ewido security suite problem

Discussion in 'other anti-trojan software' started by g-uest5465726411, May 31, 2004.

Thread Status:
Not open for further replies.
  1. Hello, I recently installed this prog after reading about some positive opinions of it on this board and I was wondering if anyone who has it could help me with a problem. Whenever I get done with a scan it lists all of the files it searched but it tells me that none of the files are"readable." Anyone have that problem too. It's for win 2000 and xp and i have xp so I'm not sure why it's not able to access my files to scan. Any help is appreciated. I also emailed their tech. support, but I thought maybe this would be faster.
     
  2. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I have that problem also.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    It's not really a "problem", as such - the files being presented to you that way simply can't be read - they're either "in use" or packed with something EWIDO doesn't yet UN-pack.

    It's similar to NOD32 telling you after a full scan that such-and-such a file couldn't be read. The files aren't necessarily malicious - just un-readable by the software. It's more understandable if you flip between the "Results" and the "Statistics" page after a scan completes - "File not readable!" sounds a lot worse on the "Results" page than "Files that could not be opened" does on the "Statistics" page (which gives a simple count).

    Keep in mind that the ones that couldn't be opened are the ONLY files on your computer that weren't examined (28 un-scanned as opposed to 22,131 scanned on my computer).

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 12:03:38 AM, 6/1/2004
    + Report-Checksum: C6704A5E

    + Date of database: 6/1/2004
    + Version of scan engine: v1.1

    + Duration: 7 min
    + Scanned Files: 22131
    + Speed: 46.13 Files/Second
    + Infected files: 8
    + Removed files: 0
    + Files put in quarantine: 0
    + Files that could not be opened: 28
    + Files that could not be cleaned: 0

    + Ignore extension: Yes
    + Binder: Yes
    + Crypter: Yes
    + Memory: No
    + Archives: No
    + Heuristic: No

    + Scanned items:
    C:\

    + Scan result:
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
    C:\Documents and Settings\LocalService\NTUSER.DAT -> File could not be opened
    C:\Documents and Settings\LocalService\ntuser.dat.LOG -> File could not be opened
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
    C:\Documents and Settings\NetworkService\NTUSER.DAT -> File could not be opened
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG -> File could not be opened
    C:\Documents and Settings\spy1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
    C:\Documents and Settings\spy1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
    C:\Documents and Settings\spy1\Local Settings\Temp\Perflib_Perfdata_7b8.dat -> File could not be opened
    C:\Documents and Settings\spy1\NTUSER.DAT -> File could not be opened
    C:\Documents and Settings\spy1\NTUSER.DAT.LOG -> File could not be opened
    C:\hiberfil.sys -> File could not be opened
    C:\pagefile.sys -> File could not be opened
    C:\Magnus Test\TrojanSimulator.exe -> Not-a-virus.Trojansimulator -> Ignored
    C:\Magnus Test\TSServ.exe -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]------[ADEMA-COMPILED-WITH-VB6]------[ADEMA-COMPILED-WITH-VB6]---TSServ.exe.crunched.crunched.crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]------[ADEMA-COMPILED-WITH-VB6]---TSServ.exe.crunched.crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]------[ADEMA-COMPILED-WITH-VB6]---TSServ.exe.crunched[1].crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]------[ADEMA-COMPILED-WITH-VB6]---TSServ.exe[1].crunched.crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]---TSServ.exe[1].crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\Program Files\Michael St. Neitzel\CATALOG\PACKED\UPX\---[ADEMA-COMPILED-WITH-VB6]---TSServ.exe.crunched -> |PACKED| Not-a-virus.Trojansimulator -> Ignored
    C:\WINDOWS\system32\config\default -> File could not be opened
    C:\WINDOWS\system32\config\default.LOG -> File could not be opened
    C:\WINDOWS\system32\config\SAM -> File could not be opened
    C:\WINDOWS\system32\config\SAM.LOG -> File could not be opened
    C:\WINDOWS\system32\config\SECURITY -> File could not be opened
    C:\WINDOWS\system32\config\SECURITY.LOG -> File could not be opened
    C:\WINDOWS\system32\config\software -> File could not be opened
    C:\WINDOWS\system32\config\software.LOG -> File could not be opened
    C:\WINDOWS\system32\config\system -> File could not be opened
    C:\WINDOWS\system32\config\system.LOG -> File could not be opened
    C:\WINDOWS\system32\drivers\procguard.sys -> File could not be opened
    C:\WINDOWS\system32\pghash.dat -> File could not be opened
    C:\WINDOWS\system32\pguard.dat -> File could not be opened


