If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Deleting the System Volume Information folder
I'm running XP SP3. I use the free version of Avast for an antivirus.
Recently Avast started hanging during a scan. After about a day's worth of troubleshooting (I have too much free time) I discovered I could choose to scan folders. Then I found out if I unchecked the System Information Folder on C: that Avast would run without error. I have XP's System Restore turned off, I use an image backup. When I posted my hang problem on the Avast forum someone suggested I try deleting the System Volume Information folder, that it would simply destroy one System Restore point that XP would automatically replace. I found that if I added my name to the folder's Security that I could indeed delete it, but dire warnings scared me off. Is it safe for me to delete that folder? Also: trying to open the log file in the System Volume Information folder with Notepad does indeed hang NotePad also. ??? |
#2
|
|||
|
|||
Deleting the System Volume Information folder
John B. Smith wrote:
I'm running XP SP3. I use the free version of Avast for an antivirus. Recently Avast started hanging during a scan. After about a day's worth of troubleshooting (I have too much free time) I discovered I could choose to scan folders. Then I found out if I unchecked the System Information Folder on C: that Avast would run without error. I have XP's System Restore turned off, I use an image backup. When I posted my hang problem on the Avast forum someone suggested I try deleting the System Volume Information folder, that it would simply destroy one System Restore point that XP would automatically replace. I found that if I added my name to the folder's Security that I could indeed delete it, but dire warnings scared me off. Is it safe for me to delete that folder? Also: trying to open the log file in the System Volume Information folder with Notepad does indeed hang NotePad also. ??? If I go to Control Panels:System and the "System Restore" tab, mine is set to "Turn off System Restore on all drives" That's so I can connect a Win7 hard drive, without damaging it. I have to do that, so WinXP won't inadvertently change the state of the Win7 disk. If I look in the System Volume Information folder of WinXP C:, it's completely empty right now. No restore points are being created, because they're turned off. It's an empty folder. The reason I can look in there, is the file system for my WinXP is FAT32, with less in the way of useful security. If you want to examine "System Volume Information" at your convenience, you can do that from a Linux LiveCD like Ubuntu (preferably, version 10.10 or 10.04, as the latest ones include the smelly Unity interface). As for scanning the system and getting a "second opinion", you can get the 196MB CD from here. If your modem/router provides DHCP for acquiring an IP address, this CD can also connect to their web site and get updates. The CD may store (cache) the definition files on C:, for usage the next time. Even so, it can take a while to download updates, before doing a scan. This is an offline AV scanner, with its own boot OS. http://support.kaspersky.com/faq/?qid=208282163 "Iso image of Kaspersky Rescue Disk 10 (196 MB)" While they offer a USB stick option, I just burn a CD with that and use if, as it's reusable. That CD also has a Terminal (Linux command line). You can go there, if you want, and examine System Volume Information. The Kaspersky CD mounts all the partitions, and to enter a partition from the Terminal, you "change directory" like this. cd /discs/E: If you then list the contents ls -al you can see the files. To enter System Volume Information cd "System Volume Information" ls -al You can go from partition to partition, until you find your real C: drive. Kaspersky doesn't letter drives, in the same order as Windows, and my C: is actually "E:" in there. I might scan "E:" every couple months on average (after something "funny" happens). I would expect, if you were to delete System Volume Information, WinXP would just create it again on the next boot, whether System Restore is set or not. It's possible that directory is used for more than one purpose. And there's no real need to delete it, if you verify it's cleaned out using Linux. While you can change permissions on it in Windows, to make it more "friendly", you won't get any "back talk" in Linux. Linux can even see files on my Windows 7 disk, that are "access denied" under any circumstances while in Windows. Just don't "touch" things while doing stuff like that (I've broken Windows 7 twice, while fooling around :-) ). Good thing I've got backups. A WinXP C: partition should be a bit less sensitive to mucking about. Paul |
#3
|
|||
|
|||
Deleting the System Volume Information folder
Paul nospam needed.com wrote:
