locked file..in a different way

Discussion in 'Computer Information' started by Robert Baer, Jan 12, 2014.

  1. Robert Baer

    Robert Baer Guest

    Well, i tried to install the FA-930 driver for the Casio KL-8100,
    which i KNOW works for Win2K (this was for newer HD build).
    Well, it fails as the present CD seems to be an incomplete copy (4
    files missing).
    So, i made a new folder(see * below) with all files from the working
    installation, and the folder structure and files all compare (the 4 are
    now where they belong).
    Run Setup.exe and it INSTANTLY dies, no clue as to reason(see * below).
    Previously, i found that when a sub-folder had a missing file, Setup
    would run,show files being loaded and then error stop giving folder
    location & missing file name.
    After exiting, and using ProcessExplorer to verify no extraneous
    running programs, i would find at least one source file "locked by a
    program" as indicated by a Win msg; impossible to find that program
    because the loader now is NOT RUNNING!
    End result with this new info,is that (when something is locked)
    handles are definitely NOT being cleared by any kind of garbage collector.

    Is there a program that i can run that will "sweep out" all trash
    (un-used handles)?
    I think it might be wise the program does not use the registry
    garbage pit for install, and might look there for what i will trash echos.
    *************
    * WTF program dying from above.
    The complete program set as mentioned dies instantly as mentioned.
    CASES: 1) everything in stick folder tagged Read-Only to emulate a CD,
    2) everything in stick folder NOT tagged Read-Only, 3) only Setup.exe
    tagged, 4) all but Setup.exe tagged, 5,6,etc) COPIES from present CD
    direct or untagged,or whatever.
    EXCEPT for the original CD, ALL VARIANTS die instantly.

    Dammit all to heck,i need a WORKING install disk!
    I have verified that (after a false start) setup.exe from one version
    to another all FC; i presume that FC does not care about file extents.
    Robert Baer, Jan 12, 2014
    #1
    1. Advertising

  2. Robert Baer

    Paul Guest

    On 1/12/2014 5:07 PM, Robert Baer wrote:
    > Well, i tried to install the FA-930 driver for the Casio KL-8100, which i KNOW works for Win2K (this was for newer HD build).
    > Well, it fails as the present CD seems to be an incomplete copy (4 files missing).
    > So, i made a new folder(see * below) with all files from the working installation, and the folder structure and files all compare (the 4 are now where they belong).
    > Run Setup.exe and it INSTANTLY dies, no clue as to reason(see * below).
    > Previously, i found that when a sub-folder had a missing file, Setup would run,show files being loaded and then error stop giving folder location & missing file name.
    > After exiting, and using ProcessExplorer to verify no extraneous running programs, i would find at least one source file "locked by a program" as indicated by a Win msg; impossible to find that program because the loader now is NOT RUNNING!
    > End result with this new info,is that (when something is locked) handles are definitely NOT being cleared by any kind of garbage collector.
    >
    > Is there a program that i can run that will "sweep out" all trash (un-used handles)?
    > I think it might be wise the program does not use the registry garbage pit for install, and might look there for what i will trash echos.
    > *************
    > * WTF program dying from above.
    > The complete program set as mentioned dies instantly as mentioned.
    > CASES: 1) everything in stick folder tagged Read-Only to emulate a CD,
    > 2) everything in stick folder NOT tagged Read-Only, 3) only Setup.exe tagged, 4) all but Setup.exe tagged, 5,6,etc) COPIES from present CD direct or untagged,or whatever.
    > EXCEPT for the original CD, ALL VARIANTS die instantly.
    >
    > Dammit all to heck,i need a WORKING install disk!
    > I have verified that (after a false start) setup.exe from one version to another all FC; i presume that FC does not care about file extents.
    >
    >


    This page will give you some idea how handles work.

    http://msdn.microsoft.com/en-us/library/windows/desktop/ms724485(v=vs.85).aspx

    They're stored in the paged pool, and returned to the pool area when no
    reference to them exists any more.

    So the basic function, appears to exist in kernel space. And programs
    make kernel calls to do stuff.