    ::Report End
     
  4. Thanks for your reply. I understand that now, but what I don't understand is why EVERY single file that was listed was said to be unreadable, and said nothing else. Seems pretty unreliable if a product of theirs can't open a file...of course this is just their first edition, and maybe they can fix it in later editions.

    Here's my results:

    + Date of database: 6/1/2004
    + Version of scan engine: v1.1

    + Duration: 5 min
    + Scanned Files: 11692
    + Speed: 34.54 Files/Second
    + Infected files: 0
    + Removed files: 0
    + Files put in quarantine: 0
    + Files that could not be opened: 27
    + Files that could not be cleaned: 0

    + Ignore extension: Yes
    + Binder: Yes
    + Crypter: Yes
    + Memory: No
    + Archives: No
    + Heuristic: No

    + Scanned items:
    C:\

    + Scan result:
    C:\WINDOWS\system32\config\system.LOG -> File could not be opened
    C:\WINDOWS\system32\config\software.LOG -> File could not be opened
    C:\WINDOWS\system32\config\default.LOG -> File could not be opened
    C:\WINDOWS\system32\config\SECURITY -> File could not be opened
    C:\WINDOWS\system32\config\SAM -> File could not be opened
    C:\WINDOWS\system32\config\SAM.LOG -> File could not be opened
    C:\WINDOWS\system32\config\SECURITY.LOG -> File could not be opened
    C:\WINDOWS\system32\config\SYSTEM -> File could not be opened
    C:\WINDOWS\system32\config\SOFTWARE -> File could not be opened
    C:\WINDOWS\system32\config\DEFAULT -> File could not be opened
    C:\WINDOWS\Temp\ZLT0147c.TMP -> File could not be opened
    C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb -> File could not be opened
    C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat -> File could not be opened
    C:\Documents and Settings\ZComputer UserX\NTUSER.DAT -> File could not be opened
    C:\Documents and Settings\ZComputer UserX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
    C:\Documents and Settings\ZComputer UserX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
    C:\Documents and Settings\ZComputer UserX\ntuser.dat.LOG -> File could not be opened
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll -> File could not be opened
    C:\Program Files\America Online 8.0\idb\main.idx -> File could not be opened
    C:\Program Files\America Online 8.0\idb\sysnews.lst -> File could not be opened
    C:\Program Files\America Online 8.0\idb\STYLE.LST -> File could not be opened
    C:\Program Files\America Online 8.0\idb\Apps.Lst -> File could not be opened
    C:\Program Files\America Online 8.0\idb\Diction.lst -> File could not be opened
    C:\Program Files\America Online 8.0\idb\spool.lst -> File could not be opened
    C:\Program Files\America Online 8.0\idb\Toolbar.lst -> File could not be opened
    C:\hiberfil.sys -> File could not be opened
    C:\pagefile.sys -> File could not be opened


    ::Report End
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    These files are currently open and in use, other scanners also can't scan them but they don't show it :)
    But it has nothing to do with ewido being unable to unpack these files :)
     
  6. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Maybe try shutting down as manty programs as you can before you scan with Ewido.
     
  7. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Not only when scanning with ewido... :)
     
Thread Status:
Not open for further replies.