Deleting the System Volume Information folder

Discussion in 'PC Hardware' started by John B. Smith, Dec 28, 2011.

  1. I'm running XP SP3. I use the free version of Avast for an antivirus.
    Recently Avast started hanging during a scan. After about a day's
    worth of troubleshooting (I have too much free time) I discovered I
    could choose to scan folders. Then I found out if I unchecked the
    System Information Folder on C: that Avast would run without error. I
    have XP's System Restore turned off, I use an image backup. When I
    posted my hang problem on the Avast forum someone suggested I try
    deleting the System Volume Information folder, that it would simply
    destroy one System Restore point that XP would automatically replace.
    I found that if I added my name to the folder's Security that I could
    indeed delete it, but dire warnings scared me off. Is it safe for me
    to delete that folder?
    Also: trying to open the log file in the System Volume Information
    folder with Notepad does indeed hang NotePad also. ???
     
    John B. Smith, Dec 28, 2011
    #1
    1. Advertisements

  2. John B. Smith

    Paul Guest

    John B. Smith wrote:
    > I'm running XP SP3. I use the free version of Avast for an antivirus.
    > Recently Avast started hanging during a scan. After about a day's
    > worth of troubleshooting (I have too much free time) I discovered I
    > could choose to scan folders. Then I found out if I unchecked the
    > System Information Folder on C: that Avast would run without error. I
    > have XP's System Restore turned off, I use an image backup. When I
    > posted my hang problem on the Avast forum someone suggested I try
    > deleting the System Volume Information folder, that it would simply
    > destroy one System Restore point that XP would automatically replace.
    > I found that if I added my name to the folder's Security that I could
    > indeed delete it, but dire warnings scared me off. Is it safe for me
    > to delete that folder?
    > Also: trying to open the log file in the System Volume Information
    > folder with Notepad does indeed hang NotePad also. ???


    If I go to Control Panels:System and the "System Restore" tab, mine
    is set to

    "Turn off System Restore on all drives"

    That's so I can connect a Win7 hard drive, without damaging it. I have
    to do that, so WinXP won't inadvertently change the state of the Win7 disk.

    If I look in the System Volume Information folder of WinXP C:,
    it's completely empty right now. No restore points are being
    created, because they're turned off. It's an empty folder.

    The reason I can look in there, is the file system for my
    WinXP is FAT32, with less in the way of useful security.

    If you want to examine "System Volume Information" at your
    convenience, you can do that from a Linux LiveCD like Ubuntu
    (preferably, version 10.10 or 10.04, as the latest ones
    include the smelly Unity interface).

    As for scanning the system and getting a "second opinion", you
    can get the 196MB CD from here. If your modem/router provides
    DHCP for acquiring an IP address, this CD can also connect to
    their web site and get updates. The CD may store (cache) the
    definition files on C:, for usage the next time. Even so, it
    can take a while to download updates, before doing a scan.
    This is an offline AV scanner, with its own boot OS.

    http://support.kaspersky.com/faq/?qid=208282163

    "Iso image of Kaspersky Rescue Disk 10 (196 MB)"

    While they offer a USB stick option, I just burn a CD with that
    and use if, as it's reusable.

    That CD also has a Terminal (Linux command line). You can go there,
    if you want, and examine System Volume Information.

    The Kaspersky CD mounts all the partitions, and to enter a partition
    from the Terminal, you "change directory" like this.

    cd /discs/E:

    If you then list the contents

    ls -al

    you can see the files. To enter System Volume Information

    cd "System Volume Information"
    ls -al

    You can go from partition to partition, until you find your
    real C: drive. Kaspersky doesn't letter drives, in the same
    order as Windows, and my C: is actually "E:" in there. I might
    scan "E:" every couple months on average (after something "funny"
    happens).

    I would expect, if you were to delete System Volume Information,
    WinXP would just create it again on the next boot, whether System
    Restore is set or not. It's possible that directory is used for
    more than one purpose. And there's no real need to delete it,
    if you verify it's cleaned out using Linux. While you can change
    permissions on it in Windows, to make it more "friendly", you won't
    get any "back talk" in Linux. Linux can even see files on my
    Windows 7 disk, that are "access denied" under any circumstances
    while in Windows. Just don't "touch" things while doing stuff
    like that (I've broken Windows 7 twice, while fooling around :) ).
    Good thing I've got backups. A WinXP C: partition should be a
    bit less sensitive to mucking about.

