System Volume Information\_restore

I am trying to help my sister clean her very neglected PC. Have been deleting and uninstalling files etc that definetly are not and shouldn’t be there. but the free space now availiable has gone from 9per cent to 8p/cent. as heaps have gone. defragging has told us that at least 30 files cannot be defragged. The majority(22) are the title-System Volume Information_restore{344D6AOF-CE3C-4FE8-85DE-CC

She is running Win XP. Has AVG antivirus and is up to date, For some reason her update “Service pack 3” gets rejected from microsoft I have assumed that there is no space.
I am thinking of following "Essexboys’ cleanup and download Malwares Antivirus etc.
After reading a few topics could this be a virus?
Any ideas?
T

Hi,

It’s look like you may have possibility infected by worm which is the name called Worm/Nachi.B.
Please do these steps :

  1. Turn off your system restore
  2. Rescan again with your existing AV and MalwareBytes

I hope with this way could rid this worm, or there is other way to followed like do the restore point as referenced link : hxxp://support.microsoft.com/?kbid=310405

cheers,

Lets be straight just because files can’t be defragged doesn’t mean that they are infected, but it is always wise to control the amount of space that the System Restore can uses, I think by default this can be 10 or 12% and on modern large hard disks can be huge. You can reduce the % used by system restore.

So periodically it is advisable to clear out old elements (restore points) of system restore if your computer is otherwise running OK, see ~~~ below.

However, after your system has been heavily infected it is best to clean it out as Yanto.Chiang suggested.

<blockquote>- Create Clean Restore Point - Clear old Restore Points.

Now you are clear of infection create a clean System Restore point:
1. Click Start, All Programs, Accessories, System tools, System Restore.
2. In the pop-up that appears fill in the radio button to Create a Restore Point
3. Click NEXT
4. Enter a useful name that you will remember if you need to find this again (Clean Restore Point)
5. Click CREATE

You now have a clean restore point, you should clear the old ones:
1. Click Start, All Programs, Accessories, System tools, Disk Clean Up
2. Click OK on the C: drive
3. Click the More Options tab
4. In the System Restore section click the Clean Up button</blockquote>

Hm…what files which can be fragmented and cannot be defragmented :slight_smile: ?
It can be the paging file(virtual Memory)

No it isn’t reporting the pagefile.sys but _restore points, nothing to do with paging file.

Thanks for all the replies.
Am about to sort out System restore,
Am doing MBAM thorough scan now, sorry I started it and then reread your (yanto.Chiang) where do the system restore thing then scan.
I am using my laptop to write this.
So far 4 objects are infected and when the scan is finished I will follow there instructions re quarantine.
Re pagefile/System restore-
I havent seen it but My sister has seen the low- virtual memory- come up and on the defrag notes
pagefile size is 336 MB Total fragments 1.Does that help.
T

When the scan is finished, post the MBAM log thanks.

ok The scan produced 4209 objects infected, and I read MBAM wrong and lost the result ???.
I gave up last night as sisters AVG wouldn’t let me upgrade to their knew one (AVG9) .plus that scan took 4 hrs. so I was gutted with me that I wiped it all.
I am nearly finished the 2nd MBAM scan can you help me as to what to do with MBAM to get it into Quaranten? And with such a huge infection what to from here ???
I have turned off system restore before this scan,
T

Should have said also that a lot of those infected objects where in “system 32” but as I wiped it all well you know the rest. :cry:

To be honest with that kind of numbers it might well be best to start from square one, back-up any important data and format and reinstall.

At the end of the MBAM scan the click the Show Results button, image1. This displays a list of all the detection with a check box to the left of the entries, this box is normally checked at the bottom there is Remove Selected button, that moves infected files to its quarantine, image2.

I was wondering that to.
Is there going to be much to work with when it is all in Quarantine?
Could you walk me thru or show me somewhere to go for me to follow the reinstalling/backup process.
Will post the result next time as I am on my laptop now and the computer in question is busy Quarantining ::slight_smile:
T

I’m sorry what you are asking isn’t a simple process.

I can’t recall the last time I installed a system from scratch as for many tears I have been using drive imaging software, that makes an exact image of your hard disk/partition and doing a hard disk image weekly. Any problem that is going to take longer that the time it takes to restore the last backup image then I restore the last weekly backup image, done in around 20 minutes.

I also have a backup that I do daily sometimes more than once for all volatile data files, .doc, .xls, media files, images, emails, address book, bookmarks, etc. any file that you wouldn’t want to lose. For the most part these are all in the same folder/partition (data) with sub-folders for specific files. If you haven’t already done this in advance it is a real headache backing up what you don’t want to lose before starting again.

As an update, my sister has had her PC “cleaned and reinstalled” not by me though a “wee bit out of my league”.
Thanks for everyones input. :slight_smile:
T

You’re welcome.

Now things have returned to some semblance of normality, your sister need to look at a back-up and recovery strategy, so should anything like this happen again there would be much less pain.

– DISK IMAGING
I would suggest you also look disk imaging software. I use Drive Image 7.1, the last version by PowerQuest before it was bought by Symantec and merged into its Norton Ghost disk imaging software, another option is Acronis true Image, there are others, most of them are paid options.
I take an image back-up of my primary hard disk partitions every week as part of my system maintenance. This is saved to my second HDD or it can also be written to a DVD. I also back-up volatile data files, .doc, .xls, etc. along with emails, bookmarks, address book, registration keys, etc. (anything you don’t want to lose) every day sometimes several times a day.

So if I experience a problem like yours (haven’t to date) then I just restore my last back-up disk image (takes about 15-20 minutes) followed by the last daily data back-up (takes seconds rather than minutes) and I will have lost virtually nothing.
Compare that with your experience and the money I paid for my disk imaging software would have paid for itself if it had to be used just once if you valued your time at just £5 per hour. I have had to use it several times (not virus related) where it has hauled my a** out of the fire, it is an absolute god send.

– SYSTEM BACK-UP & RECOVERY
If you fail to plan, then you plan to fail.
If you have a back-up and recovery plan, you can recover from anything in minutes, not hours or days.

  1. back-up all the things that you don’t want to lose, data files, like documents, spreadsheets, emails, email account details, registration keys, address book, favourites/bookmarks, downloaded files/programs, etc. the list goes on and on but if you don’t want to lose it back it up. There are many back-up programs that can simplify this task and run it every day.

  2. Recovery - re-installing your system really is a poor choice and one of last resort. There are tools (Drive Imaging software) that take exact images of your Partitions or Hard Disks and these images can be restored in minutes if you suffer a major catastrophe and that doesn’t have to be a virus attack.

I do a weekly image of my partitions and save them to my 2nd hard disk, they can also be saved to off-line storage, DVD, USB external hard disk, etc. as part of my weekly system maintenance.

So if the worst comes to the worst at most I lose:

  • 6 days worth of program updates or new installations, but with my daily back-up I can recover most of that.
  • less than one days data files, emails, etc.

None of these is a problem and much quicker than a system reinstall and I don’t have to go on-line to download the myriad of security updates needed to secure my system where there is a chance to get reinfected whilst my system has vulnerabilities because of these missing patches. Not to mention all my system tweaks and program settings are retained and I will have saved myself many hours of work and a huge amount of stress.

Many of these programs cost, there are some free ones, but it will take some research on your part to find these tools and decide on what is best for you from reviews, user feed back, etc. good luck.