How to delete "System Volume Information" folder on Win 7

Page 3 of 6 FirstFirst 12345 ... LastLast

  1. Posts : 1
    Windows ALL
       #21

    As an FYI to those that (may still) need to get control of these system files...
    Remember, the windows POWER SHELL is your friend. I can't emphasize enough how more useful it is. The Power Shell (PS) is to the 'elevated dos shell (Command Shell ran as Administrator) as the elevated dos shell is so the ‘Guest’ login. A little research and you can put a portable power shell right on your external drive, so it and its advanced functionality is always available.
    (To get to the installed PS) [Start] -> All Programs -> Accessories -> Windows Power Shell
    That being said; for what we’re trying to do here, in this thread, the Administrator level Command shell should work just fine.

    This thread asks how to delete a system folder, so ….
    WARNING!!! Always be explicit when using commands like "DEL" and “RmDir” as they can and will delete everything they can that matches with your command. PAY ATTENTION WHERE YOU'RE AT AND
    WHAT YOU TYPE.
    Now, legs begin….

    1.) Open your command shell of choice, as an Administrator.
    2.) Move to the BASE FOLDER containing what you want to work on.
    E.g.: You want to work on "z:\System Volume Information", then you need to get to "z:\"
    ** HINT ** If you're just trying this out for the first time, go INTO 'System Volume Information'
    so you can see the results without risking effecting the rest of the drive's contents.
    3. Learn to love the simplicity of these 3 commands, in order:
    Attrib /S -r -a -h -s "z:\System Volume Information"
    ** NOTE: The combination of the switches "-r -a -h -s" is important, see below.
    Del /S /q "z:\System Volume Information" <- Deletes files
    RmDir /s /q "z:\System Volume Information"<-Deletes the folder

    "Attrib" changes the attributes of a file.
    "Del" deletes the named file. (OR EVERYTHING THAT MATCHES THE PATTERN SPECIFIED. BE SPECIFIC.)
    “/S” tells the commands to progress down through all the sub-folders and files.
    “/q” suppresses dialogs and confirmation queries
    “-r” Removes the 'read only' attribute.
    “-a” Removes 'archived' attribute
    “-h” Removes 'hidden' attribute
    “-s” Removes the 'system' attribute

    The combination of "-r -a -h -s" in the Attrib command must be done all at the same time and in
    that specific order. Normally it doesn't seem to matter what order the flags are in until you slam
    head on into the system files roadblock, which is precisely when you need to remember the shell
    processes the flags in reverse order. (The flags are processed Last Flag First.)

    And why the inclusion of the all but superfluous archive switch? This little undocumented nightmare
    is something of a trick windows used as a minor extra protection of its files from early on. I Know
    I've fought this possibly accidental nightmare in a win 98 box but it may go as far back as
    Win3. Thus far, as a safety precaution (accidental or not), it's proven to still work to this day.
    This thread is proof of it.

    In a nutshell, windows sees the 'a' flag and checks the name of the folder it's on... which happens
    to be part of the 'special' folders list... so windows slaps the hidden and system files right back on it
    to protect its "special folder".

    An easy way to see if this little trick may be in use is to simply remember that Windows doesn't index
    system or hidden files. So then why is the archive flag set? Even though the indexer does not
    index system or hidden files, it is still watching drive activity for changes, and like a good little
    intentional Trojan takes a look and what you did, which in turn also triggers the system validation --
    which slaps the protective flags right back in place if you don't get them all at once.

