Computer Help Forums

Computer Help Forum > TechieHQ Office > Newsgroup Archive > PC Hardware > Deleting the System Volume Information folder

Reply
Thread Tools Display Modes

Deleting the System Volume Information folder

 
 
John B. Smith
Guest

Posts: n/a
Thanked:


 
      Dec 28th, 11, 2:33 PM
I'm running XP SP3. I use the free version of Avast for an antivirus.
Recently Avast started hanging during a scan. After about a day's
worth of troubleshooting (I have too much free time) I discovered I
could choose to scan folders. Then I found out if I unchecked the
System Information Folder on C: that Avast would run without error. I
have XP's System Restore turned off, I use an image backup. When I
posted my hang problem on the Avast forum someone suggested I try
deleting the System Volume Information folder, that it would simply
destroy one System Restore point that XP would automatically replace.
I found that if I added my name to the folder's Security that I could
indeed delete it, but dire warnings scared me off. Is it safe for me
to delete that folder?
Also: trying to open the log file in the System Volume Information
folder with Notepad does indeed hang NotePad also. ???
 
Reply With Quote
 
 
 
 
Paul
Guest

Posts: n/a
Thanked:


 
      Dec 28th, 11, 4:34 PM
John B. Smith wrote:
> I'm running XP SP3. I use the free version of Avast for an antivirus.
> Recently Avast started hanging during a scan. After about a day's
> worth of troubleshooting (I have too much free time) I discovered I
> could choose to scan folders. Then I found out if I unchecked the
> System Information Folder on C: that Avast would run without error. I
> have XP's System Restore turned off, I use an image backup. When I
> posted my hang problem on the Avast forum someone suggested I try
> deleting the System Volume Information folder, that it would simply
> destroy one System Restore point that XP would automatically replace.
> I found that if I added my name to the folder's Security that I could
> indeed delete it, but dire warnings scared me off. Is it safe for me
> to delete that folder?
> Also: trying to open the log file in the System Volume Information
> folder with Notepad does indeed hang NotePad also. ???


If I go to Control Panels:System and the "System Restore" tab, mine
is set to

"Turn off System Restore on all drives"

That's so I can connect a Win7 hard drive, without damaging it. I have
to do that, so WinXP won't inadvertently change the state of the Win7 disk.

If I look in the System Volume Information folder of WinXP C:,
it's completely empty right now. No restore points are being
created, because they're turned off. It's an empty folder.

The reason I can look in there, is the file system for my
WinXP is FAT32, with less in the way of useful security.

If you want to examine "System Volume Information" at your
convenience, you can do that from a Linux LiveCD like Ubuntu
(preferably, version 10.10 or 10.04, as the latest ones
include the smelly Unity interface).

As for scanning the system and getting a "second opinion", you
can get the 196MB CD from here. If your modem/router provides
DHCP for acquiring an IP address, this CD can also connect to
their web site and get updates. The CD may store (cache) the
definition files on C:, for usage the next time. Even so, it
can take a while to download updates, before doing a scan.
This is an offline AV scanner, with its own boot OS.

http://support.kaspersky.com/faq/?qid=208282163

"Iso image of Kaspersky Rescue Disk 10 (196 MB)"

While they offer a USB stick option, I just burn a CD with that
and use if, as it's reusable.

That CD also has a Terminal (Linux command line). You can go there,
if you want, and examine System Volume Information.

The Kaspersky CD mounts all the partitions, and to enter a partition
from the Terminal, you "change directory" like this.

cd /discs/E:

If you then list the contents

ls -al

you can see the files. To enter System Volume Information

cd "System Volume Information"
ls -al

You can go from partition to partition, until you find your
real C: drive. Kaspersky doesn't letter drives, in the same
order as Windows, and my C: is actually "E:" in there. I might
scan "E:" every couple months on average (after something "funny"
happens).

I would expect, if you were to delete System Volume Information,
WinXP would just create it again on the next boot, whether System
Restore is set or not. It's possible that directory is used for
more than one purpose. And there's no real need to delete it,
if you verify it's cleaned out using Linux. While you can change
permissions on it in Windows, to make it more "friendly", you won't
get any "back talk" in Linux. Linux can even see files on my
Windows 7 disk, that are "access denied" under any circumstances
while in Windows. Just don't "touch" things while doing stuff
like that (I've broken Windows 7 twice, while fooling around :-) ).
Good thing I've got backups. A WinXP C: partition should be a
bit less sensitive to mucking about.