.... I would expect, if you were to delete System Volume Information, WinXP would just create it again on the next boot, whether System Restore is set or not. It's possible that directory is used for more than one purpose. And there's no real need to delete it, if you verify it's cleaned out using Linux. While you can change permissions on it in Windows, to make it more "friendly", you won't get any "back talk" in Linux. Linux can even see files on my Windows 7 disk, that are "access denied" under any circumstances while in Windows. Just don't "touch" things while doing stuff like that (I've broken Windows 7 twice, while fooling around :-) ). Good thing I've got backups. A WinXP C: partition should be a bit less sensitive to mucking about. I have broken various versions of Windows countless times by deleting files and folders. I gave up trying to keep Windows in order after a default installation included a seemingly infinite number of files and folders, after realizing that neatness was not a Microsoft-compatible goal. Keeping incremental backup copies of Windows keeps things from getting out of hand. Good luck and have fun. -- Paul |
#4
|
|||
|
|||
Deleting the System Volume Information folder
On Wed, 28 Dec 2011 10:34:39 -0500, Paul wrote:
If I go to Control Panels:System and the "System Restore" tab, mine is set to "Turn off System Restore on all drives" That's so I can connect a Win7 hard drive, without damaging it. I have to do that, so WinXP won't inadvertently change the state of the Win7 disk. If I look in the System Volume Information folder of WinXP C:, it's completely empty right now. No restore points are being created, because they're turned off. It's an empty folder. The reason I can look in there, is the file system for my WinXP is FAT32, with less in the way of useful security. If you want to examine "System Volume Information" at your convenience, you can do that from a Linux LiveCD like Ubuntu (preferably, version 10.10 or 10.04, as the latest ones include the smelly Unity interface). As for scanning the system and getting a "second opinion", you can get the 196MB CD from here. If your modem/router provides DHCP for acquiring an IP address, this CD can also connect to their web site and get updates. The CD may store (cache) the definition files on C:, for usage the next time. Even so, it can take a while to download updates, before doing a scan. This is an offline AV scanner, with its own boot OS. http://support.kaspersky.com/faq/?qid=208282163 "Iso image of Kaspersky Rescue Disk 10 (196 MB)" While they offer a USB stick option, I just burn a CD with that and use if, as it's reusable. That CD also has a Terminal (Linux command line). You can go there, if you want, and examine System Volume Information. The Kaspersky CD mounts all the partitions, and to enter a partition from the Terminal, you "change directory" like this. cd /discs/E: If you then list the contents ls -al you can see the files. To enter System Volume Information cd "System Volume Information" ls -al You can go from partition to partition, until you find your real C: drive. Kaspersky doesn't letter drives, in the same order as Windows, and my C: is actually "E:" in there. I might scan "E:" every couple months on average (after something "funny" happens). I would expect, if you were to delete System Volume Information, WinXP would just create it again on the next boot, whether System Restore is set or not. It's possible that directory is used for more than one purpose. And there's no real need to delete it, if you verify it's cleaned out using Linux. While you can change permissions on it in Windows, to make it more "friendly", you won't get any "back talk" in Linux. Linux can even see files on my Windows 7 disk, that are "access denied" under any circumstances while in Windows. Just don't "touch" things while doing stuff like that (I've broken Windows 7 twice, while fooling around :-) ). Good thing I've got backups. A WinXP C: partition should be a bit less sensitive to mucking about. Paul Thanks Paul, very nice disc! I ran the virus scan on C: without errors. My drives are lettered just like Windows calls them out? Updating: default setting don't work. I don't think I'm connected to the internet. Network Setup: "unable to automatically detect IP settings for Realtek Gigabit Ethernet card". I haven't a clue about how to enter these setting in myself. This board has two connections, I happened to be on #2. Back into Windows, I went back to the Kaspersky site where you sent me, I see this: "Rescue Disk version 10.0.29.6 not supported by Kaspersky lab" ?? I had hoped there was a way to d/l virus definitions with Windows, stash them somewhere on my drive and try to point the Rescue Disk to it when updating. Couldn't find any called out on that site. In File Manager I can view drives and folders but the 'Delete' option is grayed out. In Terminal the cd instructions you give above don't seem to work? Still, a very good effort, as I now have that 'second opinion' about any possible viruses on my C: |
#5
|
|||
|
|||
Deleting the System Volume Information folder
John B. Smith wrote:
On Wed, 28 Dec 2011 10:34:39 -0500, Paul wrote: If I go to Control Panels:System and the "System Restore" tab, mine is set to "Turn off System Restore on all drives" That's so I can connect a Win7 hard drive, without damaging it. I have to do that, so WinXP won't inadvertently change the state of the Win7 disk. If I look in the System Volume Information folder of WinXP C:, it's completely empty right now. No restore points are being created, because they're turned off. It's an empty folder. The reason I can look in there, is the file system for my WinXP is FAT32, with less in the way of useful security. If you want to examine "System Volume Information" at your convenience, you can do that from a Linux LiveCD like Ubuntu (preferably, version 10.10 or 10.04, as the latest ones include the smelly Unity interface). As for scanning the system and getting a "second opinion", you can get the 196MB CD from here. If your modem/router provides DHCP for acquiring an IP address, this CD can also connect to their web site and get updates. The CD may store (cache) the definition files on C:, for usage the next time. Even so, it can take a while to download updates, before doing a scan. This is an offline AV scanner, with its own boot OS. http://support.kaspersky.com/faq/?qid=208282163 "Iso image of Kaspersky Rescue Disk 10 (196 MB)" While they offer a USB stick option, I just burn a CD with that and use if, as it's reusable. That CD also has a Terminal (Linux command line). You can go there, if you want, and examine System Volume Information. The Kaspersky CD mounts all the partitions, and to enter a partition from the Terminal, you "change directory" like this. cd /discs/E: If you then list the contents ls -al you can see the files. To enter System Volume Information cd "System Volume Information" ls -al You can go from partition to partition, until you find your real C: drive. Kaspersky doesn't letter drives, in the same order as Windows, and my C: is actually "E:" in there. I might scan "E:" every couple months on average (after something "funny" happens). I would expect, if you were to delete System Volume Information, WinXP would just create it again on the next boot, whether System Restore is set or not. It's possible that directory is used for more than one purpose. And there's no real need to delete it, if you verify it's cleaned out using Linux. While you can change permissions on it in Windows, to make it more "friendly", you won't get any "back talk" in Linux. Linux can even see files on my Windows 7 disk, that are "access denied" under any circumstances while in Windows. Just don't "touch" things while doing stuff like that (I've broken Windows 7 twice, while fooling around :-) ). Good thing I've got backups. A WinXP C: partition should be a bit less sensitive to mucking about. Paul Thanks Paul, very nice disc! I ran the virus scan on C: without errors. My drives are lettered just like Windows calls them out? Updating: default setting don't work. I don't think I'm connected to the internet. Network Setup: "unable to automatically detect IP settings for Realtek Gigabit Ethernet card". I haven't a clue about how to enter these setting in myself. This board has two connections, I happened to be on #2. Back into Windows, I went back to the Kaspersky site where you sent me, I see this: "Rescue Disk version 10.0.29.6 not supported by Kaspersky lab" ?? I had hoped there was a way to d/l virus definitions with Windows, stash them somewhere on my drive and try to point the Rescue Disk to it when updating. Couldn't find any called out on that site. In File Manager I can view drives and folders but the 'Delete' option is grayed out. In Terminal the cd instructions you give above don't seem to work? Still, a very good effort, as I now have that 'second opinion' about any possible viruses on my C: With Linux, there are two issues. First, is having a driver for the NIC itself. The Kaspersky disc has a problem with TG3 (whatever that is), and my laptop falls in that category (I think my laptop has a Broadcom Ethernet chip, controlled by TG3 driver). On my laptop, I have to unload the driver and reload it again, and then it started working. The second of those steps is "modprobe tg3" for example. The other part of the puzzle, is the DHCP client in Linux. (A number of different ones have been written for Linux, and distros choose to use different versions of those to do the same job.) Its job is to send a DHCP query to the "local gateway", in this case that might be your modem/router in router mode (not bridged mode). In my case, I'm connected by ADSL to broadband Internet via the phone company. Before booting the Kaspersky disc, I would connect to the modem/router and authenticate with the ISP (so now my Internet service is running). At that point, if I wanted, a packet could go from my house, to Kaspersky. Then, when I boot the Kaspersky disc, part of the initialization code in Linux, includes a call to the DHCP client program. It's a separate program, and can even be run from the Terminal (if you can figure out the name of it). What I can do here, is load the Kaspersky disc in a virtual machine, and watch it work. But the hardware emulated in that environment, isn't a match for your exact problem, so it would be hard to reproduce what you're seeing. I'll download the latest CD and have a look. If I spot some easy things to try, I'll post back. One thing the Kaspersky disc doesn't support for sure, is dialup networking. If a person connected to the Internet with a dialup modem, the Kaspersky disc contains no (PPP) code for that. But if you're connected via Cable Modem, ADSL, or perhaps even Wifi, you might be able to get virus definition updates. In terms of my skills with this stuff, I'm barely able to get this stuff functional, so it isn't always that easy. I find it particularly hard in Linux, to fix the Ethernet interface, when I can't use the web browser and get help from the Internet. It's a pig... Later, Paul |
#6
|
|||
|
|||
Deleting the System Volume Information folder
Paul wrote:
John B. Smith wrote: On Wed, 28 Dec 2011 10:34:39 -0500, Paul wrote: If I go to Control Panels:System and the "System Restore" tab, mine is set to "Turn off System Restore on all drives" That's so I can connect a Win7 hard drive, without damaging it. I have to do that, so WinXP won't inadvertently change the state of the Win7 disk. If I look in the System Volume Information folder of WinXP C:, it's completely empty right now. No restore points are being created, because they're turned off. It's an empty folder. The reason I can look in there, is the file system for my WinXP is FAT32, with less in the way of useful security. If you want to examine "System Volume Information" at your convenience, you can do that from a Linux LiveCD like Ubuntu (preferably, version 10.10 or 10.04, as the latest ones include the smelly Unity interface). As for scanning the system and getting a "second opinion", you can get the 196MB CD from here. If your modem/router provides DHCP for acquiring an IP address, this CD can also connect to their web site and get updates. The CD may store (cache) the definition files on C:, for usage the next time. Even so, it can take a while to download updates, before doing a scan. This is an offline AV scanner, with its own boot OS. http://support.kaspersky.com/faq/?qid=208282163 "Iso image of Kaspersky Rescue Disk 10 (196 MB)" While they offer a USB stick option, I just burn a CD with that and use if, as it's reusable. That CD also has a Terminal (Linux command line). You can go there, if you want, and examine System Volume Information. The Kaspersky CD mounts all the partitions, and to enter a partition from the Terminal, you "change directory" like this. cd /discs/E: If you then list the contents ls -al you can see the files. To enter System Volume Information cd "System Volume Information" ls -al You can go from partition to partition, until you find your real C: drive. Kaspersky doesn't letter drives, in the same order as Windows, and my C: is actually "E:" in there. I might scan "E:" every couple months on average (after something "funny" happens). I would expect, if you were to delete System Volume Information, WinXP would just create it again on the next boot, whether System Restore is set or not. It's possible that directory is used for more than one purpose. And there's no real need to delete it, if you verify it's cleaned out using Linux. While you can change permissions on it in Windows, to make it more "friendly", you won't get any "back talk" in Linux. Linux can even see files on my Windows 7 disk, that are "access denied" under any circumstances while in Windows. Just don't "touch" things while doing stuff like that (I've broken Windows 7 twice, while fooling around :-) ). Good thing I've got backups. A WinXP C: partition should be a bit less sensitive to mucking about. Paul Thanks Paul, very nice disc! I ran the virus scan on C: without errors. My drives are lettered just like Windows calls them out? Updating: default setting don't work. I don't think I'm connected to the internet. Network Setup: "unable to automatically detect IP settings for Realtek Gigabit Ethernet card". I haven't a clue about how to enter these setting in myself. This board has two connections, I happened to be on #2. Back into Windows, I went back to the Kaspersky site where you sent me, I see this: "Rescue Disk version 10.0.29.6 not supported by Kaspersky lab" ?? I had hoped there was a way to d/l virus definitions with Windows, stash them somewhere on my drive and try to point the Rescue Disk to it when updating. Couldn't find any called out on that site. In File Manager