>>> Did you know that the System Volume folder is where your system's >>> Restore Points are stored? I apologize for not realizing this before >>> now. The simplest way to handle this would have been to turn off System >>> Restore temporarily, turn it back on, and then create a new Restore >>> Point of your freshly cleaned system. >> >> You mean the System Volume Information folder, whereas John was talking >> about a folder called simply "system" located in d:\system. >> >> On the other hand, i just now noticed that John wrote in the subject of >> the thread a different name, "system volume folder" >> >> I also just remembered that the folder called "system" is in the Windows >> folder and not the root folder in XP (which i seem to remember John is >> using though he didn't say). >> >> Just what folder are you talking about, John? >> >> > D:/System volume information > C:/System volume information > (the folder on C: claims to be empty) OK, then besides the (still) erroneous forward slashes instead of backslashes, we now found another reason why you got error messages when running the attrib command, John: You also need to put (double i.e. " ") quotation marks around the path name in DOS commands when using names longer than 8 characters or with spaces. George, you're indeed right that the fastest and simplest way to get rid of malware in that folder is to temporarily turn off System Restore. However, many malware experts advise against removing all restore points in the situation that most computers are in when attacked by malware for the following reason: Even a malware-infected restore point is better than none at all, at least for most users. Instead of deleting all restore points, it's best to simply ignore malware found by antivirus scans in System Volume Information (because malware in there is completely harmless unless you use an old restore point) and to simply not use the restore points (unless you don't have any choice - and then you can get rid of the "resurrected" malware the normal way). The infected restore points are automatically removed when enough new ones have been made automatically or manually. As Scott has pointed out before, antivirus programs that do not know how to access and clean restore points are simply badly written. They should either use the method Scott described to automatically access System Volume Information or shut up and not blurt out their incompetence and not simultaneously worry users unnecessarily :-) The very least they could do is explain to users that their computer has been cleaned of and is in no danger from the malware whose copy is in some restore point, but that they should not use restore points unless absolutely necessary. They should then advise users to make a new restore point and then use Disk Cleanup to remove all but the most recent restore point once the computer has run well for a few days. -- -------list-services-below----------- Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig Good advice is like good paint- it only works if applied.