    Paul
     
    Paul, Dec 28, 2011
    #2
    1. Advertisements

  3. John B. Smith

    John Doe Guest

    Paul <nospam needed.com> wrote:

    ....

    > I would expect, if you were to delete System Volume Information,
    > WinXP would just create it again on the next boot, whether
    > System Restore is set or not. It's possible that directory is
    > used for more than one purpose. And there's no real need to
    > delete it, if you verify it's cleaned out using Linux. While you
    > can change permissions on it in Windows, to make it more
    > "friendly", you won't get any "back talk" in Linux. Linux can
    > even see files on my Windows 7 disk, that are "access denied"
    > under any circumstances while in Windows. Just don't "touch"
    > things while doing stuff like that (I've broken Windows 7 twice,
    > while fooling around :) ). Good thing I've got backups. A WinXP
    > C: partition should be a bit less sensitive to mucking about.


    I have broken various versions of Windows countless times by
    deleting files and folders. I gave up trying to keep Windows in
    order after a default installation included a seemingly infinite
    number of files and folders, after realizing that neatness was not
    a Microsoft-compatible goal. Keeping incremental backup copies of
    Windows keeps things from getting out of hand.

    Good luck and have fun.

    --













    >
    > Paul
    >
     
    John Doe, Dec 28, 2011
    #3
  4. On Wed, 28 Dec 2011 10:34:39 -0500, Paul <> wrote:
    >If I go to Control Panels:System and the "System Restore" tab, mine
    >is set to
    >
    > "Turn off System Restore on all drives"
    >
    >That's so I can connect a Win7 hard drive, without damaging it. I have
    >to do that, so WinXP won't inadvertently change the state of the Win7 disk.
    >
    >If I look in the System Volume Information folder of WinXP C:,
    >it's completely empty right now. No restore points are being
    >created, because they're turned off. It's an empty folder.
    >
    >The reason I can look in there, is the file system for my
    >WinXP is FAT32, with less in the way of useful security.
    >
    >If you want to examine "System Volume Information" at your
    >convenience, you can do that from a Linux LiveCD like Ubuntu
    >(preferably, version 10.10 or 10.04, as the latest ones
    >include the smelly Unity interface).
    >
    >As for scanning the system and getting a "second opinion", you
    >can get the 196MB CD from here. If your modem/router provides
    >DHCP for acquiring an IP address, this CD can also connect to
    >their web site and get updates. The CD may store (cache) the
    >definition files on C:, for usage the next time. Even so, it
    >can take a while to download updates, before doing a scan.
    >This is an offline AV scanner, with its own boot OS.
    >
    >http://support.kaspersky.com/faq/?qid=208282163
    >
    > "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
    >
    >While they offer a USB stick option, I just burn a CD with that
    >and use if, as it's reusable.
    >
    >That CD also has a Terminal (Linux command line). You can go there,
    >if you want, and examine System Volume Information.
    >
    >The Kaspersky CD mounts all the partitions, and to enter a partition
    >from the Terminal, you "change directory" like this.
    >
    > cd /discs/E:
    >
    >If you then list the contents
    >
    > ls -al
    >
    >you can see the files. To enter System Volume Information
    >
    > cd "System Volume Information"
    > ls -al
    >
    >You can go from partition to partition, until you find your
    >real C: drive. Kaspersky doesn't letter drives, in the same
    >order as Windows, and my C: is actually "E:" in there. I might
    >scan "E:" every couple months on average (after something "funny"
    >happens).
    >
    >I would expect, if you were to delete System Volume Information,
    >WinXP would just create it again on the next boot, whether System
    >Restore is set or not. It's possible that directory is used for
    >more than one purpose. And there's no real need to delete it,
    >if you verify it's cleaned out using Linux. While you can change
    >permissions on it in Windows, to make it more "friendly", you won't
    >get any "back talk" in Linux. Linux can even see files on my
    >Windows 7 disk, that are "access denied" under any circumstances
    >while in Windows. Just don't "touch" things while doing stuff
    >like that (I've broken Windows 7 twice, while fooling around :) ).
    >Good thing I've got backups. A WinXP C: partition should be a
    >bit less sensitive to mucking about.
    >
    > Paul


