As you might expect, there are many files and folders hidden away in Windows that deal with important tasks such as keeping the system running or allowing certain features to function. A couple of examples of this are Hiberfil.sys and Pagefile.sys that reside in the root of your C drive.
You have to enable the show hidden files and protected operating system files settings in Control Panel Folder Options for these and other files to become viewable. More folders in the root of C which also become visible after unhiding are $Recycle.bin or Recycler and System Volume Information. But just what are these folders for?
The first thing about hidden files and folders in general is that they’re usually not made visible for a reason, which is often a sign that you’re not supposed to play around with them. But also, like many things in Windows, if something isn’t behaving correctly or the behaviour looks odd, you might want to have a closer look.
So what are the $Recycle.bin, Recycler and System Volume Information folders all about?
First we’ll look at the generically named System Volume Information.
The System Volume Information Folder
The System Volume Information folder is a hidden folder in the root of your C drive that the Windows System Restore tool uses to store its information and restore points. It’s not just System Restore data that gets stored in here though and the Windows Indexing Service uses it to store search databases, the Volume Shadow Copy Service creates live system backup data and also Distributed Link Tracking stores database information to repair shortcuts and linked documents. Check Disk logs are also saved here.
There will actually be a System Volume Information folder created on every partition on your computer, including external hard drives and even sometimes flash drives. Because it’s the storage location for System Restore points, if System Restore backs up files that are infected with viruses or other malware, it becomes a problem. Most antivirus software cannot delete viruses from System Volume Information because it’s a highly protected folder. To verify this yourself, simply double click on the folder and you will receive an error “C:\System Volume Information is not accessible. Access is denied”.
What you need to do is either give the appropriate permissions to the currently logged on user for full access to the System Volume Information folder, or delete all the previously created restore points to remove any viruses attached to them. Here we show you both methods.
Turning off System Restore
Turning off System Restore completely will remove all your restore points from the System Volume Information folder, removing anything malicious attached to them. After turning System Restore off, restart your computer and then re-enable it again once your system is free of viruses. It will then create a new and clean restore point. By default, System Restore is automatically turned on in all versions of Windows that have it, and you can turn it off from:
1. Go to Control Panel -> System and click on System Protection (XP users simply click the System Restore tab)
2a. For Windows XP, simply click the “Turn off System Restore” box and press OK. You can also adjust the percentage of the drive System Restore can occupy.
2b. For Windows Vista and above the process is slightly more complicated. Look in the list of available drives, click on any that have Protection set to On and press the Configure button. Then select “Turn off system protection” and click OK. Users just wanting to empty all restore points to free up some space, simply click on Delete.
To free up space by deleting restore points you can also use a utility like the popular CCleaner although it won’t delete all restore points and will leave the most recent point in tact.
Accessing the System Volume Information Folder
As mentioned earlier, the System Volume Information folder is protected by Windows and you can’t simply open it up and look at the contents because an access denied error message will popup. However, it is possible to gain access by setting the appropriate permissions for the folder, here’s the easy way to do it.
For Windows XP
Because Windows XP deals differently with accessing folder security permissions depending on whether you’re using Home or Professional, the easiest solution is to use a context menu shortcut that works on both with a single click.
1. Download Take Ownership XP and extract the zip file.
2. Copy Subinacl.exe, TakeOwnershipFile.cmd and TakeOwnershipDir.cmd to your C:\Windows folder, then double click on Install_Take_Ownership_XP.reg to install the menu entry into the registry. SubInACL is a Microsoft utility to change user security for files, registry keys and services.
3. Now, go to the System Volume Information folder, right click on it and select “Take Ownership” from the menu.
You should be able to enter the folder and have a look around without receiving the error. To remove Take Ownership again, run Remove_Take_Ownership_XP.reg and delete the 3 files from the Windows folder. It’s still not possible or recommended to start deleting stuff from System Volume Information, more on that later.
For Windows Vista and above
This method also uses a Take Ownership context menu shortcut but is even easier to install as newer operating systems have a built in tool called Takedown.
1. Download Take Ownership and run the InstallTakeOwnership.reg inside the zip file to import the context menu shortcut.
2. Right click on System Volume Information and select “Take Ownership”, then you can get into the folder straight away.
On the next page we’ll show you how to delete the System Volume Information folder and its files, and also talk about the $Recycle.bin and Recycler folders.