• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

What is Norton Power Eraser?

I have seen some messages about using Norton Power Eraser if malware got by Norton. What is Norton Power eraser and why would Norton power eraser find a risk if NIS didn't???

and also should I download and run it if i am not having any problems just to see if it detects anything?

Thanks Kevin

Replies

Kudos5

Re: What is Norton Power Eraser?

You can view a tutorial, which does a good job of explaining the recommended use of Norton Power Eraser, here:

http://www.symantec.com/norton/products/tutorials/tutorials.jsp?pvid=nis2011&tutid=power_eraser

Kudos1

Re: What is Norton Power Eraser?

Thanks SendOfJive, I had forgotten to include that link.

Kevin, the main lesson here is to not take the tool lightly. I have tested this pretty heavily and there have been recent and very good changes made to the tool (compared to the past) but it is not considered an every day scanning tool.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos2

Re: What is Norton Power Eraser?

Hi Toostrong;

Please heed the warnings, particularly if you think you might have a rootkit.

Quads' report:

http://community.norton.com/t5/Tech-Outpost/TDSSkiller-TDL4/m-p/243067/highlight/true#M1214

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1

Re: What is Norton Power Eraser?

Let's remember too that NPE does not just remove everything it finds, it gives the user a chance to say yes or no to individual items before doing the "repair".

So while NPE is aggressive and might have false positives on occasion and in worst case might flag a windows system file for deletion, one has a chance to tell NPE "No don't remove this".

The moral: the list should be reviewed carefully and if the user is at all unsure what to do, then come ask for advice.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos1

Re: What is Norton Power Eraser?


AllenM wrote:

Let's remember too that NPE does not just remove everything it finds, it gives the user a chance to say yes or no to individual items before doing the "repair".

So while NPE is aggressive and might have false positives on occasion and in worst case might flag a windows system file for deletion, one has a chance to tell NPE "No don't remove this".

The moral: the list should be reviewed carefully and if the user is at all unsure what to do, then come ask for advice.

Allen


Just like Hijackthis and other tools, this can also cause people to tell the user that you can have NPE remove "this file" just like people have done in the past with Hijackthis etc. when files or entries shouldn't be removed.

Why did I do the test of TDL3 (+) and NPE,  hhhhmmmmm

I heard circulating basically NPE could successfully remove TDL3 and bootkits.

Bootkits I knew was a definite NO, I tested that anyway and it is a No for them.

Then TDL3 (+) well we know the result of NPE finding the infected driver and removing it, especially when it's a critical file infected.

Symantec also had the same result of causing the PC to become useless.

Quads

Kudos1

Re: What is Norton Power Eraser?

Allen,

<< The moral: the list should be reviewed carefully and if the user is at all unsure what to do, then come ask for advice. >>

The problem there, which one knows from registry cleaners, is that if the unskilled user has confidence in Norton, as we hope he or she has, they are likely to take the attitude that the fact that it is listed makes it probably safe just to click on ALL !

People often don't know what they don't know ......

I say this without having run the current NPE although I think I ran the first ET/Beta and so I don't know how strong warnings are in NPE itself. Certainly here in the forums I believe we should stress even more strongly perhaps that you must know what the file is and what it does before you delete it.

In the same way, any message that is posted suggesting reinstalling Windows should include -- if you do not have backups of your data and media to reinstall your applications you will end up without them so you may wish to try a rescue operation first if only to see if you can save your data/

Rather as I say about Registry Cleaners -- if you do not know more than the utility does don't use it!

A few of us will recognize the Motto of the Cricket Umpire: "When in doubt say Not Out!"

Hugh
Kudos2

Re: What is Norton Power Eraser?

Hi Hugh,

This is why when I recommend NPE I have very explicit instructions about this. I include my boiler plate below.

For ALL I am not recommending you run this tool, the procedure below is just for illustration about the disclaimer I would use if I were to recommend using NPE. Please do NOT run this! I have DISABLED the link below just in case.

Please download the Norton Power Eraser (NPE) and save to a convenient location such as your desktop.