Paul
 
Reply With Quote
 
 
 
 
John Doe
Guest

Posts: n/a
Thanked:


 
      Dec 28th, 11, 7:03 PM
Paul <nospam needed.com> wrote:

....

> I would expect, if you were to delete System Volume Information,
> WinXP would just create it again on the next boot, whether
> System Restore is set or not. It's possible that directory is
> used for more than one purpose. And there's no real need to
> delete it, if you verify it's cleaned out using Linux. While you
> can change permissions on it in Windows, to make it more
> "friendly", you won't get any "back talk" in Linux. Linux can
> even see files on my Windows 7 disk, that are "access denied"
> under any circumstances while in Windows. Just don't "touch"
> things while doing stuff like that (I've broken Windows 7 twice,
> while fooling around :-) ). Good thing I've got backups. A WinXP
> C: partition should be a bit less sensitive to mucking about.


I have broken various versions of Windows countless times by
deleting files and folders. I gave up trying to keep Windows in
order after a default installation included a seemingly infinite
number of files and folders, after realizing that neatness was not
a Microsoft-compatible goal. Keeping incremental backup copies of
Windows keeps things from getting out of hand.

Good luck and have fun.

--













>
> Paul
>


 
Reply With Quote
 
John B. Smith
Guest

Posts: n/a
Thanked:


 
      Dec 29th, 11, 8:09 PM
On Wed, 28 Dec 2011 10:34:39 -0500, Paul <(E-Mail Removed)> wrote:
>If I go to Control Panels:System and the "System Restore" tab, mine
>is set to
>
> "Turn off System Restore on all drives"
>
>That's so I can connect a Win7 hard drive, without damaging it. I have
>to do that, so WinXP won't inadvertently change the state of the Win7 disk.
>
>If I look in the System Volume Information folder of WinXP C:,
>it's completely empty right now. No restore points are being
>created, because they're turned off. It's an empty folder.
>
>The reason I can look in there, is the file system for my
>WinXP is FAT32, with less in the way of useful security.
>
>If you want to examine "System Volume Information" at your
>convenience, you can do that from a Linux LiveCD like Ubuntu
>(preferably, version 10.10 or 10.04, as the latest ones
>include the smelly Unity interface).
>
>As for scanning the system and getting a "second opinion", you
>can get the 196MB CD from here. If your modem/router provides
>DHCP for acquiring an IP address, this CD can also connect to
>their web site and get updates. The CD may store (cache) the
>definition files on C:, for usage the next time. Even so, it
>can take a while to download updates, before doing a scan.
>This is an offline AV scanner, with its own boot OS.
>
>http://support.kaspersky.com/faq/?qid=208282163
>
> "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
>
>While they offer a USB stick option, I just burn a CD with that
>and use if, as it's reusable.
>
>That CD also has a Terminal (Linux command line). You can go there,
>if you want, and examine System Volume Information.
>
>The Kaspersky CD mounts all the partitions, and to enter a partition
>from the Terminal, you "change directory" like this.
>
> cd /discs/E:
>
>If you then list the contents
>
> ls -al
>
>you can see the files. To enter System Volume Information
>
> cd "System Volume Information"
> ls -al
>
>You can go from partition to partition, until you find your
>real C: drive. Kaspersky doesn't letter drives, in the same
>order as Windows, and my C: is actually "E:" in there. I might
>scan "E:" every couple months on average (after something "funny"
>happens).
>
>I would expect, if you were to delete System Volume Information,
>WinXP would just create it again on the next boot, whether System
>Restore is set or not. It's possible that directory is used for
>more than one purpose. And there's no real need to delete it,
>if you verify it's cleaned out using Linux. While you can change
>permissions on it in Windows, to make it more "friendly", you won't
>get any "back talk" in Linux. Linux can even see files on my
>Windows 7 disk, that are "access denied" under any circumstances
>while in Windows. Just don't "touch" things while doing stuff
>like that (I've broken Windows 7 twice, while fooling around :-) ).
>Good thing I've got backups. A WinXP C: partition should be a
>bit less sensitive to mucking about.
>
> Paul


