The information stored in these folders is used by Windows to revert to an earlier state, when you use the System Restore tool.
What is stored in these folders?
- important registry changes
- information about installed applications (and the changes that were made by installing them)
- important files that were deleted (mainly executables or DLL files)
There are times when some malware files get in the System Volume Information folder. This happenes either because the malware wants to get there (so it is in a safe place where the user doesn't have access to delete it and from where it can restore itself in case it is deleted from somewhere else), either because some malware file gets deleted and Windows decides that the file was important and it automatically stores it there, in case you ever want it back.
When a malware gets in this special folder, it will be detected by BitDefender (or other AV scanner) as having the path similar to:
Usually, BitDefender 2008 can remove the infected files in System Restore Points (previous BD versions didn't have this possibility). But, in case the infection is archived, cleaning will fail:
In this case, you have to make a manual clean of the infection.
For Windows XP
The easiest method:
First method is the easiest, and should solve the problem in most of the cases.
First of all, disable BitDefender's Realtime Protection, so that it won't block the access to the infected files, preventing you from deleting them. Warning! Be careful not to open any infected file(s) while BD's protection is disabled, because you'll get infected.
Right click on My Computer, then go to Properties -> System Restore. In that tab, enable the option Disable System Restore on all drives and click Apply. This should erase all System Restore Points, including the infected file(s).
After this, disable that option and press Apply again, so that you'll re-enable System Restore. Also, remember to re-enable BD Realtime Protection.
Don't worry about loosing the system's restore points, because new ones will be created whenever needed.
Now make another scan, to make sure the infection is gone.
Edited by Cris, 13 January 2010 - 11:16 AM.