I can view drives and folders but the 'Delete' option is grayed out. In Terminal the cd instructions you give above don't seem to work? Still, a very good effort, as I now have that 'second opinion' about any possible viruses on my C: OK, I have the latest Kav booted in a virtual machine. If I open Terminal and do ifconfig it should report the existence of "ETH0". If there was a problem at the driver level, then there might be no ETH0 present. If you have a couple interfaces, they might be ETH0, ETH1, and the one connected would be the one that would be used for subsequent operations. The fact there are multiple of them, shouldn't be a problem. If you have two hardware connectors (RJ45) and only one ETH entry from ifconfig, then it would pay to switch the cable to the other one, if there was no response. If one had a driver and the other one didn't, you'd want the cable connected to the one that had an available driver. If you use the "lspci" command, it will list the chips in the computer for you. For example, in my laptop, this is the offending component. 02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780 The Kaspersky CD has a "Network Config" entry in the menu, and the offer to configure an interface, only exists if the equivalent of an entry in ifconfig is seen. So if the driver didn't work right, then nothing can populate the "Network Config" thing. And this is a logical failing - anything that claims to configure a network, should also examine chips on the bus, and try and bring them up. I tested Network Config on my laptop. With the known problem with some network chipset controlled by the TG3 driver, I did this first to fix the problem Kaspersky has on my laptop. Apparently the driver doesn't install right, the first time. modprobe -r tg3 (that removes the driver) modprobe tg3 (that puts it back) Immediately after that, in the Kaspersky terminal window, I can do "ifconfig" and eth0 shows up. So something behind the scenes fixed things up at that point. (Normally, there would be additional work after the modprobe, as far as I know.) I don't know what your RealTek chip would need. Try the "lspci", then run the chip number or details through Google and see if there is a known problem. Paul |
#7
|
|||
|
|||
Deleting the System Volume Information folder
You've sure went to a lot of trouble with this, thanks. I have a DSL
modem and internet with Verizon. After my struggles with Kaspersky yesterday I 'signed on" to the modem at http://192.168.0.1/cgi-bin/webcm?get...Acontype=pppoe and wrote down the gobbledy-gook numbers listed as Gateway MAC address WAN IP address Subnet Mask Gateway IP address DNS address 1 DNS address 2 my inclination is now to plug this stuff into the 'spaces' Kaspersky gives to manually configure the Realtek Ethernet card. I'm flying blinder than you. I'll take your newly gathered info and play with it also. I do have an "Adrianne Knoppix" CD, the only Linux CD I was ever able to load and get to work. I've managed to delete some troublesome Windows files with it in the past. One of these days that folder in my title is gonna disappear - and I'll have a current image backup when I do it. On Thu, 29 Dec 2011 19:32:09 -0500, Paul wrote: Paul wrote: http://support.kaspersky.com/faq/?qid=208282163 Thanks Paul, very nice disc! I ran the virus scan on C: without errors. My drives are lettered just like Windows calls them out? Updating: default setting don't work. I don't think I'm connected to the internet. Network Setup: "unable to automatically detect IP settings for Realtek Gigabit Ethernet card". I haven't a clue about how to enter these setting in myself. This board has two connections, I happened to be on #2. Back into Windows, I went back to the Kaspersky site where you sent me, I see this: "Rescue Disk version 10.0.29.6 not supported by Kaspersky lab" ?? I had hoped there was a way to d/l virus definitions with Windows, stash them somewhere on my drive and try to point the Rescue Disk to it when updating. Couldn't find any called out on that site. In File Manager I can view drives and folders but the 'Delete' option is grayed out. In Terminal the cd instructions you give above don't seem to work? Still, a very good effort, as I now have that 'second opinion' about any possible viruses on my C: OK, I have the latest Kav booted in a virtual machine. If I open Terminal and do ifconfig it should report the existence of "ETH0". If there was a problem at the driver level, then there might be no ETH0 present. If you have a couple interfaces, they might be ETH0, ETH1, and the one connected would be the one that would be used for subsequent operations. The fact there are multiple of them, shouldn't be a problem. If you have two hardware connectors (RJ45) and only one ETH entry from ifconfig, then it would pay to switch the cable to the other one, if there was no response. If one had a driver and the other one didn't, you'd want the cable connected to the one that had an available driver. If you use the "lspci" command, it will list the chips in the computer for you. For example, in my laptop, this is the offending component. 