Thanks Paul, very nice disc! I ran the virus scan on C: without
errors. My drives are lettered just like Windows calls them out?
Updating: default setting don't work. I don't think I'm connected to
the internet. Network Setup: "unable to automatically detect IP
settings for Realtek Gigabit Ethernet card". I haven't a clue about
how to enter these setting in myself. This board has two connections,
I happened to be on #2. Back into Windows, I went back to the
Kaspersky site where you sent me, I see this: "Rescue Disk version
10.0.29.6 not supported by Kaspersky lab" ??
I had hoped there was a way to d/l virus definitions with Windows,
stash them somewhere on my drive and try to point the Rescue Disk to
it when updating. Couldn't find any called out on that site.
In File Manager I can view drives and folders but the 'Delete' option
is grayed out.
In Terminal the cd instructions you give above don't seem to work?
Still, a very good effort, as I now have that 'second opinion' about
any possible viruses on my C:
 
Reply With Quote
 
Paul
Guest

Posts: n/a
Thanked:


 
      Dec 29th, 11, 11:14 PM
John B. Smith wrote:
> On Wed, 28 Dec 2011 10:34:39 -0500, Paul <(E-Mail Removed)> wrote:
>> If I go to Control Panels:System and the "System Restore" tab, mine
>> is set to
>>
>> "Turn off System Restore on all drives"
>>
>> That's so I can connect a Win7 hard drive, without damaging it. I have
>> to do that, so WinXP won't inadvertently change the state of the Win7 disk.
>>
>> If I look in the System Volume Information folder of WinXP C:,
>> it's completely empty right now. No restore points are being
>> created, because they're turned off. It's an empty folder.
>>
>> The reason I can look in there, is the file system for my
>> WinXP is FAT32, with less in the way of useful security.
>>
>> If you want to examine "System Volume Information" at your
>> convenience, you can do that from a Linux LiveCD like Ubuntu
>> (preferably, version 10.10 or 10.04, as the latest ones
>> include the smelly Unity interface).
>>
>> As for scanning the system and getting a "second opinion", you
>> can get the 196MB CD from here. If your modem/router provides
>> DHCP for acquiring an IP address, this CD can also connect to
>> their web site and get updates. The CD may store (cache) the
>> definition files on C:, for usage the next time. Even so, it
>> can take a while to download updates, before doing a scan.
>> This is an offline AV scanner, with its own boot OS.
>>
>> http://support.kaspersky.com/faq/?qid=208282163
>>
>> "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
>>
>> While they offer a USB stick option, I just burn a CD with that
>> and use if, as it's reusable.
>>
>> That CD also has a Terminal (Linux command line). You can go there,
>> if you want, and examine System Volume Information.
>>
>> The Kaspersky CD mounts all the partitions, and to enter a partition
>>from the Terminal, you "change directory" like this.
>> cd /discs/E:
>>
>> If you then list the contents
>>
>> ls -al
>>
>> you can see the files. To enter System Volume Information
>>
>> cd "System Volume Information"
>> ls -al
>>
>> You can go from partition to partition, until you find your
>> real C: drive. Kaspersky doesn't letter drives, in the same
>> order as Windows, and my C: is actually "E:" in there. I might
>> scan "E:" every couple months on average (after something "funny"
>> happens).
>>
>> I would expect, if you were to delete System Volume Information,
>> WinXP would just create it again on the next boot, whether System
>> Restore is set or not. It's possible that directory is used for
>> more than one purpose. And there's no real need to delete it,
>> if you verify it's cleaned out using Linux. While you can change
>> permissions on it in Windows, to make it more "friendly", you won't
>> get any "back talk" in Linux. Linux can even see files on my
>> Windows 7 disk, that are "access denied" under any circumstances
>> while in Windows. Just don't "touch" things while doing stuff
>> like that (I've broken Windows 7 twice, while fooling around :-) ).
>> Good thing I've got backups. A WinXP C: partition should be a
>> bit less sensitive to mucking about.
>>
>> Paul

>
> Thanks Paul, very nice disc! I ran the virus scan on C: without
> errors. My drives are lettered just like Windows calls them out?
> Updating: default setting don't work. I don't think I'm connected to
> the internet. Network Setup: "unable to automatically detect IP
> settings for Realtek Gigabit Ethernet card". I haven't a clue about
> how to enter these setting in myself. This board has two connections,
> I happened to be on #2. Back into Windows, I went back to the
> Kaspersky site where you sent me, I see this: "Rescue Disk version
> 10.0.29.6 not supported by Kaspersky lab" ??
> I had hoped there was a way to d/l virus definitions with Windows,
> stash them somewhere on my drive and try to point the Rescue Disk to
> it when updating. Couldn't find any called out on that site.
> In File Manager I can view drives and folders but the 'Delete' option
> is grayed out.
> In Terminal the cd instructions you give above don't seem to work?
> Still, a very good effort, as I now have that 'second opinion' about
> any possible viruses on my C:


With Linux, there are two issues. First, is having a driver
for the NIC itself. The Kaspersky disc has a problem with
TG3 (whatever that is), and my laptop falls in that category
(I think my laptop has a Broadcom Ethernet chip, controlled
by TG3 driver). On my laptop, I have to unload the driver and
reload it again, and then it started working. The second of those
steps is "modprobe tg3" for example.

The other part of the puzzle, is the DHCP client in Linux. (A number
of different ones have been written for Linux, and distros choose to
use different versions of those to do the same job.) Its
job is to send a DHCP query to the "local gateway", in this case
that might be your modem/router in router mode (not bridged mode).
In my case, I'm connected by ADSL to broadband Internet via the
phone company. Before booting the Kaspersky disc, I would connect
to the modem/router and authenticate with the ISP (so now my
Internet service is running). At that point, if I wanted, a packet
could go from my house, to Kaspersky.

Then, when I boot the Kaspersky disc, part of the initialization code
in Linux, includes a call to the DHCP client program. It's a separate
program, and can even be run from the Terminal (if you can figure out
the name of it).

What I can do here, is load the Kaspersky disc in a virtual machine,
and watch it work. But the hardware emulated in that environment, isn't
a match for your exact problem, so it would be hard to reproduce what
you're seeing.

I'll download the latest CD and have a look. If I spot some easy
things to try, I'll post back.

One thing the Kaspersky disc doesn't support for sure, is dialup
networking. If a person connected to the Internet with a dialup
modem, the Kaspersky disc contains no (PPP) code for that. But if you're
connected via Cable Modem, ADSL, or perhaps even Wifi, you might
be able to get virus definition updates.

In terms of my skills with this stuff, I'm barely able to get this
stuff functional, so it isn't always that easy. I find it particularly
hard in Linux, to fix the Ethernet interface, when I can't use the web
browser and get help from the Internet. It's a pig...

Later,
Paul
 
Reply With Quote
 
Paul
Guest

Posts: n/a
Thanked:


 
      Dec 30th, 11, 1:32 AM
Paul wrote:
> John B. Smith wrote:
>> On Wed, 28 Dec 2011 10:34:39 -0500, Paul <(E-Mail Removed)> wrote:
>>> If I go to Control Panels:System and the "System Restore" tab, mine
>>> is set to
>>>
>>> "Turn off System Restore on all drives"
>>>
>>> That's so I can connect a Win7 hard drive, without damaging it. I have
>>> to do that, so WinXP won't inadvertently change the state of the Win7
>>> disk.
>>>
>>> If I look in the System Volume Information folder of WinXP C:,
>>> it's completely empty right now. No restore points are being
>>> created, because they're turned off. It's an empty folder.
>>>
>>> The reason I can look in there, is the file system for my
>>> WinXP is FAT32, with less in the way of useful security.
>>>
>>> If you want to examine "System Volume Information" at your
>>> convenience, you can do that from a Linux LiveCD like Ubuntu
>>> (preferably, version 10.10 or 10.04, as the latest ones
>>> include the smelly Unity interface).
>>>
>>> As for scanning the system and getting a "second opinion", you
>>> can get the 196MB CD from here. If your modem/router provides
>>> DHCP for acquiring an IP address, this CD can also connect to
>>> their web site and get updates. The CD may store (cache) the
>>> definition files on C:, for usage the next time. Even so, it
>>> can take a while to download updates, before doing a scan.
>>> This is an offline AV scanner, with its own boot OS.
>>>
>>> http://support.kaspersky.com/faq/?qid=208282163
>>>
>>> "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
>>>
>>> While they offer a USB stick option, I just burn a CD with that
>>> and use if, as it's reusable.
>>>
>>> That CD also has a Terminal (Linux command line). You can go there,
>>> if you want, and examine System Volume Information.
>>>
>>> The Kaspersky CD mounts all the partitions, and to enter a partition
>>> from the Terminal, you "change directory" like this.
>>> cd /discs/E:
>>>
>>> If you then list the contents
>>>
>>> ls -al
>>>
>>> you can see the files. To enter System Volume Information
>>>
>>> cd "System Volume Information"
>>> ls -al
>>>
>>> You can go from partition to partition, until you find your
>>> real C: drive. Kaspersky doesn't letter drives, in the same
>>> order as Windows, and my C: is actually "E:" in there. I might
>>> scan "E:" every couple months on average (after something "funny"
>>> happens).
>>>
>>> I would expect, if you were to delete System Volume Information,
>>> WinXP would just create it again on the next boot, whether System
>>> Restore is set or not. It's possible that directory is used for
>>> more than one purpose. And there's no real need to delete it,
>>> if you verify it's cleaned out using Linux. While you can change
>>> permissions on it in Windows, to make it more "friendly", you won't
>>> get any "back talk" in Linux. Linux can even see files on my
>>> Windows 7 disk, that are "access denied" under any circumstances
>>> while in Windows. Just don't "touch" things while doing stuff
>>> like that (I've broken Windows 7 twice, while fooling around :-) ).
>>> Good thing I've got backups. A WinXP C: partition should be a
>>> bit less sensitive to mucking about.
>>>
>>> Paul

>>
>> Thanks Paul, very nice disc! I ran the virus scan on C: without
>> errors. My drives are lettered just like Windows calls them out?
>> Updating: default setting don't work. I don't think I'm connected to
>> the internet. Network Setup: "unable to automatically detect IP
>> settings for Realtek Gigabit Ethernet card". I haven't a clue about
>> how to enter these setting in myself. This board has two connections,
>> I happened to be on #2. Back into Windows, I went back to the
>> Kaspersky site where you sent me, I see this: "Rescue Disk version
>> 10.0.29.6 not supported by Kaspersky lab" ??
>> I had hoped there was a way to d/l virus definitions with Windows,
>> stash them somewhere on my drive and try to point the Rescue Disk to
>> it when updating. Couldn't find any called out on that site.
>> In File Manager I can view drives and folders but the 'Delete' option
>> is grayed out.
>> In Terminal the cd instructions you give above don't seem to work?
>> Still, a very good effort, as I now have that 'second opinion' about
>> any possible viruses on my C:


OK, I have the latest Kav booted in a virtual machine.

If I open Terminal and do

ifconfig

it should report the existence of "ETH0". If there was a problem
at the driver level, then there might be no ETH0 present. If you have
a couple interfaces, they might be ETH0, ETH1, and the one connected
would be the one that would be used for subsequent operations. The
fact there are multiple of them, shouldn't be a problem. If you have
two hardware connectors (RJ45) and only one ETH entry from ifconfig,
then it would pay to switch the cable to the other one, if there was
no response. If one had a driver and the other one didn't, you'd want
the cable connected to the one that had an available driver.

If you use the "lspci" command, it will list the chips in the computer
for you. For example, in my laptop, this is the offending component.

02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780

The Kaspersky CD has a "Network Config" entry in the menu, and
the offer to configure an interface, only exists if the
equivalent of an entry in ifconfig is seen. So if the driver
didn't work right, then nothing can populate the "Network Config"
thing. And this is a logical failing - anything that claims to
configure a network, should also examine chips on the bus, and
try and bring them up.

