Question.....

Discussion in 'Virus Information' started by Robert Nielsen, Nov 9, 2009.

  1. I recently installed Microsoft Security Essentials (updated with latest
    definitions & versions), and ever since I installed it, there's one file
    that absolutely refuses to open - the file is called
    IndyCar.Series.2009.1.4-setup.exe (it's an addon for the rFactor racing
    game). I have it downloaded and burned to a DVD-R, and loaded onto a USB
    drive, but in both cases, when I attempt to open the directory this file is
    in, it causes Explorer.exe to stop responding. What is going on??

    Robert
     
    Robert Nielsen, Nov 9, 2009
    #1
    1. Advertisements

  2. When Explorer opens the file to retrieve the icon data, MSE scans it. It
    may take quite some time to finish, depending on what method MSE is
    using to scan the file.

    ....or, it could be that MSE still has some bugs to work out (gasp!).
     
    FromTheRafters, Nov 10, 2009
    #2
    1. Advertisements

  3. FromTheRafters,

    When you say "It may take quite some time to finish," exactly how much time
    are we talking about? Or, is that dependent on the size of the file in
    question? (This file is 276 MB, FYI.)
     
    Robert Nielsen, Nov 10, 2009
    #3
  4. From: "Robert Nielsen" <>

    | FromTheRafters,

    | When you say "It may take quite some time to finish," exactly how much time
    | are we talking about? Or, is that dependent on the size of the file in
    | question? (This file is 276 MB, FYI.)


    LOL -- Yes, scanning a file that size will take a while !
    { Especially if it is also a self extracting archive file }
     
    David H. Lipman, Nov 10, 2009
    #4
  5. Dave,

    So, as I said to FromTheRafters, exactly how much time are we talking about?
    A few seconds? Minutes? (Hopefully, not much longer than a few minutes!!)
    And, does it have to do that EVERY time you try to open the file in
    question?? (BTW, it's an executable file).

    Robert
     
    Robert Nielsen, Nov 10, 2009
    #5
  6. Robert Nielsen

    VanguardLH Guest

    Create another text file that is 276MB in size and see how long it takes
    to perform a manual scan on that file. However, strings are
    recognizable in text files.

    That it is an executable file doesn't mean it isn't also an archive with
    a wrappable (the executable) prepended to the archive file. That's how
    self-extracting files work, as well as installers that extract from a
    compressed file contained within.

    Giving you a time on your host would be impossible for others to
    compute. They don't have your hardware so your processing power (CPU
    and data rate over the bus to hard disks) will differ from other users.
    Anyone that cites a scanning speed will also have to specify on what
    hardware they did the test, OS, background processes (i.e., current load
    on the CPU), and whatever constitutes their test platform. A text file
    the same size as the executable would give you a minimum time on your
    host.

    Alternatively, go grab the Windows installation CD and scan that. Then
    divide the number of bytes on the CD by time. However, remember that
    your CD drive is much slower than your hard disk and why I mentioned
    doing a test on a file on your hard disk. You could pick a much smaller
    executable file, like 1MB, to see how long it takes to scan that, and
    then multiple by 276 to get an idea on how long it will take on the big
    file. Also, how long depends on what scan mode you select in MSE:
    quick, full, or custom.
     
    VanguardLH, Nov 10, 2009
    #6
  7. From: "Robert Nielsen" <>

    | Dave,

    | So, as I said to FromTheRafters, exactly how much time are we talking about?
    | A few seconds? Minutes? (Hopefully, not much longer than a few minutes!!)
    | And, does it have to do that EVERY time you try to open the file in
    | question?? (BTW, it's an executable file).

    | Robert

    There are too many variables to quantify. CPU speed, type of binary, if binary is an
    archive, yada, yada...

    However, it should spend more than 3 minutes.
     
    David H. Lipman, Nov 11, 2009
    #7
  8. Some antivirus applications will create a hash of a file after it is
    scanned for the first time, sort of a change detection scheme so that
    they don't have to scan it again until it has changed. I'm not sure
    which AV's do this and which do not. If they do not, then it would be an
    every time scan.

    Some (probably most) antivirus applications are smart enough to only
    look for malware that is likely to be in that type of file. For
    executables, (especially large ones) there are lots of things to look
    for - some even requiring a degree of emulation (parts of the executable
    are actually executed in an emulated environment to see what
    self-modifying code or self-decryption eventually reveals as further
    executable code).

    I mentioned buggy because sometimes corrupted or otherwise malformed
    files cause problems for scanners or even the OS itself.

    How long it takes depends too much on too many factors to hazard a
    guess.
     
    FromTheRafters, Nov 11, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.