Microsoft Windows Vista: Rebuild the system volume information folder

Greetings to everyone.

(1) the Crypto ransomware locker has done the thing is on a friends laptop last week. This is a laptop HP DV900 Microsoft Windows Vista. Unfortunately, we have re-installed Vista, from the recovery partition, before attempting to restore the system, using the system restore. It is my understanding that the system volume information folder, contains files, such as excel and word files, which can be restored, but they are stored by Vista, in a special encrypted way.

If I could get it back or if I got the complete information system volume, would be possible to replace the current and to restore the system to a time before the ransomware hit?

(2) in fact, I've used a file recovery program and was able to recover a huge file with the name:

{11d89a13-09a9-11e4-9917-cb6a370b41f2} {3808876b-c176-4e48-b7ae-04046e6cc752}

This file is approximately 1.99 GB, and is dated on 17/07/2014. I suspect that the virus deployed on 18/07/2014 as the most important Excel and word files have the date of last modification of 18/07/2014. And those files that have changed on the 18/07/2014 cannot be open - unless I have change the extensions of excel to .csv file, in which case excel files open, but the info is still obviously encrypted.  OK, so I have the part of the system volume information folder content, which seem to be of the part that contains the files there, as this is a fairly large file.

My question is this: is a reconstruction of the folder system volume information, based on this possible of the file? In other words, using this file I have cancelled/recovered, can we restore Vista from this file?

Thank you for your time.

You cannot use the system restore to recover files from the user.  Restore points would be zero because of the new facility.  Update of installation dates would be irrelevant as well as software installations.  The new installation files will take precedence.

Tags: Windows

Similar Questions

  • How to reset the System Volume Information folder?

    I would like to know how to reset the System Volume Information folder to empty all the potential viruses.

    Does anyone have any suggestions?

    Thanks in advance for your suggestions :>

    I use cleanmgr /sagerun:1 of the dialog box run when you use a switch.

    However, I usually just use these instructions.

  • Windows 7: what are the individual "file system type" files in the system volume information folder?

    Original title: Windows 7: what are the individual "file system type" files in the folder system volume information accumulating [not the files system restore I already know and don't use yet]

    Hi-

    I stopped using the system restore, I found a better solution, for me, that's what I have to do.
    Then I noticed that several 'file system' 'type' was being created, 12 times yesterday, 3 up to today in the early hours of the morning and stored in they System Volume Information folder, anywhere from 30 MB to 2 GB.
    three of these file names 'file system' 'type' are:
    {debb21da-eafc-11e2-ba92-00241dc5d84e} {3808876b-c176-4e48-b7ae-04046e6cc752}
    {3debe675-eaa7-11e2-a462-00241dc5d84e} {3808876b-c176-4e48-b7ae-04046e6cc752}
    {3debe5e8-eaa7-11e2-a462-00241dc5d84e} {3808876b-c176-4e48-b7ae-04046e6cc752}
    Anyone know what it could be?
    Can I follow up to what program/process they are related?
    Are they safe to delete?
    Ideas?  Suggestions?
    Thank you.
    John

    Hi John,.

    Yes, you can delete the system volume information data if not to use the system restore.

    You will need to give permission to the folder until you delete it.

    How to open a file if I get an access denied message?

    Please post with the State of the question.

  • the System volume information folder size is 834 gb in my 1 TB external hard drive

    hard drive worked well he had 850 GB of space left, when I started the hard drive with bitlocker encryption

    disk space became only 6 GB so by wizztree app, I saw what took so he showed the havin folder (system volume information) the size of the space

    834 GB!

    Donno wat to do

    pls help me out here

    Wait for the BitLocker encryption to finish. It does get rid of data left behind from deleted files. The 6 GB is left to allow you to continue working while encryption is performed.

    http://TechNet.Microsoft.com/en-us/library/ee449438 (v = ws.10) .aspx #BKMK_FreeSpace

  • Cannot delete the System Volume Information trash

    I am running Windows xp on a Dell computer and I recently removed the System Volume Information folder on an external hard drive after the deactivation of the restoration of the system for this drive.  I don't remember how it happened, but the said folder ended up in the trash.  Now every time that I try to empty the trash, I get an error message indicating that access to the file is denied and it cannot be deleted.  I can see the folder in the trash, but I can restore it or delete it.  Does anyone have any ideas on how to solve this problem?

    Thanks for your reply. I tried both of your suggestions, but unfortunately none of them allowed me to remove the stubborn system folder.  I had to start the computer in Mode safe, gives me full control over the folder to the trash (even though I am the administrator) and then finally was able to remove it. For some reason any Security tab does not appear when you talk about the Properties dialog box, unless you are using safe mode.

  • Can I remove random photos in the system volume information?

    I understand very well this file.  I rarely restore, but sometimes I do.  The problem is that some files, aka viruses that have been removed, take place that I prefer to use for something else, aka my plans f #.  Can I delete random files in this folder?  I understand that I can remove the control panel restore point, but I want only to remove a specific file.  In fact, I don't know if this file is the file that I want to delete because of all the file names.  I made fair carsick enter this folder.  I want to just delete large files.  So the question is simply: is there something important it?