    Since your kernel and my kernel are the same, the behavior should be
    consistent *at the kernel level*. That's why, when I try to construct
    a theory as to what is wrong with your system, I look for two applications
    to get into a fight. Rather than theorize it's the kernel (or a driver).
    And a driver should (normally), mind its own business. Drivers don't
    go around grabbing handles used by applications or by other drivers.
    And that's why my suggestions will likely continue to point at
    programs as being at fault.

    the closest thing to "meddle-some" is AV programs. They get
    into everything. And mess with everything. That's the closest
    thing to "ill-behaved" on a computer, the root-kit we call the
    AV program.

    In your case, the theory was that two programs are attempting to access
    the same file. Perhaps an AV program opens the file, and scans it. At
    the same time, as you the user is attempting to do something to the file.

    When a program file (.exe) exits, I don't see a reason for a handle to it
    to stick around. Unless an AV is scanning it, and at that point, it's
    too late for scanning to do any good.

    *******

    Also, don't get too wound up about the "Read Only" flag. It's meaning is
    overloaded, and it is used for more than indicating something can only
    be read. I think it implies a folder is customized or something. I'm
    not really a fan of Windows permissions, as the display of the information
    is all over the place, and it's pretty hard to figure out, and later,
    keep track of how it all works. The Unix/Linux idea, of at least showing
    permissions when listing files in a shell, makes the base permissions
    on a file easier to understand.

    Unix/Linux overloads the meaning of bits as well. But the difference is,
    the "stuff you don't know", doesn't usually bite you on the ass.
    Things like sockets and setuid are still important, but for the things
    a user typically desires to do, you don't need to know about them. I just
    find even the basics in Windows, hard to figure out. Like, remembering
    what the Read-Only bit means, when it's set on a folder :) It doesn't
    mean Read-Only.

    Paul
    Paul, Jan 12, 2014
    #2
    1. Advertising

  3. Robert Baer

    Robert Baer Guest

    Paul wrote:
    > On 1/12/2014 5:07 PM, Robert Baer wrote:
    >> Well, i tried to install the FA-930 driver for the Casio KL-8100,
    >> which i KNOW works for Win2K (this was for newer HD build).
    >> Well, it fails as the present CD seems to be an incomplete copy (4
    >> files missing).
    >> So, i made a new folder(see * below) with all files from the working
    >> installation, and the folder structure and files all compare (the 4
    >> are now where they belong).
    >> Run Setup.exe and it INSTANTLY dies, no clue as to reason(see * below).
    >> Previously, i found that when a sub-folder had a missing file, Setup
    >> would run,show files being loaded and then error stop giving folder
    >> location & missing file name.
    >> After exiting, and using ProcessExplorer to verify no extraneous
    >> running programs, i would find at least one source file "locked by a
    >> program" as indicated by a Win msg; impossible to find that program
    >> because the loader now is NOT RUNNING!
    >> End result with this new info,is that (when something is locked)
    >> handles are definitely NOT being cleared by any kind of garbage
    >> collector.
    >>
    >> Is there a program that i can run that will "sweep out" all trash
    >> (un-used handles)?
    >> I think it might be wise the program does not use the registry garbage
    >> pit for install, and might look there for what i will trash echos.
    >> *************
    >> * WTF program dying from above.
    >> The complete program set as mentioned dies instantly as mentioned.
    >> CASES: 1) everything in stick folder tagged Read-Only to emulate a CD,
    >> 2) everything in stick folder NOT tagged Read-Only, 3) only Setup.exe
    >> tagged, 4) all but Setup.exe tagged, 5,6,etc) COPIES from present CD
    >> direct or untagged,or whatever.
    >> EXCEPT for the original CD, ALL VARIANTS die instantly.
    >>
    >> Dammit all to heck,i need a WORKING install disk!
    >> I have verified that (after a false start) setup.exe from one version
    >> to another all FC; i presume that FC does not care about file extents.
    >>
    >>

    >
    > This page will give you some idea how handles work.
    >
    > http://msdn.microsoft.com/en-us/library/windows/desktop/ms724485(v=vs.85).aspx
    >
    >
    > They're stored in the paged pool, and returned to the pool area when no
    > reference to them exists any more.
    >
    > So the basic function, appears to exist in kernel space. And programs
    > make kernel calls to do stuff.
    >
    > Since your kernel and my kernel are the same, the behavior should be
    > consistent *at the kernel level*. That's why, when I try to construct
    > a theory as to what is wrong with your system, I look for two applications
    > to get into a fight. Rather than theorize it's the kernel (or a driver).
    > And a driver should (normally), mind its own business. Drivers don't
    > go around grabbing handles used by applications or by other drivers.
    > And that's why my suggestions will likely continue to point at
    > programs as being at fault.
    >
    > the closest thing to "meddle-some" is AV programs. They get
    > into everything. And mess with everything. That's the closest
    > thing to "ill-behaved" on a computer, the root-kit we call the
    > AV program.
    >
    > In your case, the theory was that two programs are attempting to access
    > the same file. Perhaps an AV program opens the file, and scans it. At
    > the same time, as you the user is attempting to do something to the file.
    >
    > When a program file (.exe) exits, I don't see a reason for a handle to it
    > to stick around. Unless an AV is scanning it, and at that point, it's
    > too late for scanning to do any good.
    >
    > *******
    >
    > Also, don't get too wound up about the "Read Only" flag. It's meaning is
    > overloaded, and it is used for more than indicating something can only
    > be read. I think it implies a folder is customized or something. I'm
    > not really a fan of Windows permissions, as the display of the information
    > is all over the place, and it's pretty hard to figure out, and later,
    > keep track of how it all works. The Unix/Linux idea, of at least showing
    > permissions when listing files in a shell, makes the base permissions
    > on a file easier to understand.
    >
    > Unix/Linux overloads the meaning of bits as well. But the difference is,
    > the "stuff you don't know", doesn't usually bite you on the ass.
    > Things like sockets and setuid are still important, but for the things
    > a user typically desires to do, you don't need to know about them. I just
    > find even the basics in Windows, hard to figure out. Like, remembering
    > what the Read-Only bit means, when it's set on a folder :) It doesn't
    > mean Read-Only.

    * I have found that if folder properties show R/O, then there is at
    least one file (or folder) in it that is R/O. Unchecking the folder R/O
    and clicking "Apply to all" will always uncheck R/O for all contents.
    That means R/O for a folder is technically meaningless FOR THE FOLDER
    - only meaningful for a file or files inside.
    Attrib will show "R" only for files that are marked R/O and not for
    any folder a R/O file is in (no matter how deep):
    A D:\TesrRO\LETTERS\DRIP.PDF
    A D:\TesrRO\LETTERS\JOKE
    A D:\TesrRO\LETTERS\SILVER.LST
    A D:\TesrRO\LETTERS\STOX
    A R D:\TesrRO\LETTERS\STOX.DRP
    A D:\TesrRO\LETTERS\STOX.IRA
    A D:\TesrRO\LETTERS\STOX.TST
    A D:\TesrRO\LETTERS\trust_application.pdf
    D:\TesrRO\LETTERS
    A D:\TesrRO\STOX
    Naturally, since i went to the trouble to make a sample, "Properties"
    for the folders are now not working as they did.

    >
    > Paul
    >

    OK, it sort-of makes sense that some OTHER, UNRECOGNIZED (by me)
    program may be the "locker" in some cases.
    The AV program may just be the culprit - so assume it is, as follows:
    1) i do something to a file (usually edit it via Word, or CorelDraw or
    ParaBen Screen Capture) and sometime during that work, AV "comes to the
    fray", grabs it for snoop.
    2) my work "lets go" but the "snoop grab" does not - and so i can no
    longer access it.
    3) BUT,one might think that AV would leave the war zone and "ungrab" so
    it can go to bigger and better fights.
    **
    I have new (and more) memory (2GB instead of one), so that is
    definitely not the problem.

