recent on demand scanning issue

Discussion in 'NOD32 version 2 Forum' started by acr1965, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    This is my first post so please be patient if more info is needed. I have had NOD32 for 6 months or so and do regular on demand scanning of my computer. But recently I noticed that after a scan pretty much every file had one of two message tagged at the end, either error - password-protected file or error opening [file locked][4]. It seems most are the "error - password-protected file."

    If my memory serves me right I have downloaded Comodo personal firewall and Spyware Terminator since my last NOD32 scan. I have also updated Ewido 4.0 to AVG anti-spyware recently. Could any of those programs caused the "error - password-protected file" message? Also, does this error message mean that because the file is password-protected a virus cannot get into it?

    I have no idea what the password is to these files or what program created the whole issue.

    Finally, I had another question about NOD32. I have the spyware monitor on but NOD32 rarely if ever detects any spyware. I think it found weatherbug once, but that is it. My other programs (Ewido, Counter Spy) have found keyloggers, trojans, newdotnet, viewpoint and a few others but NOD32 never noticed any of them. Is it possible some setting is not correct on my spyware monitor for NOD32?

    Thanks for the help.
     
  2. ASpace

    ASpace Guest

    Hello and Welcome to Wilders !
    Unlikely many others , your post is excellent and contains a lot of informations,at least for me ;)

    It is something like that,right?
    https://www.wilderssecurity.com/showpost.php?p=459414&postcount=80
    Nothing to worry about.

    Possibly but it depends on what NOD marks as password protected . Anyway , it is not dangerous .


    NOD32 marks in blue something that cannot be scanned . Files cannot be scanned because
    • they are corrupted
    • they are in use / you have no rights
    • they are password-protected
    • ...etc

    Corrupted files are damaged and they cannot be scanned . Files in use can be a file that is protected by an application so that is cannot be changed/scanned .Such files are pagefil.sys and hiberfil.sys which are Windows operating system files and Windows protects them so nothing cannot touch them . Imagine if a virus corrupt these files , Windows wouldn't be able to run , for example ... Password protected files are protected by passwords either by you or by an application which wants them protected to protect them . For example Lavasoft's Ad-Aware protect its files so that they cannot be changed/read or Spybot S&D password-protect the eliminated malware in order you not to be able to infect again .
    Or in some words -> nothing to worry about. ;)


    Although there is no software in the world that can detect 100% of all the viruses/malware , NOD detects spyware very-well . NOD detects and removed New.Net as W32/Adware.Ndotnet or something like that . It is most likely you settings are wrong or NOD is not / was not fully updated .
    Second , it is not a good idea to run more that one antispyware protection for real-time protection . As far as I know AVG AS and Counterspy have real-time monitoring so you'd better uninstall one of them . Ewido + NOD would be great protection , for example .

    Make sure your NOD32 is fully updated by opening Control Center -> Update and click Update now . NOD32 should download the latest definitions (it is now 1.1800)
    Read Blackspear's tutorial on NOD32 and check your settings . Make them as in the tutorial so that you will have automated work and maximum protection . Of course you can change some settings so that they best fits you.

    In future , if a program finds something that NOD doesn't , you can submit it to ESET Labs samples@eset.com . The same applies when NOD detects something , you can send it to Ewido , for example;)




    You are welcome ! :thumb:
     
  3. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Do you have any quarantined files in the other spyware programs? If so, these could very well account for the password-protected .zip files. Many of these programs use password-protected files to store the quarantined files for future use. By making them password-protected, it prevents *other* spyware programs from detecting the quarantined contents yet again.
     
  4. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Were these files or registry entries? NOD32 doesn't scan the registry, so it's quite possible that they are leftover pieces in the registry that NOD32 just can't do anything about.

    -Cov
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    IIRC, Pretty much every file name that was scanned was blue and marked as either password-protected file or error opening [file locked][4]. That had not happened before (there were some marked that way in previous scans, but not everyone like now) so I was wondering if the newly installed Comodo firewall or AVG Anti-Spy had something to do with it.

    As for NOD32 finding spyware, all the settings seem to match what is recommended. But the weaterbug is the only spyware that has ever been found. Even though I have several anti-spyware programs on my computer, I only run one at a time and use the others as on demand scanners. When new.net, the keyloggers and trojans were found they slipped right past NOD32. I believe Ewido or CounterSpy had found those spyware/malware during a system scan.

    I wonder if I should try to reinstall my NOD32 program? Maybe then the spyware program will work properly?

    Also, would it help any if I ran my NOD32 scan in safe mode?

    Thanks for the response.
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I don't believe I have any quarantined items right now. But the files marked "password-protected file" or "error opening [file locked][4]" account for pretty much every file scanned.
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I believe they were all files. I regularly scan my computer for spyware/malware and sometimes there are high rated spyware found. But my NOD32 has never detected high rated spyware. In an above post I asked if I should try to reinstall the NOD32 program. Any thoughts?
     
  8. ASpace

    ASpace Guest

    I am not sure but it is less likely .


    Most likely NOD32 have eliminated them without you knowing that . If your settings meet Blackspear's tutorial , your NOD32 will automatically deal with viruses/threats and you'll receive no message .

    NOD32 is Antivirus system/Anti-threat system . Ewido and CounterSpy are spyware/trojan dedicated softwares which means NOD32 will protect from everything but CounterSpy will protect only from spyware/non-viral stuff.
    Spyware is like every other program/software but its aim is to spy your activities .When you become infected with spyware , this spyware contains files , folders and registry keys . ~ Basically and simply ~ Windows Registry contains information about how something to be done , the files are those who do it . NOD32 is not spyware dedicated software and it removes the most important part of the spyware -> the files that belongs to the spyware . CounterSpy removes all the tracks of a spyware , it will remove all the files/all the keys/all the folders . However , when the main file of the spyware is gone , the whole spyware is not working ; the other is just a matter of cleaning

    Real example : Adware/NewDotNet (N.Net)
    When it installs it creates some reg entries to be able to work just like any other software in Windows , it creates a folder in C:\Program files and also files in this folder (lots of files , an exe and a dll file) . The most importatn part of that spyware is its DLL file which later injects into Windows's legitimate process explorer.exe and thus it works . If this DLL is gone , this spyware cannot spy you , all other files are just ... files . NOD32 will remove the DLL , no spyware activity , your privacy is saved and the other files are just files . However CounterSpy will detect all other files as existing files and will remove them , NOD32 detects only the DLL file (I guess so).

    I also don't want to argue with you nor I mean you lie . It is absolutely possible NOD32 miss a malware but nothing is perfect in this World . That's why we keep more than one program :) ;) :D

    No , you don't need to reinstall if your software is working correctly . You can test your NOD32 protection with the harmless Eicar Test file Click here -> www.eset.com/eicar.com <-


    You are welcome . Sorry for the long response , I just try to explain it :D
     
    Last edited by a moderator: Oct 14, 2006
Thread Status:
Not open for further replies.