Results 1 to 7 of 7
  1. #1
    Star Lounger
    Join Date
    Jan 2001
    Location
    Newcastle, New South Wales, Australia
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Getting rid of System Information Folder? (XP Home)

    AVG Antivirus found a worm (?Logpole). It said the infected file was "c:System Information Folder_restore{ ......}... something.exe" (I forget the whole path and name but I've got it written down).
    I found C:System Information Folder - its attributes are System and Hidden. A manual scan of the folder says 2 files scanned no problems, but later the scheduled scan reports the infected file again.

    Can I just delete the whole folder and let XP re-create it? And how?
    I have tried:
    Using Tools from Windows Explorer I now view both hidden and system files and folders, so I can see the folder. But double-clicking on it just says I don't have access. Single click says the folder is empty. Any attempt to delete is refused. Right click and choose Properties - then tried to change the attributes - don't have access.
    I re-booted in safe moded and went into command prompt and used the old-fashioned DIR and ATTRIB commands. Using DIR/sh I can confirm the folder is there, but I can't CD into it. ATTRIB tells me it is System and Hidden (at least it's consistent) but -H says can't unhide a system file and -S says can't un-system a hidden file and -SH or -S-H just wont work. (I had to call the folder Sytsem~1 or it didn't like the spaces in the folder name.)

    I looked up System Restore in the Help and tried following instructions to de-activate it in the hope that it would release the folder, but also to no avail.

    Any clues or help gratefully received.
    RuthC

  2. #2
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Getting rid of System Information Folder? (XP Home)

    Ruth--

    As you probably know now, Logpole is a virus frequently spread through the KazaA file sharing network. Here's a write up from Symantec:

    Logpole

    I may be missing something here, but it looks like you're still currently infected and need to remove it first with whatever's site removal tool you want to use. Logpole can be included with a blended threat and is usually prevented by updating definitions daily or as often as possible. My concern maybe simplistic is that even if you deleted and reconstructed that folder, you still may not remove Logpole. Likewise System Restore, as I think you know, does not remove a virus.

    SMBP

  3. #3
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Getting rid of System Information Folder? (XP Home)

    Ruth--

    If you get rid of this folder for your own good reasons, I am not sure about Windows automatically rebuilding it--I'm trying to find this out--but you can and here's how. I took this from Kelly's A to Z/"S"/System 32/:
    __________________________________________________ _____________________________

    To fix the "windowssystem32configsystem file is missing or corrupt" where XP wont boot, go to
    recovery console and type:

    cd system32config
    ren system system.old
    ren system.alt systemalt.old
    copy c:windowsrepairsystem
    copy c:windowsrepairregbacksystem
    exit

    __________________________________________________ _____________________________

    SMBP

  4. #4
    Star Lounger
    Join Date
    Jan 2001
    Location
    Newcastle, New South Wales, Australia
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Getting rid of System Information Folder? (XP Home)

    Thanks for reply. Yes, I am discovering that the joys of a new teenager resident with her own computer include dealing with Kaza and viruses and XP (I have still W98). I read the Symantec stuff - my AV is Norton, but hers is AVG, and I couldn't see how to manually remove Logpole, only to do with nortonav. I'll look at the Kellys and see what we can do. Maybe, watch over the defintion download, next virus scan. Maybe even change AVG.
    again thanks, and any more help gratefully accepted
    RuthC

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Getting rid of System Information Folder? (XP Home)

    Most of the antivirus sites post "manual" instructions, and many post quick fix programs that are free to anyone. It looks as though Trend Micro has only manual instructions, but they might help.

  6. #6
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Getting rid of System Information Folder? (XP Home)

    Tech TV is doing a detailed segment on how risky KazaA as I'm typing this. If you want a virus and trouble for a machine, using KazaA is one way to significantly increase the chances of this. It is virus city. Unfortunately, many teenagers, and students at some of the world's elite Universities haven't grasped the danger of KazaA in terms of its virus intensity, and I'm not sure of the numbers but it has to be one of the leading file shares in terms of numbers. Their are spinnoffs that Kazaa hates, using its name because while KazaA facilitates stealing from the recording companies, the spinnofs facilitate stealing from KazaA because they make no ad money from the spinoffs--KazaA Lite and K++. The spinnoffs contain mainy safety amenities, are able to hop in line in front of the KazaA people, have a so-called Anti-RIAA firewall to purportedly keep the RIAA from getting information that they can turn into subpoenas, and they are totally 100% illegal in the U.S. as is KazaA. I just wanted to mention them in the right context for the lounge rule--I'm not preaching or judging anyone here.

    I would think any of the antivirus sites would have good instructions--every time I want to get info on a new virus that is causing significant problems, I make it a point to include Trend because I like the way they set their info out and I remember a detailed tracking Jefferson did.

    Most of the System Restore articles including KB's will be explicit Ruth as you've probably seen that they don't remove a virus--I think about JohnGrey every time I even think about a plural to that word. It's interesting that you ran down the MSINFO 32 folder as the location, but I wouldn't have much confidence in anything short of the proper way to remove this virus--merely deleting the folder won't be enough. I hope you get it soon.

    SMBP

  7. #7
    5 Star Lounger PaulB's Avatar
    Join Date
    May 2002
    Location
    Ottawa, Ontario
    Posts
    765
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Getting rid of System Information Folder? (XP

    I have no idea how SMBP made the leap from problem definition (post 309998) to proposed resolution (post 310054), but thanks anyway. This is perhaps the solution to a problem I encountered last month.

    I came home to find my WinXP Pro system displaying a message saying Windows had encountered and recovered from a device error. The system was frozen and the screen resolution changed to 800x600, low color. I rebooted the system and got the "windowssystem32configsystem file is missing or corrupt" message. Absent SMBP's advice, and as my system was one month short of the expiration of its warranty, I brought it in to the shop to see if they could find the cause of the problem. They did (and fixed it) then I re-installed Windows. I probably could have saved myself this grief had I known of the solution SMBP provided.

    One thing from the original post is not clear to me. Is the "system information folder" something different from the System Volume Information folder?
    Regards,
    PaulB

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •