never need to restore to a previous point then by all means do it.
1. Right Click My Computer, choose Properties then Click on the System Restore Tab. Place a check mark alongside "Turn Off System Restore On All Drives" Click Ok and close the Dialog Boxes.
2. Run your Anti Virus scanner again to make sure the virus is gone. You can choose to perform the task only in the folder where the virus was detected. In this case the System Volume Information folder.
3. Once you are happy return to System Restore Tab and uncheck the mark.
While you are there highlight the drive or drives, click Settings and slide the slider to the left to around 2%. This will release a significant amount of hard drive space. Windows' default setting is to reserve 12% and on a 150 gig drive that can total 18 gigabytes. 2% will still give you enough room for an ample number of restore points. Click OK and close the dialog boxes.
4. Next, create a new Restore Point. Click Start, All Programs, Accessories, System Tools, Restore Points. Create a new one and give it any name you want. Second Method The second method allows you to save your restore points but remove the virus.
This method requires playing around with system files so if you are not comfortable doing that, then use the method above.
First, note the location where the Virus Scanner located the virus. Often you will find this information in the scanner's log file. In this case the location will be a series of numbers. (it will look like BB33ED9C-9125-42AF-92C0-EA614B1F488E:RP45:A01197455)
1. Click On My Computer and choose Tools then Folder Options then click on the View tab. Scroll down till you see Hidden Files and Folders and check the "Show Hidden Files and Folders". Now scroll down to "Hide Protected Operating System Files" and uncheck it then down to "Use Simple File Sharing Sharing" and uncheck it as well.
Close the dialog box.
2. Now navigate to the System Volume Information folder, right click on it and choose Properties then Click on the "Security" Tab . Click ADD and add the name of the user that is currently logged on. An incorrect name will not be accepted. Check all the boxes on the left column. Click OK and Ok again.
3. You can now open the System Volume Information folder.
4. Locate the number (it will look like _restore{BB33ED9C-9125-42AF-92C0-EA614B1F488E}) and open the folder. Look for the second part of the number (it will begin with RP). Open it, then look for the last part of the number your anti virus scanner showed (it will look like A01197455.ini_ ) and delete it.
5. Close down everything then reverse the above steps in order from step 4 to step 1.
Just to be sure run your Anti Virus scanner again targeting the System Volume Information folder. All should be clean now.
Have a question? Need help? Get free, friendly person-to-person help with your computer questions or spyware questions in our help forums!
|
