reported virus

On a client's XP Home edition, AVG keeps reporting a virus in the
path (something like) system_volume\_restore\.......something\a0000135.exe

That's not the exact path and file name but It's not in front of me to
refer to. I can't find the file or the path. I downloaded Mcafee to see if
it would find it on a scan and nothing. Is this a registry thing or ?? Any
suggestions.

 

See this post and refer to my thread (goddez1) and nohadfear's last thread in post. While the virus is not the same the method advice and procedures are the same.

http://www.windowsbbs.com/showthread.php?t=36049

You need to disable "System restore and bootup into safemode to clean your system.

Some folders and files are not accessible or are unable to be opened to be cleaned otherwise. Your system volume information folder is one of these folders.
See:
http://www.theeldergeek.com/system_volume_information_folder1.htm

http://support.microsoft.com/default.aspx?kbid=309531

By the way your in the wrong forum for this but I'm sure board mod will redirect the post.

 

Try everything that has been suggested, but if nothing works then it may be a "false positive" from AVG? My AVG free edition went "silly" the other day and reported a number of viri in my system folders. After a bit of a panic, I powered off the machine and powered it back up, did a full scan and no problems found

 

Also suggest that after you do all as suggested by goddez1 and Paul you run an online virus and trojan scanner.

RAV - Online Virus scanner
TrojanScan - Online Trojan scanner

 

Thanks to everyone. I was finally able to get to the client's office and try
the suggestion. I can now get the system_volume folder to show up in
explorer but cannot get to it (Access Denied as was noted goddez1).

How do I disable the system restore ? (and I assume I do an F8 to get
the menu to boot in safe mode) then run my avg antivirus ?

AVG never finds the file on a full scan even after the system_volume
now shows up on explorer.

Thanks again.

 

To turn off system restore, right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode.

To return to Windows, uncheck the /safeboot box in msconfig before logging off in safe mode.

If the infection was found in system volume information folder ONLY, then you needn't go to safe mode at all. Turn of system restore, reboot and turn it back on. It will clear all past restore points and effectively remove the infected file.

 

Disable System Restore XP