Norton Power Eraser - has anyone used it?

User avatar
John Gray
PlatinumLounger
Posts: 5500
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Norton Power Eraser - has anyone used it?

Post by John Gray »

A couple of links to Norton Power Eraser, which is supposed to "Eliminate deeply-embedded and difficult-to-remove crimeware that traditional virus scanning doesn't always detect.."

http://security.symantec.com/nbrt/npe.asp?lcid=2057

http://www.symantec.com/norton/products ... wer_eraser

I'm just about to see what it does...
John Gray

"Tigers are the ones who look like an orange barcode with teeth." - Philomena Cunk​​

User avatar
HansV
Administrator
Posts: 79447
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Norton Power Eraser - has anyone used it?

Post by HansV »

It is meant to be used as a last resort only. Please heed the cautionary warning:
Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.
Best wishes,
Hans

User avatar
John Gray
PlatinumLounger
Posts: 5500
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Norton Power Eraser - has anyone used it?

Post by John Gray »

Yes, that is the standard disclaimer to most of the malware removal programs like Malwarebytes' Anti-Malware, SuperAntiSpyware, HitMan Pro, ComboFix, and the like!

I tried it on my XP Pro box, and I think the problem with this program is going to be false positives.

It suggests that I 'fix' the 'bad' remote administration program for our work Exchange server's antispam solution.

It says that two working shortcuts to perfectly OK programs are 'suspicious'.

It objects to five programs (mscorlib.dll, system.drawing.dll, system.windows.forms.dll, system.xml.dll, system.dll) located some way down in C:\Windows\Assembly but when I click on the Locate button it says it can't find them. I have no idea what they do, but I doubt there's anything wrong with them.

The log is nearly 700 KB of XML code relating to 181 drivers and 110 products, but nothing obviously of interest.

Based on this experience, I wouldn't want to unleash this product in its current state on anyone non-techie!
John Gray

"Tigers are the ones who look like an orange barcode with teeth." - Philomena Cunk​​

User avatar
HansV
Administrator
Posts: 79447
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Norton Power Eraser - has anyone used it?

Post by HansV »

John Gray wrote:Yes, that is the standard disclaimer to most of the malware removal programs like Malwarebytes' Anti-Malware, SuperAntiSpyware, HitMan Pro, ComboFix, and the like!
I don't think those programs are meant to be used as a last resort only...
Best wishes,
Hans

User avatar
John Gray
PlatinumLounger
Posts: 5500
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Norton Power Eraser - has anyone used it?

Post by John Gray »

True!
John Gray

"Tigers are the ones who look like an orange barcode with teeth." - Philomena Cunk​​

User avatar
John Gray
PlatinumLounger
Posts: 5500
Joined: 24 Jan 2010, 08:33
Location: A cathedral city in England

Re: Norton Power Eraser - has anyone used it?

Post by John Gray »

I may be able to use this NPE program in anger, since I was told that some #=*%£# person has managed to get a drive-by download of Antimalware Doctor on their work PC (first time we've ever had anything like that). Malwarebytes seems to remove lots of Stuff, but it seems to return. HitMan Pro finds even more Stuff, but falls over just as it is about to delete it. I haven't yet tried SuperAntiSpyware because of lack of time.

There may be more rubbish than Antimalware Doctor there, since the range of random EXE names highlighted by HitMan Pro are rather more than the Antimalware Doctor removal writeups indicate.
John Gray

"Tigers are the ones who look like an orange barcode with teeth." - Philomena Cunk​​