    Thanks Paul, very nice disc! I ran the virus scan on C: without
    errors. My drives are lettered just like Windows calls them out?
    Updating: default setting don't work. I don't think I'm connected to
    the internet. Network Setup: "unable to automatically detect IP
    settings for Realtek Gigabit Ethernet card". I haven't a clue about
    how to enter these setting in myself. This board has two connections,
    I happened to be on #2. Back into Windows, I went back to the
    Kaspersky site where you sent me, I see this: "Rescue Disk version
    10.0.29.6 not supported by Kaspersky lab" ??
    I had hoped there was a way to d/l virus definitions with Windows,
    stash them somewhere on my drive and try to point the Rescue Disk to
    it when updating. Couldn't find any called out on that site.
    In File Manager I can view drives and folders but the 'Delete' option
    is grayed out.
    In Terminal the cd instructions you give above don't seem to work?
    Still, a very good effort, as I now have that 'second opinion' about
    any possible viruses on my C:
     
    John B. Smith, Dec 29, 2011
    #4
  5. John B. Smith

    Paul Guest

    John B. Smith wrote:
    > On Wed, 28 Dec 2011 10:34:39 -0500, Paul <> wrote:
    >> If I go to Control Panels:System and the "System Restore" tab, mine
    >> is set to
    >>
    >> "Turn off System Restore on all drives"
    >>
    >> That's so I can connect a Win7 hard drive, without damaging it. I have
    >> to do that, so WinXP won't inadvertently change the state of the Win7 disk.
    >>
    >> If I look in the System Volume Information folder of WinXP C:,
    >> it's completely empty right now. No restore points are being
    >> created, because they're turned off. It's an empty folder.
    >>
    >> The reason I can look in there, is the file system for my
    >> WinXP is FAT32, with less in the way of useful security.
    >>
    >> If you want to examine "System Volume Information" at your
    >> convenience, you can do that from a Linux LiveCD like Ubuntu
    >> (preferably, version 10.10 or 10.04, as the latest ones
    >> include the smelly Unity interface).
    >>
    >> As for scanning the system and getting a "second opinion", you
    >> can get the 196MB CD from here. If your modem/router provides
    >> DHCP for acquiring an IP address, this CD can also connect to
    >> their web site and get updates. The CD may store (cache) the
    >> definition files on C:, for usage the next time. Even so, it
    >> can take a while to download updates, before doing a scan.
    >> This is an offline AV scanner, with its own boot OS.
    >>
    >> http://support.kaspersky.com/faq/?qid=208282163
    >>
    >> "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
    >>
    >> While they offer a USB stick option, I just burn a CD with that
    >> and use if, as it's reusable.
    >>
    >> That CD also has a Terminal (Linux command line). You can go there,
    >> if you want, and examine System Volume Information.
    >>
    >> The Kaspersky CD mounts all the partitions, and to enter a partition
    >>from the Terminal, you "change directory" like this.
    >> cd /discs/E:
    >>
    >> If you then list the contents
    >>
    >> ls -al
    >>
    >> you can see the files. To enter System Volume Information
    >>
    >> cd "System Volume Information"
    >> ls -al
    >>
    >> You can go from partition to partition, until you find your
    >> real C: drive. Kaspersky doesn't letter drives, in the same
    >> order as Windows, and my C: is actually "E:" in there. I might
    >> scan "E:" every couple months on average (after something "funny"
    >> happens).
    >>
    >> I would expect, if you were to delete System Volume Information,
    >> WinXP would just create it again on the next boot, whether System
    >> Restore is set or not. It's possible that directory is used for
    >> more than one purpose. And there's no real need to delete it,
    >> if you verify it's cleaned out using Linux. While you can change
    >> permissions on it in Windows, to make it more "friendly", you won't
    >> get any "back talk" in Linux. Linux can even see files on my
    >> Windows 7 disk, that are "access denied" under any circumstances
    >> while in Windows. Just don't "touch" things while doing stuff
    >> like that (I've broken Windows 7 twice, while fooling around :) ).
    >> Good thing I've got backups. A WinXP C: partition should be a
    >> bit less sensitive to mucking about.
    >>
    >> Paul