I tested Network Config on my laptop. With the known problem with some network
chipset controlled by the TG3 driver, I did this first to fix the
problem Kaspersky has on my laptop. Apparently the driver doesn't
install right, the first time.

modprobe -r tg3 (that removes the driver)
modprobe tg3 (that puts it back)

Immediately after that, in the Kaspersky terminal window, I can
do "ifconfig" and eth0 shows up. So something behind the scenes
fixed things up at that point. (Normally, there would be
additional work after the modprobe, as far as I know.)

I don't know what your RealTek chip would need. Try the "lspci",
then run the chip number or details through Google and see
if there is a known problem.

Paul
 
Reply With Quote
 
John B. Smith
Guest

Posts: n/a
Thanked:


 
      Dec 30th, 11, 2:12 PM
You've sure went to a lot of trouble with this, thanks. I have a DSL
modem and internet with Verizon. After my struggles with Kaspersky
yesterday I 'signed on" to the modem at
http://192.168.0.1/cgi-bin/webcm?get...Acontype=pppoe

and wrote down the gobbledy-gook numbers listed as
Gateway MAC address
WAN IP address
Subnet Mask
Gateway IP address
DNS address 1
DNS address 2
my inclination is now to plug this stuff into the 'spaces' Kaspersky
gives to manually configure the Realtek Ethernet card. I'm flying
blinder than you.
I'll take your newly gathered info and play with it also. I do have an
"Adrianne Knoppix" CD, the only Linux CD I was ever able to load and
get to work. I've managed to delete some troublesome Windows files
with it in the past. One of these days that folder in my title is
gonna disappear - and I'll have a current image backup when I do it.



On Thu, 29 Dec 2011 19:32:09 -0500, Paul <(E-Mail Removed)> wrote:

>Paul wrote:


>>>>
>>>> http://support.kaspersky.com/faq/?qid=208282163
>>>>


>>>
>>> Thanks Paul, very nice disc! I ran the virus scan on C: without
>>> errors. My drives are lettered just like Windows calls them out?
>>> Updating: default setting don't work. I don't think I'm connected to
>>> the internet. Network Setup: "unable to automatically detect IP
>>> settings for Realtek Gigabit Ethernet card". I haven't a clue about
>>> how to enter these setting in myself. This board has two connections,
>>> I happened to be on #2. Back into Windows, I went back to the
>>> Kaspersky site where you sent me, I see this: "Rescue Disk version
>>> 10.0.29.6 not supported by Kaspersky lab" ??
>>> I had hoped there was a way to d/l virus definitions with Windows,
>>> stash them somewhere on my drive and try to point the Rescue Disk to
>>> it when updating. Couldn't find any called out on that site.
>>> In File Manager I can view drives and folders but the 'Delete' option
>>> is grayed out.
>>> In Terminal the cd instructions you give above don't seem to work?
>>> Still, a very good effort, as I now have that 'second opinion' about
>>> any possible viruses on my C:

>
>OK, I have the latest Kav booted in a virtual machine.
>
>If I open Terminal and do
>
> ifconfig
>
>it should report the existence of "ETH0". If there was a problem
>at the driver level, then there might be no ETH0 present. If you have
>a couple interfaces, they might be ETH0, ETH1, and the one connected
>would be the one that would be used for subsequent operations. The
>fact there are multiple of them, shouldn't be a problem. If you have
>two hardware connectors (RJ45) and only one ETH entry from ifconfig,
>then it would pay to switch the cable to the other one, if there was
>no response. If one had a driver and the other one didn't, you'd want
>the cable connected to the one that had an available driver.
>
>If you use the "lspci" command, it will list the chips in the computer
>for you. For example, in my laptop, this is the offending component.
>
>02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780
>
>The Kaspersky CD has a "Network Config" entry in the menu, and
>the offer to configure an interface, only exists if the
>equivalent of an entry in ifconfig is seen. So if the driver
>didn't work right, then nothing can populate the "Network Config"
>thing. And this is a logical failing - anything that claims to
>configure a network, should also examine chips on the bus, and
>try and bring them up.
>
>I tested Network Config on my laptop. With the known problem with some network
>chipset controlled by the TG3 driver, I did this first to fix the
>problem Kaspersky has on my laptop. Apparently the driver doesn't
>install right, the first time.
>
> modprobe -r tg3 (that removes the driver)
> modprobe tg3 (that puts it back)
>
>Immediately after that, in the Kaspersky terminal window, I can
>do "ifconfig" and eth0 shows up. So something behind the scenes
>fixed things up at that point. (Normally, there would be
>additional work after the modprobe, as far as I know.)
>
>I don't know what your RealTek chip would need. Try the "lspci",
>then run the chip number or details through Google and see
>if there is a known problem.
>
> Paul

