Nod32 Scan

[Guest]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

 

[Conor Turton]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

You can't. They're system files locked by Windows. THey won't be
infected.

 

[Ian JP Kenefick]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

You can't. They're system files locked by Windows. THey won't be
infected.

I don't mean to alarm you but the fact is they are just as
'infectable' as any other files on your pc. They 'could' be infected.
The best way to scan is in safe mode.

 

[Wattsville Blues]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

You can't, Scottie. They're files locked by the operating system and
you won't be able to scan them. Nothing to worry about though.

 

[Roger Wilco]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

You can't. They're system files locked by Windows. THey won't be
infected.

How do you know they are system files - I don't see any mention of
filenames in the OP's query. My guess was going to be the files the
registry is built from - but without files names given we can only
guess.

 

[Roger Wilco]

I did a full manual scan on disk c: with Nod 32 and got back the reported:

Error Opening (File locked) [4]

(4) files cannot be opened it is being exclusively used by another
application or operating system.

The four files are highlighted in blue and have (files locked) writing on
them. How can I scan them for viruses?

You can't. They're system files locked by Windows. THey won't be
infected.

I don't mean to alarm you but the fact is they are just as
'infectable' as any other files on your pc. They 'could' be infected.
The best way to scan is in safe mode.

A better way is from a clean boot. Safe mode is a halfway measure.

 

[nosey_nellie]

snip


A better way is from a clean boot. Safe mode is a halfway measure.

to be clear here. a clean boot from power off into safe mode, then scan and do your fixes
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

 

[Conor Turton]

How do you know they are system files - I don't see any mention of
filenames in the OP's query.

Because I have NOD32 and it'll be the same files...

pagefil.sys
\Documents and Settings\username\ntuser.dat
\Documents and Settings\username\ntuser.dat.LOG
\Documents and Settings\Local Settings\Application Data\Microsoft
\UsrClass.dat
\Documents and Settings\Local Settings\Application Data\Microsoft
\UsrClass.dat.LOG

 

[Conor Turton]

A better way is from a clean boot. Safe mode is a halfway measure.

Makes no difference. Unless you can manage to do it without logging in
and having disabled the page file, you'll get the locked files.

 

[kurt wismer]

Makes no difference. Unless you can manage to do it without logging in
and having disabled the page file, you'll get the locked files.

it would appear that some people are unaware of the fact that a real
clean boot means booting into a known clean environment... that pretty
much requires booting from a media *other than* the suspect hard
drive... a pe disk, for example...

 

[Conor Turton]

it would appear that some people are unaware of the fact that a real
clean boot means booting into a known clean environment... that pretty
much requires booting from a media *other than* the suspect hard
drive... a pe disk, for example...

You mean Barts PE which isn't exactly widespread is it?

 

[Roger Wilco]

to be clear here. a clean boot from power off into safe mode, then

scan and do your fixes

Why safe mode!?

 

[Roger Wilco]

Because I have NOD32 and it'll be the same files...

pagefil.sys
\Documents and Settings\username\ntuser.dat
\Documents and Settings\username\ntuser.dat.LOG
\Documents and Settings\Local Settings\Application Data\Microsoft
\UsrClass.dat
\Documents and Settings\Local Settings\Application Data\Microsoft
\UsrClass.dat.LOG

That's what I suspected (the part you snipped), but didn't want to
assume too much with so little information from the OP.

How good would your advice have been if he had other resident malware
issues?

 

[kurt wismer]

You mean Barts PE which isn't exactly widespread is it?

well, since it isn't self-replicating i wouldn't expect it to be
widespread...

but seriously, back in the days before ntfs became mainstream, clean
booting involved booting off a known clean bootable floppy disk... it's
not a clean boot if you're booting from the suspect medium... that's a
lot harder now that ntfs has come along, because ms failed to provide a
freely available means of booting clean while retaining the ability to
access the file system (though they do have a pe disk, you have to jump
through hurdles to get it)... thankfully someone else stepped up and
created a rough approximation to ms' own pe disk...