    System Restore uses log files to keep track of things, if you try to restore a point and System Restore detects that which is missing files or that it has been tampered with the restore point will fail.  Bert Kinney, one of the greatest experts on the restoration of the system, explains that the individual restore points can not be removed because... "Each restore points is chained (or related) as well as the previous restore points." When you choose to restore a system all him previous restore point are required to perform a restore, so if one is missing the chain will be broken and cause all the restore points are corrupt. At this point, all restore points will have to correct the corruption. So the best advice is DON'T touch the content of the System Volume Information folder. " http://bertk.mvps.org/html/Tips.html#8

    If you removed a virus if the deletion was successful and the system now works fine the best thing to do is to purge ALL restore points after having removed the virus successfully.

    You're overthinking this and you're too attached to restore points, if the computer is running well at the moment and if it has been so for a week or two then you can get rid of and then restore points create a new.  Set maximum disk usage that is suitable for the points of restore and you will recover some of your disk space for another use.

    In his blog Raymond says that 'folder contains casual interference could cause problems with the correct operation of the information system.  It could, but not necessarily cause problems.  For all its value, you can disable the system restore and other services that might use the IVR (indexing, Volume Shadow Copy & Distributed Link Tracking Service) (services that you might not use anyway) and then delete the entire folder, Windows simply creates a new brilliant when you restart!  Then when you restart the system restore or other services that use the folder they will just repopulate the record with their files.  People who make use of indexing service will generally not want to clear the folder because it takes a lot of "disk churning" to build a large catalog of indexation.

    John

  • Loss of disk space available every day as System Volume Information folder is the largest on my hard drive

    My PC is under Windows7 Home Premium... version 6.1... Build 7601... service pack 1.

    I have a 1 TB hard drive... 3 weeks ago, I've had approximately 813 gb free space... now, I have only 603 gb of free space. I noticed that the folder System Volume Information is passed to 209,53 Go. Don't know why this issue became so great. I lost about 5 to 20 GB of free space on the hard disk every day.

    The System Volume Information folder is the largest on my hard drive... Users folder is 43.38 GB... Windows folder is 31.89 GB... WinSxS folder is 15,18 GB.

    I installed a couple of applications in the last 6 months... Driver booster... Download App... and size of file.

    I didn't save my PC in the last 3 weeks because of this problem.

    The only application that I use for backup is MotoCast USB... it creates a backup of the SD card in my smartphone to my PC.  I've been backup card SD in my phone every 3-4 weeks for the past 2 years but never lost so much hard drive space until the last 3 weeks.

    Any suggestions?

    Vido84

    I suggest that you should the Zone Alarm Firewall and use Windows Firewall.

  • "$recycle.bin & system Volume Information" folder & windows Defender

    Hi, I have recently buy the 8 portable windows, because after 8 windows updates installation "$recycle.bin & System Volume Information" folder are created, I think than a virus files, due to I am unable to delete the files in my system, the folders are created in all of my hard drives. I want to hide this folder into the laptop. How can I do that, I want to know about windows defender is a work in my system are not how to check it in my laptop.

    Thank you & best regards

    Alain Rolland

    Hi, I have recently buy the 8 portable windows, because after 8 windows updates installation "$recycle.bin & System Volume Information" folder are created, I think than a virus files, due to I am unable to delete the files in my system, the folders are created in all of my hard drives. I want to hide this folder into the laptop. How can I do that, I want to know about windows defender is a work in my system are not how to check it in my laptop.

    Thank you & best regards

    Alain Rolland

    Hello

    These 2 files are normal for any installation of Windows.

    $recycle.bin contains data relating to the trash and the System Volume information contains the Restore Points to restore the system on each disk.

    Normally, these folders are hidden by default.

    In file Explorer, click the view tab in the Ribbon toolbar.

    In the Options Menu, select folder and search options.

    In the Folder Options window, select the view tab.

    Select the option do not show hidden files, folders, and drives.

    Click apply/OK.

    Concerning

  • delete personal saved files in the system volume information.

    recently, I saved a few personal secret files in the information system volume with the intention to hide other users. now when I try to delete this file, I can't delete. Please help me with detailed instructions to delete this file without affecting other files in the SVI. Thank you

    Hi Lokhojohn,

    Right click on the folder "System Volume Information"
    1 Select 'Properties' and then click on the 'Security' tab in the next dialog box
    2. click on 'Edit' and then on the button 'Add '.
    3. put in your user name in the following box and click on 'OK '.
    4. This will grant access to the folder "System Volume Information" username
    Then click on the "Start" button and then in the "Run" box (the box with the magnifying glass"at the bottom of entry the following entry and press on)
    CMD
    Once the Windows CMD appears, type in the following commands:
    CD "C:\System Volume Information.
    del "I want to file delete.txt".
    Who's going to get rid of one of the files to delete
    Continue the above command for all the files you want to delete.
    A good tip is that you can actually drag the files you want to delete in the CMD window to save typing you the full name. Enter del in the CMD followed by a space, and then drag the file that you want to remove in the CMD window and it will automatically add the name of the file for you.
    Follow steps 1 through 4, once more when you're finished - but this time remove your username
    Hope this helps
    Martin
  • How to restore the system volume information?