 
Reply With Quote
 
John B. Smith
Guest

Posts: n/a
Thanked:


 
      Dec 30th, 11, 8:01 PM
I changed my NEC card connection (to the DSL modem) to the other jack
on the card. Booted into Kaspersky Rescue again. Did ifconfig in
Terminal. The stuff it prints LOOKS right, I don't see an indication
of error. So I got the idea of swapping the modem cable to the other
jack again and see if ifconfig would look different. Suddenly the
update worked! So I ran the scan on C: and found one Trojan this time
and quarantined it. I rebooted Kaspersky, update again wouldn't work.
I unplugged that modem to NEC cable again - 5 seconds - plugged it
back in. Update now works again. It wanted to download another update,
this one only 46kb, I didn't try to scan with it that update, as don't
trust it much. So WHERE is it storing those updates on my machine????
 
Reply With Quote
 
Paul
Guest

Posts: n/a
Thanked:


 
      Dec 30th, 11, 9:09 PM
John B. Smith wrote:
> I changed my NEC card connection (to the DSL modem) to the other jack
> on the card. Booted into Kaspersky Rescue again. Did ifconfig in
> Terminal. The stuff it prints LOOKS right, I don't see an indication
> of error. So I got the idea of swapping the modem cable to the other
> jack again and see if ifconfig would look different. Suddenly the
> update worked! So I ran the scan on C: and found one Trojan this time
> and quarantined it. I rebooted Kaspersky, update again wouldn't work.
> I unplugged that modem to NEC cable again - 5 seconds - plugged it
> back in. Update now works again. It wanted to download another update,
> this one only 46kb, I didn't try to scan with it that update, as don't
> trust it much. So WHERE is it storing those updates on my machine????


The Kaspersky scanning CD uses your C: partition.

It uses pagefile.sys for a swap file. (Using the "top" command, you
can correlate the size of swap space, with the size(s) of any pagefile.sys
files on your system, and from that, figure out which file it is abusing.)

It will also create a directory on C: and cache the definition files.
That's why, if you shut off the computer, reboot two hours later
and download updates, the updates are only 46KB and not 100MB.
The other 99.9MB of data are already stored on your C:. That
also means, when the "kav" application starts up, it'll scan the
partitions looking for the directory it caches stuff in. If it
doesn't find the directory in question, it creates one for itself.

On my dual boot system, I have WinXP and Win2K. The Kaspersky
CD decided to arbitrarily use the Win2K C: for its needs. That
could partially be due to detecting a previous Kaspersky
installation on the Win2K partition.

So it isn't a totally benign, hands off approach. In the
interest of reducing downloads from the server, it does use
a bit of space on your disk. I think it's a fair design
tradeoff. The "kav" application also scans the cache folder,
to see whether it's compromised, so it doesn't just blindly
accept the content in them. In the same way it would do the
same thing, if you had an actual Kaspersky subscription.

Paul
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A folder like the Windows Startup folder... but not the Startup folder S Walch Software 13 Aug 11th, 10 11:55 AM
[SOLVED] Re: how to delete virus in system volume info? Michael Cecil PC Hardware 0 Feb 14th, 08 1:41 AM
Re: how to delete virus in system volume info? KlausK PC Hardware 1 Feb 14th, 08 1:25 AM
Re: how to delete virus in system volume info? Dave PC Hardware 0 Feb 14th, 08 1:00 AM
Re: Mirrored volume - data immediately available on the mirrored volume without umounting and remounting filesystem??? Rob Turk Storage 0 Sep 23rd, 05 9:55 PM