I was just surfing looking for a Nora Jones midi file, when I think I may have come across a trojan. Java fired up and Firefox locked up on me, but I could hear the disk thrashing away, which worried me. NOD reported nothing.

So I shutdown and rebooted and two strange things happening. First, Explorer shut itself down with a DEP error. Its never done that before. Also, if I do a full NOD32 scan, I get all these locked files:

http://www.wilderssecurity.com/supportfiles/locked-files-p459682.gif

NOD has never shown that before. The only locked file I have ever seen was pagefile.sys! So I rebooted and tried again. This time, Explorer is OK, but I still get all these locked files.

I am concerned that perhaps something nasty is "lurking" in the locked files.

Questions: Should I be worried? Why all the locked files? What should I do?

Thanks in advance for any help and advice.

Chip

The (file locked)[4] is normal. I get that when i scan too.

http://www.wilderssecurity.com/showthread.php?t=55865



snowbound

I also get those, I actually recognize some in your screenshot. I get more than that too; there are also files in my Ad-Aware and Spybot folder that are locked. They are normal and nothing to worry about, and from what I understand malware cannot get in there.

Thanks guys.

Strange thing is though - why didn't I get these locked file errors before?

Chip

When I first got NOD and ran a scan with "stock" settings I only got like two of these, but after I changed to "extra" settings I got a ton more. Did you change any settings in the program?

{QUOTE-> When I first got NOD and ran a scan with "stock" settings I only got like two of these, but after I changed to "extra" settings I got a ton more. Did you change any settings in the program? <-QUOTE}

I dunno - I can't recall doing so. What do you mean by "extra" settings?

Thanks

Chip

{QUOTE-> I dunno - I can't recall doing so. What do you mean by "extra" settings?

Thanks

Chip <-QUOTE}

http://www.wilderssecurity.com/showthread.php?t=37509


snowbound

See the "extra settings for NOD32" sticky at the top of this forum. They are just settings to make NOD more efficient.

By the way, almost all of those locked files (*.dat, *.dat.LOG, and C:\Windows\system32\config\* pertain to the Windows registry. The reason they are locked is because Windows is busy using the registry. This is totally normal.

The other file, MountPointManagerRemoteDatabase, has something to do with the NTFS file system.

Only if you have one like this.

{QUOTE-> Only if you have one like this. <-QUOTE}

what if you scan insafe mode? Do some of the locked files not appear because they aren't being used by the computer when safe mode is activated?

That is correct, Holden4th.

It would still seem that there should be some way to exclude scanning all these locked and password protected files (without using some arcane switch or going into safe mode to scan). Many other AVs have such a feature. Even the free ones like antivir has such a feature. Is it not possible?

bumpup

I guess not at the moment ;D

From memory, it is to do with having "Scan All Files" ticked in the Nod32 scanner setup.

You could always add to the Future Changes to Nod32 thread, that a tick box be added to not display the locked files unless infected.

Cheers ;D

But how can you know if a file is infected, when the file is locked and therefore not available for scanning?

{QUOTE-> From memory, it is to do with having "Scan All Files" ticked in the Nod32 scanner setup. <-QUOTE}

Thank you Blackspear. :) Unticking "scan all files" does do the trick. And I agree with alglove, what is the point in scanning a file if it is locked or password protected?
I guess my only question now is: does unticking the "scan all files" leave me less protected?

It always scanned them before... with your old configuration you just didn't have the "scroll files" ticked.