Run the NPE, accept the license agreement and then perform a scan.


Please note: do NOT change anything in the Settings tab unless explicitly requested to do so.


When the scan is completed you will get a results page listing anything that NPE found. Please be very careful before clicking on the Fix button. NPE uses pretty agressive routines to detect malware and it may falsely alert on innocent files. If in doubt, let us know what was found by NPE and ask for guidance as to whether to have it fixed before proceeding.


Otherwise, ensure that Create System Restore Point is checked and then click Fix.


Please let us know the results.


Allen 

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos2

Re: What is Norton Power Eraser?

The problems I see are as follows:

1.  Five out of 10 users will just click fix because they figure that things can't get worse.

2.  3  will come back and check to see if it is okay to click fix and one of the less experienced will tell them to

     go ahead and click fix.  The forum does not protect users from this.

     Even if the assistant is firly knowledgeable, there are so many file extensions, so many names and

     extensions used or hijacked by malware, that I don't believe there are more than one or two people on this

     forum competent to say with any authority to go ahead and click fix.  I know I am not. Sorry.

3.  One of the others will decide that reformatting is the way to go and they will just reload the operating system

     believing that that is a reformat.

4.  One out of the ten will have everything work like clockwork, because the poster who recommended it knew

     the program well enough to know exactly what it was good for, what malware the user had and what was

     likely to show up on the NPE.

I'm not  fan of "give it a shot and see if it works" with an agressive piece of  software.

JMHO

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos2

Re: What is Norton Power Eraser?

Hi Delph,

I think anyone recommending the use of NPE had better do some research to make absolutely sure whether the file(s) in question are Windows files before recommending the OP click on the Fix button.

All I or anyone can do is be very explicit about how this (or any) tool should be used. It is up to the OP (as always) whether to follow this advice or try to act on their own.

IMHO, the fact that a tool may be aggressive is not a reason to say that it has no usefulness.

Just my two cents worth.

Best wishes.

Allen

P.S. I will be happy to add something to my procedure if you feel that I am not being clear enough.

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos2

Re: What is Norton Power Eraser?

The original intent of this post was to request an explanation of Norton Power Eraser. The second question was "should it be used just to see if it detects anything".

Both of these questions were answered with the appropriate warnings that Norton Power Eraser is a last-resort, aggressive tool that should only be used under extreme circumstances.

It was also stated clearly that this is not a routine maintenance tool.

I do not recall anyone saying "give it a shot and see if it works".  Certainly no one who has tested the tool would consider suggesting that.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: What is Norton Power Eraser?

Well here we have a threat that was solved by the appropriate use of "Add/Remove" instead of the recommended NPE.

http://community.norton.com/t5/Norton-Internet-Security-Norton/web-page-called-bardiscover-com-keeps-popping-up/m-p/247159#M117487

There needs to be some policies in place as the tool is readily available on the website and the information is confusing on the forum.  Some posters, like AllenM provides appropriate warnings.  Others do not.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: What is Norton Power Eraser?


Phil_D wrote:

I do not recall anyone saying "give it a shot and see if it works".  Certainly no one who has tested the tool would consider suggesting that.


Not those exact words but I have seen the likes of just

"You can also try Norton Power Eraser tool mentioned in this page:"       "Let us know the results"    That's it.

Or  Download Norton Power Eraser and see if it finds anything.

That's close to "give it a shot and see if it works"

Maybe I should have just let the rumour continue about NPE being able to fix successfully TDL3 (+) let someone tell a user to use NPE and fix atapi.sys to remove TDL.

That would be some good lesson and readers to see the outcome for themselves.

I am glad to see people on this for asking help with Malware has gone down, I see they are still appearing on specialist Malware Removal Boards like Bleeping with Norton detecting malware that can't be removed. But they are in the right place.

Quads

Kudos1

Re: What is Norton Power Eraser?

Hi Delph,

Bardiscover is an adware infection. Due to the minor nature of the infection, add/remove was able to get rid of it.

Do you doubt that NPE could have accomplished this as well?