    >
    > Thanks Paul, very nice disc! I ran the virus scan on C: without
    > errors. My drives are lettered just like Windows calls them out?
    > Updating: default setting don't work. I don't think I'm connected to
    > the internet. Network Setup: "unable to automatically detect IP
    > settings for Realtek Gigabit Ethernet card". I haven't a clue about
    > how to enter these setting in myself. This board has two connections,
    > I happened to be on #2. Back into Windows, I went back to the
    > Kaspersky site where you sent me, I see this: "Rescue Disk version
    > 10.0.29.6 not supported by Kaspersky lab" ??
    > I had hoped there was a way to d/l virus definitions with Windows,
    > stash them somewhere on my drive and try to point the Rescue Disk to
    > it when updating. Couldn't find any called out on that site.
    > In File Manager I can view drives and folders but the 'Delete' option
    > is grayed out.
    > In Terminal the cd instructions you give above don't seem to work?
    > Still, a very good effort, as I now have that 'second opinion' about
    > any possible viruses on my C:


    With Linux, there are two issues. First, is having a driver
    for the NIC itself. The Kaspersky disc has a problem with
    TG3 (whatever that is), and my laptop falls in that category
    (I think my laptop has a Broadcom Ethernet chip, controlled
    by TG3 driver). On my laptop, I have to unload the driver and
    reload it again, and then it started working. The second of those
    steps is "modprobe tg3" for example.

    The other part of the puzzle, is the DHCP client in Linux. (A number
    of different ones have been written for Linux, and distros choose to
    use different versions of those to do the same job.) Its
    job is to send a DHCP query to the "local gateway", in this case
    that might be your modem/router in router mode (not bridged mode).
    In my case, I'm connected by ADSL to broadband Internet via the
    phone company. Before booting the Kaspersky disc, I would connect
    to the modem/router and authenticate with the ISP (so now my
    Internet service is running). At that point, if I wanted, a packet
    could go from my house, to Kaspersky.

    Then, when I boot the Kaspersky disc, part of the initialization code
    in Linux, includes a call to the DHCP client program. It's a separate
    program, and can even be run from the Terminal (if you can figure out
    the name of it).

    What I can do here, is load the Kaspersky disc in a virtual machine,
    and watch it work. But the hardware emulated in that environment, isn't
    a match for your exact problem, so it would be hard to reproduce what
    you're seeing.

    I'll download the latest CD and have a look. If I spot some easy
    things to try, I'll post back.

    One thing the Kaspersky disc doesn't support for sure, is dialup
    networking. If a person connected to the Internet with a dialup
    modem, the Kaspersky disc contains no (PPP) code for that. But if you're
    connected via Cable Modem, ADSL, or perhaps even Wifi, you might
    be able to get virus definition updates.

    In terms of my skills with this stuff, I'm barely able to get this
    stuff functional, so it isn't always that easy. I find it particularly
    hard in Linux, to fix the Ethernet interface, when I can't use the web
    browser and get help from the Internet. It's a pig...

