 Need Help In Scanning A File... It Acts Bizarre Depending On How It Is Scanned, need to understand windows file locking maybe? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Dec 7 2007, 06:48 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 7-December 07 Member No.: 175,123  |
i've got a file that i suspect. it is an exe (for example's sake, let's say somefile.exe). when i run kaperksy to 'scan this file' it skips it! kapersky's status of the scan tells me that it skipped the file and the reason was 'by rights' i have no idea what that means, and their website/help is not giving me any further insight. so, i changed the name of the file to somefile.exe.txt, and rescanned. it seemed to understand that the file had packed componants, and unpacked successfully and scanned the innards of the file just fine. it didn't find any threats. however, what bothers me is that the second i rename the file back to a somefile.exe... i can no longer scan it! what is going on? i can scan other exe files just fine. in fact, when i try to upload that one particular exe file, kapersky's online file scanner acts all goofy as if i hadn't submitted a file at all. i've submitted other files to their online file scanner and processed them just fine, so it's definitely related to just this one. anyone have any ideas what might be happening? thanks |
 |
 
|
|
Dec 7 2007, 11:30 PM
Post
#2
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 10,943 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
For the sake of argument upload the file to Jotti Scan
http://virusscan.jotti.org/ -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
Dec 7 2007, 11:47 PM
Post
#3
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
"Object is locked skipped" or "Access Denied" notations in a scan -> This is normal as a files are locked by the operating system or running programs during use for protection, so scanners cannot access them. The Object is locked skipped detections are normally not malware nor are they infected. Skipped a file for reason 'by rights' can mean you are not running a scan as administrator and do not have permission so the scan skips that file.
This post has been edited by quietman7: Dec 7 2007, 11:50 PM -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009  |
|
|
|
 Dec 8 2007, 08:49 PM
Post
#4
|
|
|
New Member Group: Members Posts: 4 Joined: 7-December 07 Member No.: 175,123 |
oh wow! when i tried to submit the file to the online virus scanner i got the following error:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file that mean that i've got a virus currently running on my machine? oh poop. 
|
|
|
|
|
Dec 8 2007, 09:04 PM
Post
#5
|
|
 Bleepin' Mod Group: Moderator Posts: 4,623 Joined: 18-March 06 From: B.C. Canada Member No.: 59,826 |
Try disabling your Firewall and resubmit the file to Jotti's malware scan.
--------------------  Join Bleeping Computers Folding@home Team and Help find a cure. I am thankful for laughter, except when milk comes out of my nose. ~Woody Allen |
|
|
|
|
Dec 8 2007, 11:32 PM
Post
#6
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Did you physically search for and confirm the size of the file?
Can you provide the specific name and its location on your system? -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 |
|
|
|
|
Dec 9 2007, 02:57 AM
Post
#7
|
|
|
New Member Group: Members Posts: 4 Joined: 7-December 07 Member No.: 175,123 |
hello,
thanks for replying here's the summary and answer to the various questions: firewall shut off i did check the file size, it's not zero. when i change the extension to .txt i can upload it fine the file is located at the following: S:\_____ck 4 virus\INFECTED.exe.txt 140,288 bytes i can't upload it from any machine (tried 3 different computers - arguably they could all be infected) i have successfully uploaded other .exe files to various online virus scanners and the system didn't hesitate at all. worked fine i have avgfree installed and it has a heart attack each time i try to touch the damn file LOL and, yes, i did shut off avg and try to upload the bizarre .exe file (i shut off virus protection via the control panel of the app, and then went into task manager and killed all the avg processes manually) so, now i'm thinking that exe file has some amazing trojan/virus/malware stuff in it, AND that i am infected with something the file should NOT be locked by anyone and in fact, i can change the file name without problem. except when i called it a .exe file, then things get really weird. i haven't run the file, and for safety's sake, have the file renamed to a .txt extension to keep it from executing by mistake. i'm wondering if there are any good debuggers or monitors around that would let me see who's locking/touching the file? thanks! This post has been edited by audre: Dec 9 2007, 03:05 AM |
|
|
|
|
Dec 9 2007, 04:36 AM
Post
#8
|
|
 Malware hunter Group: HJT Team Posts: 1,471 Joined: 7-February 06 From: Greece loutraki 6 km from korinth canal Member No.: 54,061 |
Hi audre
Download this program: submit files packer Highlight the file you (want) and right-click and selecting copy. Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field. Then press the Continue button. I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab. Rename this file to yourmembername.cab (for example grinler.cab). Then go to: http://www.bleepingcomputer.com/submit-malware.php and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button. Stelios -------------------- |
|
|
|
|
Dec 9 2007, 06:12 AM
Post
#9
|
|
|
New Member Group: Members Posts: 4 Joined: 7-December 07 Member No.: 175,123 |
hello,
i've uploaded the cab file per your instructions! thanks so much |
|
|
|
|
Dec 9 2007, 07:31 AM
Post
#10
|
|
|
Malware hunter Group: HJT Team Posts: 1,471 Joined: 7-February 06 From: Greece loutraki 6 km from korinth canal Member No.: 54,061 |
We will see what Grinler has to say!!!
Have Patience! Stelios -------------------- |
|
|
|
|
Dec 17 2007, 01:33 PM
Post
#11
|
|
 Bleep Bleep! Group: Admin Posts: 29,873 Joined: 24-January 04 From: USA Member No.: 3 |
Farstone Driveclone Pro v3.0 keygen program
Norman is showing it as W32/Delf.AXIP. -------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 03:42 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.