For me personally, I have a TEST laptop and I will happily infect it with the same malware in question (if possible) to ensure that NPE does the right thing. I have done this with quite a number of infections already, just so you know.

I have a test laptop for this very purpose as well as to test BETA software in general. By the way, NPE is not a BETA, I just mentioned this to say that I use my laptop for a variety of purposes and that is to TEST.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: What is Norton Power Eraser?

As Phil said:

Both of these questions were answered with the appropriate warnings that Norton Power Eraser is a last-resort, aggressive tool that should only be used under extreme circumstances.

I am just concerned that this is not what I am seeing.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1

Re: What is Norton Power Eraser?

"Bardiscover is an adware infection. Due to the minor nature of the infection, add/remove was able to get rid of it.

 Do you doubt that NPE could have accomplished this as well?"

NPE may or may not be able to remove the files involved, as well as listing other entries also.  But the Safer option in this case was to uninstall via add/remove.

Oh and other programs can remove it also like Combofix and OTL  but add \remove is safest way, without going straight to the deep end.

Like for instance a piece of Malware can be removed by Combofix and MBAM / SAS, then use MBAM or SAS.

And I have tried NPE with 4 different Bootkits ( Mebroot, Mebratix, alipop and Whistler)  and it didn't detect or remove any of them.

Quads

Kudos0

Re: What is Norton Power Eraser?

I have seen some messages about using Norton Power Eraser if malware got by Norton. What is Norton Power eraser and why would Norton power eraser find a risk if NIS didn't???

and also should I download and run it if i am not having any problems just to see if it detects anything?

Thanks Kevin

Kudos0

Re: What is Norton Power Eraser?


Quads wrote:

"Bardiscover is an adware infection. Due to the minor nature of the infection, add/remove was able to get rid of it.

 Do you doubt that NPE could have accomplished this as well?"

And I have tried NPE with 4 different Bootkits ( Mebroot, Mebratix, alipop and Whistler)  and it didn't detect or remove any of them.

Quads


Hi Quads,

The question is whether NPE could have done the same thing or not. We're splittiing hairs here.

As far as Mebroot goes, NO NPE was NOT able to detect it but NBRT DID detect AND remove it. You know as well as I do that rootkit detection is questionable at best when Windows is running..

I also infected my TEST laptop with Mebroot and NBRT detected and removed it successfully with NO side affects.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: What is Norton Power Eraser?

"You know as well as I do that rootkit detection is questionable at best when Windows is running."

Maybe for you,  

But not for me and what I can do, tools I have, then be able to remove them also, that way I don't need to worry about separate test machines. 

So "rootkit (bootkit) detection is questionable at best when Windows is running"  Not on my PC I can detect them with Windows running, questionable at best is NOT good enough for me.

Quads

Kudos2

Re: What is Norton Power Eraser?


Quads wrote:

"You know as well as I do that rootkit detection is questionable at best when Windows is running."

Maybe for you,  

But not for me and what I can do, tools I have, then be able to remove them also, that way I don't need to worry about separate test machines. 

So "rootkit (bootkit) detection is questionable at best when Windows is running"  Not on my PC I can detect them with Windows running, questionable at best is NOT good enough for me.

Quads


HI Quads,

My last response on the issue. The only important thing is that the infection is found and properly eliminated and whether that is done via a tool run within Windows or through an ofline tool is immaterial.

A properly eliminated infection is just that, properly eliminated.

I am sure you won't disagree with that statement. In either case I am not going to continue debating this in this manner.

No one questions your expertise in malware removal Quads.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos1

Re: What is Norton Power Eraser?

Allen,

Although I was answering your message my comments related much more to the general situation, and as you so clearly expressed in your next message the sad fact that many users are not able to make an informed decision because they don't, through no fault of their own, have the experience or the training in a very specialized area.

If I were to suggest adding anything to your boilerplate it would only only be to back up personal files since it is not always safe to rely on System Restore to mend a broken window ......

I would put that immediately after your initial red warning and include the advice always to make a backup to elsewhere than the main drive inside the computer and to be aware that this is a fallback safeguard since the backup might be infected.

