error Opening (File Locked) [4]

Ive had NOD32 for quite some time now, following the almighty Blackspear's setup for NOD32 awhile back, but I have yet to ask about this question.

All of NOD32 On-Demand Scanner's scan on C: drive comes up C:/whateverfolder/whateverfile:error opening (File Locked) [4]

Is this normal for all of my files to come up with that file locked thing?

PS - C:/whateverfolder/whatever file does not come up, Im just giving an example, lol

 

that is normal for some (but not all) files. the message simply means that could not be scanned. there could be several reasons such as:

• theyre system files (like the page and hibernation file)
• theyre password protected
• theyre private files from other users

 

hmmm, at least 95% of all my file turns up locked.... dont know how, I have no passwords on my computer and I always do a scan during Safe Mode....

 

95%, are u sure? what if u do the scan in normal Windows.

 

Hi

Post number 80 talks about locked files. I would suggest a run through this thread

Cheers

 

This is the same thread I used to setup my NOD32 so, Ive already read all of it.

EDIT:

You know what......I think I understand it now. I was gunna post a log but... when running NOD32, in the Sanning Log tab, the files and locations that appear are only the ones that cannot be scanned or are infected? I think I was thinking that those were the files it scanned, my bad.

 

My problem is Nod32 is only scanning 90 percent of my files, at best, then what the heck are Kas and Bit scanning. I see file names they are scanning that Nod isnt. I am not complaining but really trying to figure out who does a better job. Scan time isnt as important as accuracy. Blackspears, you yourself said that infections could be in our locked files, so.....

 

it could be that u have packed executables that NOD32 doesnt support but KAV/BD do.

 

Fine, but shouldnt they be scanned.

 

this was sent to me tonight.


This is actually a DESIGN BUG OF MOST(ALL?) Antivirus & trojan
scanners. ( ROOTKIT SCANNERS already DO THIS ) This issue is a MORE
THAN 1 YEAR OLD stuff but i see no fix till now!!!!

lately i've ONLY tested it on the following AV & few other spyware
scanner & saw its still NOT fixed!

Kaspersky Anti-Virus 6.x (latest)
BitDefender 9 Professional Plus (latest)
NOD32 (latest)

OS tested: WINxp sp2

to keep things simple, let me give you a situation;

if there is a directory/file a EVIL_USER is willing to hide from
antivirus scanner all he has to do is fire up a command prompt & run
the command;

cacls.exe TORJANED_FILE_OR_DIRECTORY_NAME /T /C /P EVIL_USER:R


next time EVEN when the administrator starts the antivirus "system
scan" the TORJANED_FILE_OR_DIRECTORY_NAME will be effectively
bypassed as the ownership of the directory is just of the user account
named; EVIL_USER and the antivirus "manual scan" is running just with
the privilage of ADMINISTRATOR


by this way a malicious executable can remain hidden in the system
BYPASSING THE SCAN even when the AV scanner is run by administrator!!!

BUT there isn't a compulsion that there should be a user with a
malicious intension to get this condition & bypass the scan.

there is another DUMB equivalent of the above cacls.exe command;
Right click a folder, Properties > Sharing Tab >> Check on the tick
mark of >> Make this Folder Private

by doing so a user might me thinking he is making a folder
not_accessable_to_any_other_system_user BUT by doing so... the
directory gets effectively sciped by a AV scannner vulnerable to this
trick.


SOLUTION:
AV already running with administrative privilage if the system
administrator is starting manual scan, so what does AV should do is
excelate its (manual scan) OF THE ANTIVIRUS SCANNER ENGINE/DRIVER (not
the GUI) privilage to SYSTEM before starting the scan which will
effectively bypass file permission & be able to scan the locked file
with any file permission in Windows!

And one more thing, if during AV scan if a file can't be opened due to
some processes LOCKING the file.... Instead of going through the
regular file open process AV should instead directly read the SECTORS
of the hdd holding the locked file and examine if there is sething
malicious (which still some AV don't do & instead just report the
file(s) as locked!)

am i clear Discussions, welcome!

 

The NOD32 task scheduler when used like here runs the scan as NT AUTHORITY\SYSTEM
Does that answer your question?

NOTE: IMHO it's well worth using a password for your NOD32 settings.

Cheers