Hi, I've read that someone else wrote about some problems and this one too but... in the answers I couldn't understand what about this 2 system files (I have only this problem). I know the scan got in error in the past but this ones... are new for me...

A further info (I do not know if it can help): I have 2 PC, one with Windows XP Professional (and the scan didn't report this warning) otherwise in this one I have Windows XP Home Edition and this is the report:

Scan Started Mon Jun 11 17:54:41 2007
-------------------------------------------------------------------------------

WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 124440
Engine version: 0.90.2
Scanned directories: 5197
Scanned files: 61163
Skipped non-executable files: 552
Infected files: 0
Data scanned: 22125.70 MB
Time: 11151.315 sec (185 m 51 s)

Both the 2 PC run Version 0.90.2.1 .

Thanks so much for your help!

These two files are Windows system files in use when ClamWin did a scan. This is normal, as ClamWin can't scan a file that is in use/open. Hiberfile is related to the hibernate function in your Windows software. Pagefile is related to the "virtual" memory that Windows uses on your hard drive when RAM memory runs low. I always get the message that ClamWin couldn't open them during my scans. You may also get messages of other files that can't be opened/scanned (I get a lot). Generally the .sys files are okay, and you don't need to worry about them. In fact, virus writers prefer to hide their malicious files, so most files that ClamWin can't open are probably okay/virus free.

Regards,

Great, thanks so much!!! Honestly, at present, I have only these warnings...and not any more the old and famous ones that I had in the past (I do not know why but with the new update the scan doesn't tell me that about other system files...).
I'm also very happy now as with the new release I solved also the problem of slow scan incoming mails with Outlook! Now it's perfect!

Hi,

I think some virus attack´s these file. What Clamwin do?

You can scan the file with ClamWin, and ClamWin will check it against the viruses in its database to see if it contains any of them. If it finds one, it will not clean the file or remove the virus. You will have to delete the file yourselfl. You can configure ClamWin to put virus files in quarantine.

You should check any virus file found with other antivirus programs to be sure it is not a false positive. You can go to VirusTotal on the Web to upload the file, and they will check it out for you free with about 30 antivirus programs--including Clam/ClamWin.

Regards,

The hibernation and virtual paging files are generally not attackable by viruses for several reasons.

1) Even though the file extension is .SYS, these files are not drivers nor executables. Viruses that infect files look for executables because they need to append their malware code to something that will eventually be run by windows. These files are pure data and are not "executed" like a program like Microsoft Word.

2) These files are always in use by Windows. Try deleting one of them and see what happens. Viruses, even if they did figure out a useful way to drop a payload attached to these files, would still have the problem that they can't write to these files.

Most AV scanners simply suppress that they can't read these files because they are locked constantly. ClamWin could probably do the same, but programmers who like to help open source projects don't grow on trees.

I have warning from my virus scan, see below, that says cannot open. Is this a problem and if it is is there a fix??



Removed
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082949.exe: Trojan.Downloader-9581 FOUND
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082949.exe: Removed
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082950.exe: Trojan.Downloader-9606 FOUND
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082950.exe: Removed
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082951.exe: Trojan.Downloader-9607 FOUND
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP660\A0082951.exe: Removed
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\dao360.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB839645$\shell32.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB839645$\sxs.dll, Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll, Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 130699
Engine version: 0.90.2
Scanned directories: 7258
Scanned files: 89270
Skipped non-executable files: 141
Infected files: 18
Data scanned: 22202.23 MB
Time: 17781.889 sec (296 m 21 s)

It appears that you have two groups noted in the ClamWin scan. One is a group of files that couldn't be opened because they are in use. Antivirus software can't scan files that are open when the scan is made. These files all appear to be Windows system files, and they are probably okay. I Googled the first three unopened files in your scan log, and they were Windows System files--perhaps Vista related.

The other group appears to be in your System Restore location. Malware can sometimes hide in System Restore, but it is more likely that you set a restore point previously when some malware was on your system, and that's how it got in System Restore. You can clear this up by disabling System Restore.

Let me suggest this: disable System Restore and then go to https://onecare.live.com/site/en-us/default.htm and run a free full service scan at the Microsoft One Care Web site. This will consist of a malware scan, registry cleaning and a check for needed Windows patches. Then run another ClamWin scan--just scan the directories where ClamWin originally found malware. If everything is okay, set a System Restore point and go about your business. In fact, it wouldn't hurt to do something like this monthly to "tune up" your system.

If everything is not okay, I suggest you visit Trend Micro and perform the free live scan there. They probably have the "safest" and least invasive online scan. Then see if ClamWin still finds someting. If it does find something, post the scan log here again with a reminder as to what has happend perviously.

Regards,

@steveerlich

It seams you are using non administrator account to scan and uninstall data it's not accessible
C:\WINDOWS\$NtUninstallXXXX$ are the files created as backup for windows update hotfixes