error opening (Access denied) is unacceptable

Discussion in 'NOD32 version 2 Forum' started by no * one, Jan 19, 2006.

Thread Status:
Not open for further replies.
  1. no * one

    no * one Guest

    When scanning an infected HD, I'm getting a bunch of errors like:
    E:\WINDOWS\system32\irasqhfj.dll - error opening (Access denied) [4]

    The file has some very funky security permissions (only a user with a cryptic name looking like an MD5 sum was listed). Manually taking ownership of the file, changing security settings, and rescanning reveals it is a variant of Win32/Adware.SafeSurfing application.

    I am scanning from an administrative account. I can't believe simply changing permissions is enough for malware to hide from NOD32.

    Going through the dozens of files in order to manually change the ownership and then security settings is unacceptable. NOD32 needs an option like "assert administrative privileges" that changes ownership and security settings of inaccesible files, scans them, and if they aren't a problem, returns security settings to their original state.

    I'd like to hear what people from Eset have to say...
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Interesting idea.

    Did the hard disk with these files come from another computer, perchance? My guess is that the "strange" username is one that was defined on the other computer, but not yours.
     
  3. no * one

    no * one Guest

    Yeah, it was from another computer, and on second look, it's probably what XP does when it can't recognize a user in the security settings.

    The fact that noone except for that on user can read/write to the file is almost certainly a result/behavior of the malware, though.
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Well, other AV's can't scan those files either, they just don't tell you about it.
    Think of this as a bonus as it can be very useful in some cases :)

    And also, you can minimize the number of error messages to go through, if you remove the tick from "List all files" under NOD32 > Setup > System
     

    Attached Files:

  5. no * one

    no * one Guest

    Yeah, I know, I was just hoping that since NOD32 is aware that those files exist, it could handle them. Don't you think it's fair to hold Eset to a higher standard than the other guys?
    The problem is akin to the old "read only" setting preventing deleting a file - how many AVs are tripped up by that nowadays?

    Thanks for the tip, I'd rather know what's being missed, though.
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Asking here. Is it because it's password protected?
     
  7. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    No, it should be because of WinXP NTFS security settings. Only way around it is taking ownership as Administrator on the new system :)
     
Thread Status:
Not open for further replies.