    Hello

    Always new things to things. It would be very happy to help. I just asked how to restore system volume information drive? I got malware stored in this drive (c:/System volume information). I was told to delete it and I had to restore it but don't know how to do it.

    I have Windows XP.

    Thank you


  • System Volume Information folder 23 GB even when system restore is turned OFF. All backups shadow removed

    Dear users,

    I am facing a very strange problem and I tried to solve this problem for more than a month, but no use. I called the Support technique Microsoft in India and they send me the details to email customer support to get this addressed redirected.

    QUESTION to the folder System Volume Information in Windows 7 is 23 GB of my SSD. My SSD capacity is 120 GB. If this space takes more than 20% of my total space of SSD.

    I turned off the system restore feature and it is noted below.

    The system restore is turned off as shown below

    Space Ghost maximum allocated memory is about 500 MB. There is no current backup shadow

    CAN U PLEASE HELP ME TO RECOVER THE PLACE OF 22 GB WHICH IS ALWAYS PRESENTED AS TAKEN TO RESTORE SYSTEM FILES? EVEN AFTER THE RESTORATION OF THE SYSTEM AND BY REMOVING ALL THE BACKUPS OF THE SHADOW, I'M NOT ABLE TO RECOVER THIS SPACE 22.7 GB

    I'll have a 120 GB SSD and more than 20% of the space is getting lost here

    I am running Windows 7 Professional 64 bit on a Dell E6220 laptop

    No virus / Trojan horses and system completely clean. Looking for Solutions...

    Run the Disk Cleanup Wizard (be sure to include system files)

  • Where the Vista restore points. They seem to not be in my System Volume information folder.

    I would like to manually restore five registry hives as I used to be able to do under XP. Any help is very appreciated.

    Since Vista, Windows uses the Volume Shadow Copy Service to create restore Points instead of copying files, so I doubt that the procedure you describe will still work.

    In my view, it is possible to access the shadow copies of Volume using the following procedure:

    The list of all the shadow copies on the system vssadmin list shadows command

    Use command mklink to create a symbolic link to the cliché. The command will look something like this

    MKLINK /j c:\old \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\

    Optionally, assign a drive letter to the directory with the subst command, for example:

    subst g: c\old

    You can access the old content using the c:\old path or the path g:\

    If you can easily access the registry hives like this is something that I cannot comment.

    You can also check if the content of C:\Windows\System32\config\RegBack is any use to you.

  • I have a Dell Latitude D630 with windows Vista 32-bit professional I can download downloads of microsoft windows vista or the laptop just those

    I don't know more?

    There is only a single Vista for everything.

  • Formatting the USB in Windows XP disk, create a folder "system volume information" How can I overcome this problem

    Hello team, I tried to format my 2 GB to Format NTFS USB in WINDOWS XP. When I format the drive, it has been formatted sucssfully, but in the formatted disk, a folder is created named as 'System Volume Information '. I tried to remove my USB drive safley but it show and error as "the generic Volume is used in another program... '. ».  Why this happens, the 'System Volume Information' folder is a virus? How can I fix this problem... reply me as soon as possible... Thank you all...

    Hello

    It does seem like a virus. Since you're a NTFS format, it should be a system folder. System folder is present on NTFS volumes and is used for system restore points.

    If you want to remove, you may need to format the drive to FAT32.

    See also:

    Access to the System Volume Information folder
    http://support.Microsoft.com/default.aspx?scid=kb;en-us;309531

  • Cannot delete the folder to the windows system volume information 7.

    I can not delete system volume information folder in D: / E: / Windows 7

    I took possession as administrator on the folder, but I can't remove it completely!

    I start a command prompt and deleted some of the files it contains, but can't delete the folder!

    In vista, I could eat to remove after that ownership on the folder by pressing Delete the folder will disappear!

    any ideas?

    don't ask me why I'm trying to delete the folder pls... I just need to

    Thank you

    Old post I know but I had this problem on several of my removable HDs, and finally I managed to remove the 'System Volume Information' folder:

    DO NOT DO THIS ON YOUR C: DRIVE OR YOUR WINDOWS HARD DRIVE!

    Right click on desktop, and then click [New-> shortcut]
    Write: cmd.exe

    Click [next] and then click [finish]

    Right click on cmd.exe icon, and then click 'run as administrator'
    Now select the external hard drive (f: in my case)

    C:\>f:

    Yes now the following (you can copy paste):
    F:\>attrib s h/s/d
    F:\>attrib - r/s/d
    F:\>Rd "System Volume Information" / s
    Are System Volume Information, you sure (Y/N)? There

    And you're DONE ;-)

Maybe you are looking for