Full System Scan: Locked Files & Streams

I did a full system scan. My results are below.

As you can see, there are some locked files. If TDS cannot open them, how can it test them for Trojans?

Also, what is the point of the "show all streams option" if TDS doesn't find Trojans or executables in them? Are streams dangerous even if TDS doesn't find executables and Trojans in them?

I hope I don't sound to frustrated. I am having fun learning this program.
Scan Results:

23:37:13 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
23:37:13 [Init] Started 28-12-03 23:37:13 Pacific Standard Time (UTC: , Internet Time @1359.18
23:37:13 [Init] Loading TDS-3 Systems ...
23:37:13 [Init] Token successfully adjusted.
23:37:13 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
23:37:13 [Init] • Plugins : OK. Loaded 13
23:37:13 [Init] • Exec Protection : Not Installed
23:37:13 [Init] WARNING: Your Radius.TD3 database needs to be updated!
23:37:13 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
23:37:13 [Init] Licensed users can use the Update facility from the TDS menu
23:37:13 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
23:37:18 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
23:37:18 [Init] • Systems Initialised [30784 references - 10832 primaries/8859 traces/11093 variants/other]
23:37:18 [Init] Radius Systems loaded. <Databases updated 27-12-2003>
23:37:18 [Init] TDS-3 Ready.
23:37:18 [Tip Of The Day] DiamondCS have, and continue to develop a wide range of software, including the world's original and still the strongest BO2K scanner. Visit http://www.diamondcs.com.au for free downloads!
23:37:18 [TDS] Good evening Joe.
23:37:21 [Mutex Memory Scan] Started...
23:37:23 [Mutex Memory Scan] Finished (no trojan mutexes found).
23:37:23 [Trace Scan] Started...
23:37:30 [Trace Scan] Finished.
23:37:30 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
23:38:22 [CRC32] Started - verifying 29 files ...
23:38:25 [CRC32] Test finished.
23:40:05 [Memory Scan] Memory scan started, please wait a moment ...
23:40:07 [Memory Scan] Memory scan complete.
23:40:07 [Mutex Memory Scan] Started...
23:40:09 [Mutex Memory Scan] Finished (no trojan mutexes found).
23:40:09 [Trace Scan] Started...
23:40:16 [Trace Scan] Finished.
23:40:16 [ServiceScan] Scanning for services and drivers ...
23:40:19 [ServiceScan] Scanned 302 services and drivers.
23:40:19 [File Scan] Scanning in A:\ ...
23:40:20 [File Scan] Scanned 0 files: 0 alarms in 1.085938 seconds (Avg 1. files/sec)
23:40:20 [File Scan] Scanning in C:\ ...
23:40:24 [NTFS ADS] Stream found - c:\documents and settings\all users\application data\microsoft\windows nt\msfax\sentitems\s-1-5-21-927890586-3685698554-67682326-1005$201c3c3defd6bea.tif:Xj1phwzh5qcwungrN45kt3kiCe
23:40:24 [NTFS ADS] Stream found - c:\documents and settings\all users\application data\microsoft\windows nt\msfax\sentitems\s-1-5-21-927890586-3685698554-67682326-1005$201c3c3df944244.tif:Xj1phwzh5qcwungrN45kt3kiCe
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq307274$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq308131$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq308402$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq308677$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq311345$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq311455$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq311889$\spuninst\spuninst.exe for read access, file is locked
23:51:21 [Locked File] Couldn't open c:\windows\$ntuninstallq312368$\spuninst\spuninst.exe for read access, file is locked
23:51:22 [Locked File] Couldn't open c:\windows\$ntuninstallq314412$\spuninst\spuninst.exe for read access, file is locked
23:51:22 [Locked File] Couldn't open c:\windows\$ntuninstallq315000$\netsetup.exe for read access, file is locked
23:51:22 [Locked File] Couldn't open c:\windows\$ntuninstallq315000$\spuninst\spuninst.exe for read access, file is locked
00:00:36 [File Scan] Scanned 35127 files: 2 alarms in -85184.13 seconds (Avg .59 files/sec)
00:00:36 [File Scan] Scanning in D:\ ...
00:00:36 [File Scan] Scanned 0 files: 2 alarms in 9.998322E-03 seconds (Avg 1. files/sec)
00:00:36 [Scan] Finished.

 

Hello JCC, welcome!
Here is a nice explanation page about the streams:
http://www.diamondcs.com.au/index.php?page=archive&id=ntfs-streams
Most users consider streams under 80 bytes not dangerous and ignore those in the settings.

About the locked files am thinking what might be the cause. They seem uninstall files?

You would certainly agree with all the fun we're having with TDS as well: security made a happy experience again!
I'm sure you will love the other programs and tools too to work all together.

 

Are you able to send a zipped file (one of them) to support@diamondcs.com.au so they can look what kind of file it is and why it might be locked?
It's the first time i see this so i don't think they appear this way on all other systems.

 

Yes they are. They are uninstall files produced by your computer should you ever wish to uninstall an MS update. They are compressed, hidden reado nly files & there are no known security risks as far as I am aware.

 

Yep, I believe they are uninstall files for Microsoft Patches.....nothing to worry about JCC .

Regards,
Jade.

 

Thanks. Are those files locked on everyone's computers? And if they can't be scanned, how do we know that no trouan will ever hide in one?

 

Thanks. But now I'm curious. Why don't they show up when everyone does a scan? Why wouldn't they show up when Jooske does a scan?

 

Jooske is running W98SE And probably deletes those files to save space

Sorry Jooske, I could not resist

 

Pilli, you only dared thinking i was safely on my last day of the year shoppings like many people
Back now with oliebollen (dumplings - bought them; google for images to know what they are)

Win98SE seems not to keep them, guess that's part of the XP among others. I think to have seen at such systems at times warning messages about files intending to overwrite original files and asking permission etc etc, so that might be part of such files.
You will notice in TDS several mysterious files too, which are vital and can be used to replace corrupted or lost originals.