    Later,
    Paul
     
    Paul, Dec 29, 2011
    #5
  6. John B. Smith

    Paul Guest

    Paul wrote:
    > John B. Smith wrote:
    >> On Wed, 28 Dec 2011 10:34:39 -0500, Paul <> wrote:
    >>> If I go to Control Panels:System and the "System Restore" tab, mine
    >>> is set to
    >>>
    >>> "Turn off System Restore on all drives"
    >>>
    >>> That's so I can connect a Win7 hard drive, without damaging it. I have
    >>> to do that, so WinXP won't inadvertently change the state of the Win7
    >>> disk.
    >>>
    >>> If I look in the System Volume Information folder of WinXP C:,
    >>> it's completely empty right now. No restore points are being
    >>> created, because they're turned off. It's an empty folder.
    >>>
    >>> The reason I can look in there, is the file system for my
    >>> WinXP is FAT32, with less in the way of useful security.
    >>>
    >>> If you want to examine "System Volume Information" at your
    >>> convenience, you can do that from a Linux LiveCD like Ubuntu
    >>> (preferably, version 10.10 or 10.04, as the latest ones
    >>> include the smelly Unity interface).
    >>>
    >>> As for scanning the system and getting a "second opinion", you
    >>> can get the 196MB CD from here. If your modem/router provides
    >>> DHCP for acquiring an IP address, this CD can also connect to
    >>> their web site and get updates. The CD may store (cache) the
    >>> definition files on C:, for usage the next time. Even so, it
    >>> can take a while to download updates, before doing a scan.
    >>> This is an offline AV scanner, with its own boot OS.
    >>>
    >>> http://support.kaspersky.com/faq/?qid=208282163
    >>>
    >>> "Iso image of Kaspersky Rescue Disk 10 (196 MB)"
    >>>
    >>> While they offer a USB stick option, I just burn a CD with that
    >>> and use if, as it's reusable.
    >>>
    >>> That CD also has a Terminal (Linux command line). You can go there,
    >>> if you want, and examine System Volume Information.
    >>>
    >>> The Kaspersky CD mounts all the partitions, and to enter a partition
    >>> from the Terminal, you "change directory" like this.
    >>> cd /discs/E:
    >>>
    >>> If you then list the contents
    >>>
    >>> ls -al
    >>>
    >>> you can see the files. To enter System Volume Information
    >>>
    >>> cd "System Volume Information"
    >>> ls -al
    >>>
    >>> You can go from partition to partition, until you find your
    >>> real C: drive. Kaspersky doesn't letter drives, in the same
    >>> order as Windows, and my C: is actually "E:" in there. I might
    >>> scan "E:" every couple months on average (after something "funny"
    >>> happens).
    >>>
    >>> I would expect, if you were to delete System Volume Information,
    >>> WinXP would just create it again on the next boot, whether System
    >>> Restore is set or not. It's possible that directory is used for
    >>> more than one purpose. And there's no real need to delete it,
    >>> if you verify it's cleaned out using Linux. While you can change
    >>> permissions on it in Windows, to make it more "friendly", you won't
    >>> get any "back talk" in Linux. Linux can even see files on my
    >>> Windows 7 disk, that are "access denied" under any circumstances
    >>> while in Windows. Just don't "touch" things while doing stuff
    >>> like that (I've broken Windows 7 twice, while fooling around :) ).
    >>> Good thing I've got backups. A WinXP C: partition should be a
    >>> bit less sensitive to mucking about.
    >>>
    >>> Paul

    >>
    >> Thanks Paul, very nice disc! I ran the virus scan on C: without
    >> errors. My drives are lettered just like Windows calls them out?
    >> Updating: default setting don't work. I don't think I'm connected to
    >> the internet. Network Setup: "unable to automatically detect IP
    >> settings for Realtek Gigabit Ethernet card". I haven't a clue about
    >> how to enter these setting in myself. This board has two connections,
    >> I happened to be on #2. Back into Windows, I went back to the
    >> Kaspersky site where you sent me, I see this: "Rescue Disk version
    >> 10.0.29.6 not supported by Kaspersky lab" ??
    >> I had hoped there was a way to d/l virus definitions with Windows,
    >> stash them somewhere on my drive and try to point the Rescue Disk to
    >> it when updating. Couldn't find any called out on that site.
    >> In File Manager I can view drives and folders but the 'Delete' option
    >> is grayed out.
    >> In Terminal the cd instructions you give above don't seem to work?
    >> Still, a very good effort, as I now have that 'second opinion' about
    >> any possible viruses on my C:


    OK, I have the latest Kav booted in a virtual machine.

    If I open Terminal and do

    ifconfig

    it should report the existence of "ETH0". If there was a problem
    at the driver level, then there might be no ETH0 present. If you have
    a couple interfaces, they might be ETH0, ETH1, and the one connected
    would be the one that would be used for subsequent operations. The
    fact there are multiple of them, shouldn't be a problem. If you have
    two hardware connectors (RJ45) and only one ETH entry from ifconfig,
    then it would pay to switch the cable to the other one, if there was
    no response. If one had a driver and the other one didn't, you'd want
    the cable connected to the one that had an available driver.

    If you use the "lspci" command, it will list the chips in the computer
    for you. For example, in my laptop, this is the offending component.

    02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780

    The Kaspersky CD has a "Network Config" entry in the menu, and
    the offer to configure an interface, only exists if the
    equivalent of an entry in ifconfig is seen. So if the driver
    didn't work right, then nothing can populate the "Network Config"
    thing. And this is a logical failing - anything that claims to
    configure a network, should also examine chips on the bus, and
    try and bring them up.

