Not what you were looking for? Ask our experts!
Reply
Newbie
wavetyler
Posts: 1
Registered: ‎09-10-2010

Norton Power Eraser

I'm EXTREMELY unsure as to what analysis is being used to determine files that "might" need to be fixed.  My brother ran this program on his laptop thinking it would help.  NPE came up with winLogon.exe as something that needed to be fixed.  Knowing that viruses can hide in there he clicked fix...and NPE "removed" the file.  Hopefully you are aware of what happens to windows when you remove  winlogon.exe and you reboot, the system doesn't work.  Failure BSOD on each boot.

 

Luckily, I am able to fix things like this, or he would have had to take it in somewhere and pay to have it repaired.  Perhaps your tool should be more informative on why its found a file and marked it to be fixed, or perhaps explain to the user what the file is for if its a windows process file.

 

 

 

delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Power Eraser

There is a serious infection going the rounds at the moment that does infect the winlogon.exe among other ,exe files.  Many of these types of antiviral programs are dangerous to use for the average user.  Combofix, Avenger, and Hijackthis can have serious consequences for the user's machine.  It is better to get assistance with an infection rather than start with the programs that carry warnings and cautions regarding their use.  If your brother will still require assistance, these free malware removal sites can assist him in cleaning his machine safely.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: Norton Power Eraser

[ Edited ]

HI wavetyler,

 

Do you happen to know what version of NPE your brother ran? Can you find out?

 

The "winlogon.exe" should not have been checked by default for remediation though it might have been listed in the bottom section of the NPE results window.

 

For any file which represents a windows file if you check the "fix" box a warning message should pop up which includes the following.

 

8672i1C8234C9617334E9

 

I have asked Symantec to make the wording of this warning message much stronger for these types of files and to remove the "Dont show this message again" checkbox. There should not (for obvious reasons) be a checkbox for something this critical.

 

Thanks very much and I'm happy that you were able to get the computer working again.

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
Super Phishing Phryer
DaveH
Posts: 5,524
Registered: ‎01-06-2010

Re: Norton Power Eraser

There should be a way to "undo" any NPE fixes using the NBRT.

An infected system that boots is better than an infected system that can't boot.

AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: Norton Power Eraser


DaveH wrote:

There should be a way to "undo" any NPE fixes using the NBRT.

An infected system that boots is better than an infected system that can't boot.


Hi Dave,

 

Exactly my point. And I do want to see some stronger wording for these types of files.

 

Best wishes.

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Power Eraser

What bothers me is that the NPE has access to the internet.  It should be able to properly identify infected files. In this particular situation, I have no doubt that the file was correctly identified as malicious, but the warning should have read that "This file is malicious, but removal may damage the operating system.  Manual removal is recommended"

 

Also, since the NPE has access to the net, why not make it able to access a data base of system files available for copying and replacing infected system files.  In this instance, simply replacing winlogon.exe and what I suspect was also iexplore.exe, wouldn't solve the problem but we don't know what all was fixed successfully.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Super Phishing Phryer
DaveH
Posts: 5,524
Registered: ‎01-06-2010

Re: Norton Power Eraser

When I tried the NBRT it seemed to me that they went to extra lengths to remove any of the WinPE functions not necessary to strictly run the recovery tool. Maybe I'm mistaken but I don't even remember a command line?

 

A basic explorer interface to be able to replace a file or copy and paste important data to another drive would be very helpfull.

If a person needs to use a bootable tool, it may be because there system doesn't boot.   Since the person using the tool owns a current symantec product, why not give that person basic tools to recover important data and possibly fix the system.

It should go a lot farther than just scanning for viruses IMO.

AllenM
Posts: 10,222
Topics: 221
Kudos: 2,151
Solutions: 377
Registered: ‎12-14-2008

Re: Norton Power Eraser

[ Edited ]

I have already submitted certain suggestions to Symantec. :smileywink:

 

Dave, why don't you submit some ideas to the Norton Ideas Forum?

 

Allen

Windows 7 Ultimate SP 1, 32 bit, 4 GB * NIS 2012 (19.8.0.14) * Ghost 15 * IE 9, Firefox, Safari.
Test laptop with W7 Home Premium 64 bit * NIS 2012 (19.8.0.14)
delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Power Eraser

How hard would it be to make the connections in one of these tools to tie into the chckdsk /f function of Windows, or sfc /scannow to locate replacement files. I am not a programmer so I may be way out in left field, but it seems to me that with todays rootkit infections a simple deletion of malware is seriously behind the times as well as dangerous.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Super Phishing Phryer
DaveH
Posts: 5,524
Registered: ‎01-06-2010

Re: Norton Power Eraser


AllenM wrote:

I have already submitted certain suggestions to Symantec. :smileywink:

 

Dave, why don't you submit some ideas to the Norton Ideas Forum?

 

Allen


 

To tell you the truth, I been meaning to for quite a while but I never seem to get around to it.

I had some great ideas for Ghost 16, if they could be easily implemented it would make it a much better product IMO.

 

 

BTW- There is a command line in the NBRT. It's the only other tool in the program.

But sadly, not many people are familiar with using the command line. (These kids today)