02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780 The Kaspersky CD has a "Network Config" entry in the menu, and the offer to configure an interface, only exists if the equivalent of an entry in ifconfig is seen. So if the driver didn't work right, then nothing can populate the "Network Config" thing. And this is a logical failing - anything that claims to configure a network, should also examine chips on the bus, and try and bring them up. I tested Network Config on my laptop. With the known problem with some network chipset controlled by the TG3 driver, I did this first to fix the problem Kaspersky has on my laptop. Apparently the driver doesn't install right, the first time. modprobe -r tg3 (that removes the driver) modprobe tg3 (that puts it back) Immediately after that, in the Kaspersky terminal window, I can do "ifconfig" and eth0 shows up. So something behind the scenes fixed things up at that point. (Normally, there would be additional work after the modprobe, as far as I know.) I don't know what your RealTek chip would need. Try the "lspci", then run the chip number or details through Google and see if there is a known problem. Paul |
#8
|
|||
|
|||
Deleting the System Volume Information folder
I changed my NEC card connection (to the DSL modem) to the other jack
on the card. Booted into Kaspersky Rescue again. Did ifconfig in Terminal. The stuff it prints LOOKS right, I don't see an indication of error. So I got the idea of swapping the modem cable to the other jack again and see if ifconfig would look different. Suddenly the update worked! So I ran the scan on C: and found one Trojan this time and quarantined it. I rebooted Kaspersky, update again wouldn't work. I unplugged that modem to NEC cable again - 5 seconds - plugged it back in. Update now works again. It wanted to download another update, this one only 46kb, I didn't try to scan with it that update, as don't trust it much. So WHERE is it storing those updates on my machine???? |
#9
|
|||
|
|||
Deleting the System Volume Information folder
John B. Smith wrote:
I changed my NEC card connection (to the DSL modem) to the other jack on the card. Booted into Kaspersky Rescue again. Did ifconfig in Terminal. The stuff it prints LOOKS right, I don't see an indication of error. So I got the idea of swapping the modem cable to the other jack again and see if ifconfig would look different. Suddenly the update worked! So I ran the scan on C: and found one Trojan this time and quarantined it. I rebooted Kaspersky, update again wouldn't work. I unplugged that modem to NEC cable again - 5 seconds - plugged it back in. Update now works again. It wanted to download another update, this one only 46kb, I didn't try to scan with it that update, as don't trust it much. So WHERE is it storing those updates on my machine???? The Kaspersky scanning CD uses your C: partition. It uses pagefile.sys for a swap file. (Using the "top" command, you can correlate the size of swap space, with the size(s) of any pagefile.sys files on your system, and from that, figure out which file it is abusing.) It will also create a directory on C: and cache the definition files. That's why, if you shut off the computer, reboot two hours later and download updates, the updates are only 46KB and not 100MB. The other 99.9MB of data are already stored on your C:. That also means, when the "kav" application starts up, it'll scan the partitions looking for the directory it caches stuff in. If it doesn't find the directory in question, it creates one for itself. On my dual boot system, I have WinXP and Win2K. The Kaspersky CD decided to arbitrarily use the Win2K C: for its needs. That could partially be due to detecting a previous Kaspersky installation on the Win2K partition. So it isn't a totally benign, hands off approach. In the interest of reducing downloads from the server, it does use a bit of space on your disk. I think it's a fair design tradeoff. The "kav" application also scans the cache folder, to see whether it's compromised, so it doesn't just blindly accept the content in them. In the same way it would do the same thing, if you had an actual Kaspersky subscription. Paul |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Cannot create or replace System Volume Information: Access is Denied | [email protected] | General | 4 | April 8th 06 05:20 PM |
System information | bb | Asus Motherboards | 3 | January 21st 06 01:47 PM |
Need to boost system volume | Michael Dougherty | General Hardware | 3 | July 14th 04 02:44 PM |
System Volume? | Cynthia G | Dell Computers | 2 | January 10th 04 09:33 AM |
System Volume Info Corrupt??? | Ian Hubbard | Storage (alternative) | 0 | June 30th 03 03:27 AM |