    I tested Network Config on my laptop. With the known problem with some network
    chipset controlled by the TG3 driver, I did this first to fix the
    problem Kaspersky has on my laptop. Apparently the driver doesn't
    install right, the first time.

    modprobe -r tg3 (that removes the driver)
    modprobe tg3 (that puts it back)

    Immediately after that, in the Kaspersky terminal window, I can
    do "ifconfig" and eth0 shows up. So something behind the scenes
    fixed things up at that point. (Normally, there would be
    additional work after the modprobe, as far as I know.)

    I don't know what your RealTek chip would need. Try the "lspci",
    then run the chip number or details through Google and see
    if there is a known problem.

    Paul
     
    Paul, Dec 30, 2011
    #6
  7. You've sure went to a lot of trouble with this, thanks. I have a DSL
    modem and internet with Verizon. After my struggles with Kaspersky
    yesterday I 'signed on" to the modem at
    http://192.168.0.1/cgi-bin/webcm?ge...tml&var:conname=connection0&var:contype=pppoe

    and wrote down the gobbledy-gook numbers listed as
    Gateway MAC address
    WAN IP address
    Subnet Mask
    Gateway IP address
    DNS address 1
    DNS address 2
    my inclination is now to plug this stuff into the 'spaces' Kaspersky
    gives to manually configure the Realtek Ethernet card. I'm flying
    blinder than you.
    I'll take your newly gathered info and play with it also. I do have an
    "Adrianne Knoppix" CD, the only Linux CD I was ever able to load and
    get to work. I've managed to delete some troublesome Windows files
    with it in the past. One of these days that folder in my title is
    gonna disappear - and I'll have a current image backup when I do it.



    On Thu, 29 Dec 2011 19:32:09 -0500, Paul <> wrote:

    >Paul wrote:


    >>>>
    >>>> http://support.kaspersky.com/faq/?qid=208282163
    >>>>


    >>>
    >>> Thanks Paul, very nice disc! I ran the virus scan on C: without
    >>> errors. My drives are lettered just like Windows calls them out?
    >>> Updating: default setting don't work. I don't think I'm connected to
    >>> the internet. Network Setup: "unable to automatically detect IP
    >>> settings for Realtek Gigabit Ethernet card". I haven't a clue about
    >>> how to enter these setting in myself. This board has two connections,
    >>> I happened to be on #2. Back into Windows, I went back to the
    >>> Kaspersky site where you sent me, I see this: "Rescue Disk version
    >>> 10.0.29.6 not supported by Kaspersky lab" ??
    >>> I had hoped there was a way to d/l virus definitions with Windows,
    >>> stash them somewhere on my drive and try to point the Rescue Disk to
    >>> it when updating. Couldn't find any called out on that site.
    >>> In File Manager I can view drives and folders but the 'Delete' option
    >>> is grayed out.
    >>> In Terminal the cd instructions you give above don't seem to work?
    >>> Still, a very good effort, as I now have that 'second opinion' about
    >>> any possible viruses on my C:

    >
    >OK, I have the latest Kav booted in a virtual machine.
    >
    >If I open Terminal and do
    >
    > ifconfig
    >
    >it should report the existence of "ETH0". If there was a problem
    >at the driver level, then there might be no ETH0 present. If you have
    >a couple interfaces, they might be ETH0, ETH1, and the one connected
    >would be the one that would be used for subsequent operations. The
    >fact there are multiple of them, shouldn't be a problem. If you have
    >two hardware connectors (RJ45) and only one ETH entry from ifconfig,
    >then it would pay to switch the cable to the other one, if there was
    >no response. If one had a driver and the other one didn't, you'd want
    >the cable connected to the one that had an available driver.
    >
    >If you use the "lspci" command, it will list the chips in the computer
    >for you. For example, in my laptop, this is the offending component.
    >
    >02:00.0 Ethernet Controller: Broadcom Corporation NetLink BCM57780
    >
    >The Kaspersky CD has a "Network Config" entry in the menu, and
    >the offer to configure an interface, only exists if the
    >equivalent of an entry in ifconfig is seen. So if the driver
    >didn't work right, then nothing can populate the "Network Config"
    >thing. And this is a logical failing - anything that claims to
    >configure a network, should also examine chips on the bus, and
    >try and bring them up.
    >
    >I tested Network Config on my laptop. With the known problem with some network
    >chipset controlled by the TG3 driver, I did this first to fix the
    >problem Kaspersky has on my laptop. Apparently the driver doesn't
    >install right, the first time.
    >
    > modprobe -r tg3 (that removes the driver)
    > modprobe tg3 (that puts it back)
    >
    >Immediately after that, in the Kaspersky terminal window, I can
    >do "ifconfig" and eth0 shows up. So something behind the scenes
    >fixed things up at that point. (Normally, there would be
    >additional work after the modprobe, as far as I know.)
    >
    >I don't know what your RealTek chip would need. Try the "lspci",
    >then run the chip number or details through Google and see
    >if there is a known problem.
    >
    > Paul
     
