I didn’t want to cause deviation in Crawf’s query … hence the new topic!

I got this virus today in the SYSTEM_VOLUME_INFORMATION folder. I knew the accepted removal method (disable Sytem Restore and reboot) but I had done this on an earlier occasion and my computer would not boot! I posted to this forum but got no response.

On this occasion I rechecked the advice in this forum and followed the link to McAFee on disabling System Restore. It was only accurate in my case up to a point … having disabled Restore and pressed OK I got a lot of disk activity and then the dialog finished with no option to reboot! I then used a standard scan which showed no virus. Next I enabled system restore and restarted the system - it rebooted successfully. Finally I used a thorough scan … no virus!

I have a few queries :

1> Can I put down my early reboot problems as a one-off and life’s too short …?
2>As my latest experience suggests, is the virus removed by just the act of disabling System Restore?
3>Do all Avast scans (quick, standard, thorough)check the obscure areas (System_volume_information etc)?
4> Is it possible to get Avast to just scan these areas?

1] Yes if you ask me
2] It wasn’t a virus. It was a false positive caused by the way system restore handles the files
3] Not sure, I believe they do.
4] Sure, just select the drive(s) or folder(s), you want Avast to scan.

Thanks Eddy

Can I just request clarification of your 4th answer?

I want to scan c:\system_volume_information to check that any viruses that used to reside here have gone.

But when I select Folders in AV I just get the standard list!

If I check C:\Partition_1 and then uncheck all the stated folders eventually C:\partition_1 becomes unchecked

If I check C:\Partition_1 and then uncheck all but one empty folder a scan goes ahead but does not check System_Volume_Information nor does it check hidden system files (boot.ini etc)

I must be missing the obvious but some help would be appreciated

You first have to make the folder accessable by changing its properties, otherwise Avast has no access to it.

Surely you could run the same scan that discovered the infection in System_Volume_Information in the first place ???

Can you not right click on the System_Volume_Information folder and select the avast icon, ‘Scan System_Volume_Information’ ?

I thought you guys had cracked it! I hadn’t made the ‘protected system files’ accessible. I went to Control Panel; Folder Options: View and unchecked the ‘Hide System Files’ option.
Sure enough, in AV I could apparently now scan eg Recycler and Sys Vol Info
However it did not seem to access the latter folder. (an access denied error)
David’s suggestion seemed appropriate but when I tried it I again got ‘Access Denied’
So … a full scan accesses this folder but a selected scan doesn’t or is there something else I should be doing to gain access ?

As to why I want to avoid a full scan … well I do a full 1 or 2 X per week (each takes 1.4 hours) ; I’d like to avoid this when doing a quick check

How to Gain Access to the System Volume Information Folder

As soon as you have done this. You will be able to select the folder for a scan in Avast. Or you can right click the folder and scan it with ashQuick

Thanks Eddy … To quote a recent TV Ad here in the UK …isn’t it nice when things just work!
I had seen KB re: CACLS previously but it looked pretty hairy. In reality it’s a doddle even for me
Thx again