Hugh
Kudos2

Re: What is Norton Power Eraser?

I think the pros and cons of NPE have been well discussed but one point has been missed, users should first try detection and remediation using NBRT (Norton Bootable Recovery Tool). It is safer and better able to handle rootkit detections than NPE.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: What is Norton Power Eraser?

Hi Reese,

Very true. I had mentioned in an earlier post to Quads that I infected my test laptop with Mebroot and the NBRT was able to handle it with no problems.

In general terms of course NBRT has a better chance of detection than the normal anti-virus software because NBRT is running offline before the malware has had a chance to run and the fact that you are booting from a non-infected media.

Your point is well taken and thanks.

Thanks

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos1

Re: What is Norton Power Eraser?

Major drawback with NBRT is the size, and if the PC is able to burn the .iso or is the Malware causing havoc with that also.

Quads

Kudos0

Re: What is Norton Power Eraser?

Hi Quads,

I think it is prudent to recommend that NBRT be downloaded and burned to a CD or flash drive from a non-infected computer if possible.

If another computer is not available then of course we make do with what we have.

Speaking of NBRT, have you messed with the new version which should become the default one by the time that NIS 2011 is released? The new version makes burning to a CD or flash really, really easy. It is all streamlined and handled by the NBRT installer.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: What is Norton Power Eraser?

"Speaking of NBRT, have you messed with the new version"

Don't need it for even Rootkits and Bootkits

2 Bootkit repair programs I have are

1st = 500kb

2nd = 54kb

Just had a laugh to myself thinking   "scanned with NBRT detected "Backdoor.Tidserv!inf" "Manual removal required""

Quads

Kudos0

Re: What is Norton Power Eraser?

Hi Reese,

I just thought of another question regarding NBRT. With the current released version, it is many times necessary to add a driver to the CD so that the network is available for downloading new definitions. This procedure is pretty cumbersome for the less experienced user.

I will be very happy when the new version gets released!

How often is the NBRT ISO updated in terms of definitions? From my recollection when I downloaded the latest version the other day, the definitions were still from October, 2009.

Thanks very much

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Kudos0

Re: What is Norton Power Eraser?


AllenM wrote:

Hi Reese,

I just thought of another question regarding NBRT. With the current released version, it is many times necessary to add a driver to the CD so that the network is available for downloading new definitions. This procedure is pretty cumbersome for the less experienced user.

How often is the NBRT ISO updated in terms of definitions? From my recollection when I downloaded the latest version the other day, the definitions were still from October, 2009.

Thanks very much

Allen


I'm sorry, but I don't have the answer to that question -- I primarily focus on network/firewall stuff. As you pointed out, the Beta version makes updating much easier.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos1

Re: What is Norton Power Eraser?

The ISO definitions are only updated when the ISO image is released (so the first time it is released).  Would be nice if the "wizard" install of the new NBRT would automatically download the latest definitions to include with the burned disk (definitions should be seperate not part of the image).

Win7 x32 SP1
Kudos0

Re: What is Norton Power Eraser?

Hi Dbrisendine,

No disagreement here. I only asked the question because the process of creating a custom CD including the network drivers (if the default does not work on a particular computer) is a bit tedious and not the easiest thing for the average computer user.

Soon this will almost be a moot point since the new version of NBRT now in BETA has made this whole process so much easier.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19
Accepted Solution
Kudos3

Re: What is Norton Power Eraser?

Hi Kevin,

Norton Power Eraser is a pretty aggressive tool designed to find malware which might have slipped through the radar of your primary anti-virus/auto-protect software. It is more aggressive than MalwareBytes and should not be used for routine scanning of your system.

This should be used with guidance from senior forum members, Symantec staff or those familiar with its usage and only if malware is suspected to be present on your computer.

Because it is somewhat aggressive there is always the possibilty that it could have a false positive so care should be exercised to examine anything it finds before choosing to have it resolved.

Hope this helps.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.5.0.19 * Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.5.0.19

Replies are locked for this thread.