    John B. Smith, Dec 30, 2011
    #7
  8. I changed my NEC card connection (to the DSL modem) to the other jack
    on the card. Booted into Kaspersky Rescue again. Did ifconfig in
    Terminal. The stuff it prints LOOKS right, I don't see an indication
    of error. So I got the idea of swapping the modem cable to the other
    jack again and see if ifconfig would look different. Suddenly the
    update worked! So I ran the scan on C: and found one Trojan this time
    and quarantined it. I rebooted Kaspersky, update again wouldn't work.
    I unplugged that modem to NEC cable again - 5 seconds - plugged it
    back in. Update now works again. It wanted to download another update,
    this one only 46kb, I didn't try to scan with it that update, as don't
    trust it much. So WHERE is it storing those updates on my machine????
     
    John B. Smith, Dec 30, 2011
    #8
  9. John B. Smith

    Paul Guest

    John B. Smith wrote:
    > I changed my NEC card connection (to the DSL modem) to the other jack
    > on the card. Booted into Kaspersky Rescue again. Did ifconfig in
    > Terminal. The stuff it prints LOOKS right, I don't see an indication
    > of error. So I got the idea of swapping the modem cable to the other
    > jack again and see if ifconfig would look different. Suddenly the
    > update worked! So I ran the scan on C: and found one Trojan this time
    > and quarantined it. I rebooted Kaspersky, update again wouldn't work.
    > I unplugged that modem to NEC cable again - 5 seconds - plugged it
    > back in. Update now works again. It wanted to download another update,
    > this one only 46kb, I didn't try to scan with it that update, as don't
    > trust it much. So WHERE is it storing those updates on my machine????


    The Kaspersky scanning CD uses your C: partition.

    It uses pagefile.sys for a swap file. (Using the "top" command, you
    can correlate the size of swap space, with the size(s) of any pagefile.sys
    files on your system, and from that, figure out which file it is abusing.)

    It will also create a directory on C: and cache the definition files.
    That's why, if you shut off the computer, reboot two hours later
    and download updates, the updates are only 46KB and not 100MB.
    The other 99.9MB of data are already stored on your C:. That
    also means, when the "kav" application starts up, it'll scan the
    partitions looking for the directory it caches stuff in. If it
    doesn't find the directory in question, it creates one for itself.

    On my dual boot system, I have WinXP and Win2K. The Kaspersky
    CD decided to arbitrarily use the Win2K C: for its needs. That
    could partially be due to detecting a previous Kaspersky
    installation on the Win2K partition.

    So it isn't a totally benign, hands off approach. In the
    interest of reducing downloads from the server, it does use
    a bit of space on your disk. I think it's a fair design
    tradeoff. The "kav" application also scans the cache folder,
    to see whether it's compromised, so it doesn't just blindly
    accept the content in them. In the same way it would do the
    same thing, if you had an actual Kaspersky subscription.

    Paul
     
    Paul, Dec 30, 2011
    #9
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. S Walch
    Replies:
    13
    Views:
    1,635
    S Walch
    Aug 11, 2010
  2. Rob Turk
    Replies:
    0
    Views:
    362
    Rob Turk
    Sep 23, 2005
  3. KlausK
    Replies:
    1
    Views:
    204
    geoff
    Feb 14, 2008
  4. yogi
    Replies:
    1
    Views:
    173
    peter
    Feb 14, 2008
  5. emekadavid
    Replies:
    2
    Views:
    120
    emekadavid
    Aug 3, 2013
Loading...

Share This Page