    Since i am having a VERY repeatable problem with that FA930-C program
    set,what i could try is: (a) UNPLUG the EtherNet cable - making external
    attacks and intrusion impossible, (b) prevent Avast from loading, (c)
    fiddle around to see if i can fix the FA930-C problem and then see if i
    can Pete again (re-Pete) the locking garbage.
    Robert Baer, Jan 13, 2014
    #3
  4. Robert Baer

    Robert Baer Guest

    Re: locked file..refuse to install case-AVAST is rootkit

    ** SNIPped pervious stuff **
    > Since i am having a VERY repeatable problem with that FA930-C program
    > set,what i could try is: (a) UNPLUG the EtherNet cable - making external
    > attacks and intrusion impossible, (b) prevent Avast from loading, (c)
    > fiddle around to see if i can fix the FA930-C problem and then see if i
    > can Pete again (re-Pete) the locking garbage.

    I got VERY aggressive: Disable AVAST in Computer Management; in AVAST
    disabled cloud services and self-defense mode; used RegCleaner to remove
    AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip,
    annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES
    disabled AVAST. UNPLUGGED EtherNet cable.
    Reboot - it is amazing what little runs.
    Was ABLE to install FA-930C with no sass and program seems to run OK.

    When AVAST was running, install always either quit instantly, or
    complained about some missing file.

    Up to a number of months ago, i never had this problem.
    So they added something in their zeal to "give more protection" that
    makes it more like a rootkit.
    Robert Baer, Jan 13, 2014
    #4
  5. Robert Baer

    Robert Baer Guest

    Re: Refuse to copy file-AVAST is rootkit

    Robert Baer wrote:
    > ** SNIPped previous stuff **
    >> Since i am having a VERY repeatable problem with that FA930-C program
    >> set,what i could try is: (a) UNPLUG the EtherNet cable - making external
    >> attacks and intrusion impossible, (b) prevent Avast from loading, (c)
    >> fiddle around to see if i can fix the FA930-C problem and then see if i
    >> can Pete again (re-Pete) the locking garbage.

    > I got VERY aggressive: Disable AVAST in Computer Management; in AVAST
    > disabled cloud services and self-defense mode; used RegCleaner to remove
    > AVAST startup entry; in MSconfig WIN.INI disabled mail, mci, winzip,
    > annie; SYSTEM.INI disabled drivers; GENERAL disabled startup; SERVICES
    > disabled AVAST. UNPLUGGED EtherNet cable.
    > Reboot - it is amazing what little runs.
    > Was ABLE to install FA-930C with no sass and program seems to run OK.
    >
    > When AVAST was running, install always either quit instantly, or
    > complained about some missing file.
    >
    > Up to a number of months ago, i never had this problem.
    > So they added something in their zeal to "give more protection" that
    > makes it more like a rootkit.
    >

    Boot computer from power off; absolutely and totally impossible to
    COPY a particular file to any other folder or to floppy; totally and 100
    percent repeatable.
    At CMD or MSDOS prompt, COPY mumble.SRC whatever.DST /V will result
    in error message "Error Verify - whatever.DST" and a DIR will show
    whatever.DST as size ZERO.

    So, go thru all of the necessary to kill AVAST on reboot.
    *NOW* one can copy that particular file anywhere, and faithfully.

    Peachy!

    So it is AVAST that (semi-randomly) prevents files from being copied
    during an install - resulting an indeterminate failure mode (depends on
    program).
    Robert Baer, Jan 14, 2014
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neil
    Replies:
    174
    Views:
    3,216
    Briscobar
    Apr 17, 2006
  2. Joe
    Replies:
    4
    Views:
    1,242
  3. John Schutkeker

    XP File Locked?

    John Schutkeker, May 8, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    5,106
    John Schutkeker
    May 11, 2005
  4. John John

    AMD Opteron: 1-way, 2-way, ... Up to 8-way.

    John John, Dec 24, 2005, in forum: Windows 64bit
    Replies:
    12
    Views:
    770
    Tony Sperling
    Dec 27, 2005
  5. Peter Jason

    Locked file?

    Peter Jason, Dec 26, 2012, in forum: Digital Photography
    Replies:
    2
    Views:
    266
    Mayayana
    Dec 26, 2012
Loading...

Share This Page