    What if the above didn’t work?
    For the items that still stubbornly remain, use either "cacls", "icacls" (preferred), or "TakeOwn" (brute force) commands as follows:

    THE “CACLS” METHOD :: This has been depreciated by " icacls " (which I’ll show last) ---

    cacls "z:\system volume information" /E /G YourLoginID:F

    /E tells the command to EDIT the current ACLs (access control lists) - not make a new one
    /G (/Grant) – give YourLoginID the abilities
    :F ... Specifies the ability (permission) to add. NO SPACES between this and YourLoginID
    F = FULL CONTROL, R = Read, W = Write, C = Change

    At this point you should be able to use the regular GUI (windows explorer) or a normal dos
    prompt to do what you want with the contents. Note: If you are not removing the actual
    base folder itself, then make sure you reverse this setting on what remains. Do this by
    changing the /G (Grant) to /R (Remove user). If you don't, you're leaving the system open
    to viri, or possibly worse.

    cacls "z:\system volume information" /E /R YourLoginID

    THE “TAKEOWN” METHOD (or the Brute Force method) ---

    TakeOwn /F "z:\system volume information" /R

    /F simply tells the command the next thing is the file/folder to work on
    /R tells the command to recourse into sub directories.
    Note: This command defaults to the current user, hence no ability to specify a Login ID.

    As above, if you are leaving files/folders unchanged then you need to remove the access
    your ID has to them to protect from viri. Simply use "/A" to specify ‘Administrators’ as the party to become the owner.
    TakeOwn /F "z:\system volume information" /R /A
    You may now not be the owner but if you still have access to the folder then you [or a virus pretending to be you] can make still changes, so be sure to take YourLoginID privileges off.

    cacls "z:\system volume information" /E /R YourLoginID

    THE “ICACLS” METHOD (Preferred) --

    The nice thing about Icacls is that it blends a number of advanced commands into a single 'elevated' command. Almost all of the above can be done with "ICACLS" as long as you remember that it separates the specified folder from the contents of the specified folder. (Instead of working recursively on this folder AND everything in it, ICACLS works on either this folder OR everything in it. This separation of the tree [everything in a folder] from its root [the folder itself] is intentional.)
    For easier reading here, I’m going to simply list the 2nd half of the ICACLS command (the blank). Just remember everything below starts with:
    ICACLS "z:\system volume information" ________________________________

    *** Normally, you shouldn't need to take ownership of the folder or its contents for what this thread is asking for. But should you need to, ICACLS can do it “nicely” rather than by the brute force method TakeOwn uses:

    /setowner YourLoginID
    /setowner YourLoginID /T

    First we take ownership of the base folder (the root), and then we repeat the command telling it to take ownership of all items IN that folder (the rest of the tree) by appending “/T” to our command. We do these commands in this order because in order to make changes IN a folder, you have to have access to the folder.
    In general, we really should not need, nor want, to take ownership of these system files if we don’t absolutely have to. The headache and responsibilities that come along with that ownership greatly outweigh the benefits in the long run. Instead, simply give yourself (YourLoginID) full access with:
    /grant YourLoginID:F
    /grant YourLoginID:F /T
    Again, notice we first have to have permission of the root before we can give ourselves permission to work on the rest of the tree.
    Note:
    * Use "/grant:r" to explicitly define the exact permissions. (Entirely replace the permissions.)
    e.g.: "/grant user:w" adds write ability, whereas "/grant:r user:w"
    will set the user to be able to only write to the folder. (But no access to what he just put there.)
    And, of course, when you’re done doing what you need to do we need to lock the file back down (if you didn’t outright delete it) to protect against viri. (We do these in the reverse order that we did above because we have to still have access to the ‘root’ before we can mess with the ‘tree’.

    /remove YourLoginID /T Remove access to everything IN the folder.
    /remove yourLoginID Remove access TO the specified folder itself.
    ( And if you took ownership: /setowner Administrator /T .. And then again without the “/T”.)

    Sorry this so long, it really isn't in action. I just felt it necessary to cover the bases and explain why. My external drives (installs, OS backups, etc) that I have to swap around would get so loaded with these 'restores' that I started getting "Drive low on space" alerts just plugging it in. To resolve this "build up" and make it easy to maintain I have a batch file in the root of each drive. (z:\WipeRestores.bat) which does all of the above.
    -----WipeRestores.bat -----
    @echo off
    color 17
    cls
    if {%1}=={} (
    Set tmpWorkingFile=System Volume Information
    ) else (
    Set tmpWorkingFile=%1
    )
    Echo -- Processing root location: %tmpWorkingFile%
    echo.
    set tmpTakeControl = 0
    set tmpBruteForce = 0

    net session >nul 2>&1
    if %errorLevel% == 0 (
    Set tmpUserIsAdmin=1
    ) else (
    Set tmpUserIsAdmin=0
    )
    if exist "%tmpWorkingFile%" (
    attrib /S -r -a -h -s "%tmpWorkingFile%"
    del /S /Q "%tmpWorkingFile%"
    rmdir /s /q "%tmpWorkingFile%"
    )
    if exist "%tmpWorkingFile%" (
    attrib /S -r -a -h -s "%tmpWorkingFile%"
    del /S /Q "%tmpWorkingFile%"
    rmdir /s /q "%tmpWorkingFile%"
    )
    if exist "%tmpWorkingFile%" (
    attrib /S -r -a -h -s "%tmpWorkingFile%"
    del /S /Q "%tmpWorkingFile%"
    rmdir /s /q "%tmpWorkingFile%"
    )
    if not exist "%tmpWorkingFile%" goto ProgDone

    :FirstAttemptComplete
    echo.
    echo.
    choice /m "Add full control of folder to %username% and try again?"
    set tmpTakeControl=%ERRORLEVEL%
    if %tmpTakeControl% equ 1 (
    Echo Applying full control changes.......
    ICACLS "%tmpWorkingFile%" /grant %username%:F
    ICACLS "%tmpWorkingFile%" /grant %username%:F /T
    echo attempting to remove folders.....
    attrib /S -r -a -h -s "%tmpWorkingFile%"
    del /S /Q "%tmpWorkingFile%"
    rmdir /s /q "%tmpWorkingFile%"
    )

    If not exist "%tmpWorkingFile%" goto progDone
    echo.
    echo.
    choice /m "Use brute force to take ownership of the folders and try again?"
    set tmpBruteForce=%ERRORLEVEL%
    if %tmpBruteForce% equ 1 (
    Echo Taking ownership of folder and contents.....
    TakeOwn /F "%tmpWorkingFile%" /R
    echo attempting to remove folders.....
    attrib /S -r -a -h -s "%tmpWorkingFile%"
    del /S /Q "%tmpWorkingFile%"
    rmdir /s /q "%tmpWorkingFile%"
    )

    echo.
    echo.

    if exist "%tmpWorkingFile%" (
    echo Unfortunately I was not able to remove the folder.
    echo It might be necessary to run this batch file again.
    echo If this is the second time, please examine the
    echo folder conditions for issues not connected to
    echo folder permissions.
    echo.
    echo.
    )


    :ProgDone
    set tmpTakeControl =
    Set tmpUserIsAdmin =
    set tmpBruteForce=
    set tmpWorkingFile=

    echo ----- End of line. -----
    Last edited by Master V; 07 Apr 2013 at 22:12.
      My Computer


  2. Posts : 1
    Windows 7 Ultimate x64,Windows 7 Ultimate 32bit
       #22

    Hello all,

    I quickly read all posts and, well all of this takes time to perform, I mean burn an ubuntu CD and so on.
    If I understood well FuryoftheStars just asked on a way to remove the folder "System volume inofrmation"

    there's a simple way to do so : (the quotation marks are NOT needed, except if specified before)

    considering you have Total Control on the folder "System Volume Information" :
    Step 1 : click on "Start" type "run" and press Enter (or step 1 :Win+R)
    step 2 : in the command prompt window called "Run" type "cmd" and press Enter
    Step 3 : type the drive letter and a semicolon and press Enter (eg: "I:" and press enter)

    Step 4 : the quotation marks are needed for this step
    type : rmdir "System Volume information" /S /Q
    Press Enter

    Done
      My Computer


  3. Posts : 3
    Windows 7 Ultimate
       #23

    OMG, thats veryveryvery easy, yesterday i got the same problem,
    google it and get this post, read it desperately...
    fortunately i read it to the end...

    IT WORKS!!

    Thanks A LOTs MR. SCHMIK

    DONE!
      My Computer


  4. Posts : 264
    Windows 7 Ultimate 64 bit SP1 x64
       #24

    SUGGESTION :-
    Once you have removed that folder it is very easy to absolutely prohibit any other Windows system from creating a new one.
    Just create a FILE (not a FOLDER) with the name "System Volume Information"
    Windows does not have the intelligence to delete the file so that it can recreate a folder with that name,
    though I normally write protect as well just to be sure.
      My Computer


  5. Posts : 46
    Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #25

    So, out of all the various suggestions given here, I find that Schmik's to be the easiest and more... acceptable as something having to be done on a regular basis. Of course, Win 7 will auto recreate the folder after a few seconds, even if you have system restore turned off for that drive, but there will be nothing else in it other than a log file.

    As such, thank you alan10 for pulling my attention back to this thread (no, I never unsubscribed from it), and yes, that seems to be the simplest way to keep Windows from recreating it. Note to anyone who reads this thread in the future and tries this, make sure you have the file ready to rename/move in there as you won't have very long to do it.
      My Computer


  6. Posts : 8
    xp sp3
       #26

    Schmik said:
    Hello all,

    I quickly read all posts and, well all of this takes time to perform, I mean burn an ubuntu CD and so on.
    If I understood well FuryoftheStars just asked on a way to remove the folder "System volume inofrmation"

    there's a simple way to do so : (the quotation marks are NOT needed, except if specified before)

    considering you have Total Control on the folder "System Volume Information" :
    Step 1 : click on "Start" type "run" and press Enter (or step 1 :Win+R)
    step 2 : in the command prompt window called "Run" type "cmd" and press Enter
    Step 3 : type the drive letter and a semicolon and press Enter (eg: "I:" and press enter)

    Step 4 : the quotation marks are needed for this step
    type : rmdir "System Volume information" /S /Q
    Press Enter

    Done

    I have tried everything, these directions you gave, ended up with the prompt telling me access denied, just like windows does. I have tried cacls too, and it's like the prompt ignores anything past cacls. I have reformatted my drive like 4 times. I also reset my bios too. Every time I call up a cmnd prompt it always starts me out (c:\docume~1\lowfat>) I have even tried going directly to c prompt using cd\ which does get me c prompt only but still cacls or your directions still dont work.
      My Computer


  7. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #27

    Works for me


    itsthetooth - This works for me. (Elevated Command Prompt). Check out what the folder actually contains before you delete it.

    How to delete &quot;System Volume Information&quot; folder on Win 7-svi-elevated-command-prompt.jpg

    Example is System Volume Information Folder on external drive letter F.

    Deleted it no problem. I could also use third party software to delete it.

    For any other user reading this - don't attempt to delete System Volume Information folders unless you understand why you want to delete them!
    Attached Thumbnails Attached Thumbnails How to delete &quot;System Volume Information&quot; folder on Win 7-svi-2.jpg  
    Last edited by Callender; 10 Feb 2014 at 20:38. Reason: typo correction
      My Computer


  8. Posts : 8
    xp sp3
       #28

    Well I guess that would be the problem, I'm using windows xp, not windows 7. I have already done a reg search for system volume information and it comes up with nothing. The folder is located on the C drive, and any attempt to access it either through windows or though command prompt, I'm told access is denied. I understand that if I delete this file that I won't be able to restore my computer, but thats fine as long as it deletes the virus locking me out.
      My Computer


  9. Posts : 264
    Windows 7 Ultimate 64 bit SP1 x64
       #29

    WITHOUT having access to System Volume Information ( S.V.I. ),
    you can choose which partitions to monitor for System Restore purposes.
    If C:\ is monitored/protected then S.V.I. is "In Use" and unlikely to go without a fight.
    You may need to fully disable anything which is using S.V.I.,
    and possibly reboot,
    before you can take down S.V.I.
      My Computer


  10. Posts : 8
    xp sp3
       #30

    Well as far as I understand, it is supposed to be disabled. I have the restore feature turned off which I'm reading should do just that, in addition to removing any files in that folder. But either something else is blocking the access or a file in there is.
      My Computer


 
Page 3 of 6 FirstFirst 12345 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:09.
Find Us