What's My Scanning Log Telling Me

[Al]

I'm using NOD32 as my anti-virus program. After running a scan, I get a lot
of stuff I don't understand. I am furnishing a copy of what appears in my
Scanning Log from a single scan of C drive. It looks like it is telling me
that certain files or folders have not been scanned because they are
"locked," or somekind of error was encountered, etc. Is that correct? If
so, how do I get them scanned?

COPIED FROM SCANNING LOG:
Scan performed at: 5/27/2006 0:18:08 AM
Scanning Log
NOD32 version 1.1561 (20060526) NT
Operating memory - is OK
Date: 27.5.2006 Time: 00:18:24
Scanned disks, folders and files: C:
C:\hiberfil.sys - error opening (File locked) [4]
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\Allbert\ntuser.dat - error opening (File locked)
[4]
C:\Documents and Settings\Allbert\ntuser.dat.LOG - error opening (File
locked) [4]
C:\Documents and Settings\Allbert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Allbert\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Allbert\Local
Settings\Temp\TA2005_2_118_0_0_7_XP.exe »NSIS »Setup.exe - archive damaged
C:\Documents and Settings\Allbert\Local Settings\Temporary Internet
Files\Content.IE5\5ZZBHL06\TA2005_2_118_0_0_7_XP[1].exe »NSIS »FastLane.msi
- error - unknown compression method
C:\Documents and Settings\Allbert\Local Settings\Temporary Internet
Files\Content.IE5\5ZZBHL06\TA2005_2_118_0_0_7_XP[1].exe »NSIS »Accelerator.msi
- error occurred while reading archive
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File
locked) [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File
locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File
locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening
(File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »Ad-Aware SE Default.skn - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »arrow1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »arrow2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bck1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt11.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt12.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt13.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt21.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt22.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt23.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt31.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt32.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt33.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt41.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt42.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt43.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt51.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt52.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt53.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt61.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »bt62.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »checkbox1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »checkbox2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »checkbox3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »checkbox4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »defbtn1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »defbtn2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »defbtn3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph5.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph6.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »glyph7.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »main.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »preview.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE
default.ask »ZIP »sprite1.bmp - error - password-protected file
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening
(Access denied) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
C:\WINDOWS\Temp\JETCAA.tmp - error opening (File locked) [4]
Number of scanned files: 82587
Number of threats found: 0
Time of completion: 00:42:12 Total scanning time: 1428 sec (00:23:48)
Notes:
[4] File cannot be opened. It may be in use by another application or
operating system.

 

[David H. Lipman]

From: "Al" <[email protected]>

| I'm using NOD32 as my anti-virus program. After running a scan, I get a lot
| of stuff I don't understand. I am furnishing a copy of what appears in my
| Scanning Log from a single scan of C drive. It looks like it is telling me
| that certain files or folders have not been scanned because they are
| "locked," or somekind of error was encountered, etc. Is that correct? If
| so, how do I get them scanned?
|

< snip >

What don't you understand ?

All looks OK.

Such entries as...
C:\Documents and Settings\Allbert\ntuser.dat.LOG - error opening (File locked) [4]

Means the OS has the respective File Handle open and thus can't scan the file. In this case
it is the User Registry.

The following is self explanatory, the EXE is compressed and the scanner doesn't know the
compression software that was used in the MSI file that was compressed in the EXE using
NSIS.

C:\Documents and Settings\Allbert\Local Settings\Temporary Internet
Files\Content.IE5\5ZZBHL06\TA2005_2_118_0_0_7_XP[1].exe »NSIS »FastLane.msi
- error - unknown compression method

 

[BitBucket]

Dave:

C:\Documents and Settings\Allbert\Local
Settings\Temp\TA2005_2_118_0_0_7_XP.exe »NSIS »Setup.exe - archive
damaged

There was one message you didn't cover - the one above for "archive
damaged".

I've gotten this error on occasion with NOD32, usually with setup.exe
or some other .exe files. I've tested the .exe files with WinRAR and
WinZip, and the compression format (if there is one) isn't one
recognized by these two programs. Also have gotten this error with
WISE setup.

So NOD32 may be pretty intelligent about the packers/unpackers it
recognizes. But is there any tool you're aware of that will verify or
otherwise validate/invalidate these NOD32 "archive damaged" messages?

TIA

-- Roy Zider

 

[David H. Lipman]

From: "BitBucket" <[email protected]>

| Dave:
|
| C:\Documents and Settings\Allbert\Local
| Settings\Temp\TA2005_2_118_0_0_7_XP.exe »NSIS »Setup.exe - archive
| damaged
|
| There was one message you didn't cover - the one above for "archive
| damaged".
|
| I've gotten this error on occasion with NOD32, usually with setup.exe
| or some other .exe files. I've tested the .exe files with WinRAR and
| WinZip, and the compression format (if there is one) isn't one
| recognized by these two programs. Also have gotten this error with
| WISE setup.
|
| So NOD32 may be pretty intelligent about the packers/unpackers it
| recognizes. But is there any tool you're aware of that will verify or
| otherwise validate/invalidate these NOD32 "archive damaged" messages?
|
| TIA
|
| -- Roy Zider

NOD32 is very good but Kaspersky is even better with the myriad of unpackers. However,
there seem to be variations of the NSIS compression algorithm that malware is using to help
"hide" from anti malware software.