How to delete (infected) files from within "...\_restore{..." files/sub-directories

~~Girderman~~ · 04-07-2007, 10:05 AM

I've been gone from my computer for a while and this a.m. I took a look at AVG's "Virus Vault" and discovered I've got a few baddies in my "C:\System Volume Informatiom\_restore{384FKE22...}" directory/file.

First, should this file/directory be described as a "file" or a "directory". It seems like it would be some sort of compressed file (like a .CAB) but I don't know for sure.

Second, can a single file inside it be selectively deleted and if so, how ? I have tried this in the past and have been unsuccessful ?

Finally, if it cannot be selectively deleted can the entire file/directory be deleted and if so, how ?

I am aware that you can turn off System Restore (which deletes ALL of the System Restore files) and then turn it back on again. I am looking for a way to be more precise in the deletion so as to avoid deleted "good" data with the BAD.

Thanks in advance,

Girdingman

Ried · 04-07-2007, 10:42 AM

The way System Restore is constructed, you cannot 'pluck' entries from it--it would break the 'chain' so to speak and render your System Restore useless.

As long as your system is working as you like and expect, there's no harm in turning off System Restore to flush out previous restore points. Once you untick the box, Windows will automatically create a fresh, clean Restore point for you.

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK

~~Girderman~~ · 04-07-2007, 10:55 AM

Okay those were answers to the first two questions.

Turning System Restore "Off" deletes ALL the restore points. Is it possible to delete the entire entry (with the infected file) and leave the rest.

Would "Unlocker" do this ? Would anything bad happen if I did ?

Also, AVG had the corrupted file in it's "Virus Vault" and I went ahead and let it "empty" the Vault and now it no longer appears.

If manual deletion breaks the "chain", how then does AVG (apparantly) selectively delete infected files within a System Restore "file" ? (I hope that's the correct word choice...)

Ried · 04-07-2007, 11:02 AM

Any tool that effectively removes any entry from the system restore, in effect 'trashes' the System Restore and a new restore point needs to be created immediately. If you were to try to use System Restore after it's been 'cleaned' by a tool, you would receive an error message similar to 'System Restore could not complete....'

~~Girderman~~ · 04-07-2007, 01:16 PM

Quote:

If you were to try to use System Restore after it's been 'cleaned' by a tool, you would receive an error message similar to 'System Restore could not complete....'

Wow, that's very interesting. You would think that AVG (and any other software) would let you know that prior to "corrupting" the System Restore File. Further, you would think that a software that does this would offer to make a new one.

Will any harm come from manually deleting a System Restore file ?

Also, can I assume that each file is it's own restore "point", or are there multiple points contained within a single file ? (Meaning that you might lose more than one point if you delete an entire file...)

And another question (I like talking to smart people...) if you Restore a system using a point that has an infected file, will the system then become "infected" ?

If so, is it a "guarantee" of infection, "likely" to be infected or only a "chance" of infecting a system.

My last question goes to the possiblity that the only System Restore point available is one that is infected; if that is the only way to get a system running again, could you risk re-infecting the system and THEN get rid of the infected file(s) ?

**Glaswegian** · 04-07-2007, 01:34 PM

Quote: