Infection on HarddiskVolumeShadowCopy

Hi,
Since a week or so I receive a threat alert from nod32 saying that the following file is infected: \Device\HarddiskVolumeShadowCopy172\Public\LT_2011_EFIGSB_WI

Even if I delete the folder and all his files, the same message appear the next morning.
Nod32 can't solve the problem by itself and there's no way to exclude \Device since it's a kernel path (i think ).

Anyone here can help?
Thanks

 

check here

 

That usually from some malicious files being caught in a system state snapshot. Open the disk cleanup utility, choose the option to cleanup system files, then under the More Options tab choose the option to clean up system restore and shadow copies.

I would only do this after you are sure there is no active infection on your system. Some malware will inject itself in to old system restore snapshots and what you are seeing could be a symptom of that.

 

Thanks guys, problem solved.
The volumeshadowcopy folder was created by BackupExec, which use this service.
The infection was a keygen someone put on the file server.