• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

6 unidentified items on NPE

Hello,

I was scrolling around userbenchmark.com, then I notice that the site blacklisted my IP address under the activity code (19). I was not sure what the code was, so i googled it. Did not found nothing, so I decided to run Norton Power Eraser and it found 6 unidentified items. They are listed below. I am not sure if those items are linked with the blacklist or not.

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Management\(numbers and letters)\System.Management.ni.dll

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Transactions\(numbers and letters)\System.Transactions.ni.dll

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Window.Forms\(numbers and letters)\System.Windows.Forms.ni.dll

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xaml\(number and letters)\System.Xaml.ni.dll

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\(numbers and letters)\System.Xml.Linq.ni.dll

C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xml\(numbers and letters)\System.Xml.ni.dll

NPE claims that the developers is Microsoft. The first, second, third, fifth and sixth items are version 4.7.3056.0, built by: NET472REL1, while the fourth item is version 4.7.3160.0, built by: NET472REL1LAST_C. I was wondering if this a Malware\Trojan\Virus and that I should remove them or if this is authenticated by Microsoft.

Thanks

PS. I used (numbers and letters) to save my time. If they are relevant to the problem, i would send them in.

Replies

Kudos0

Re: 6 unidentified items on NPE

for example:  FWIW ~ YMMV

File: System.Management.ni.dll
File size: 1.36 MB (1,427,456 bytes)
MD5 checksum: 78E524F74116D7A29269E5E33C6B2674
SHA1 checksum: 3D5D3746A4C5075BFA42661C50688DED2F0CEF82
SHA256 checksum: D39B73C0251D6F8EBE20C533E9BA537AE89A7F2735EDF2EAEA6DC9476F0B5965


The NPE is a very aggressive scanner that was designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan.  The NPE is prone to false positive detections and can sometimes remove important system files and registry entries (see Larry_A's thread Ran NPE and Now Computer Won't Boot to Windows for one example), and users in this forum generally advise against using this tool for routine scanning.  From the main Norton Power Eraser Tutorials page:

"Norton Power Eraser uses aggressive methods to detect threats, and there is a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files."

https://community.norton.com/en/comment/7944441#comment-7944441 

Kudos0

Re: 6 unidentified items on NPE

for example: FWIW ~ YMMV

File: System.Xaml.ni.dll
File size: 2.41 MB (2,530,304 bytes)
MD5 checksum: 36AD1D6C4024784C48A41C4815F71B6F
SHA1 checksum: 21CA93ABE7363135934BBCEB5E2864CF8F3C1A43
SHA256 checksum: 22A2897F6EADF392FEBC41167418C435899B846A9889A589D3CAAE47A8A2D537

 JLangille: I was wondering if this a Malware\Trojan\Virus and that I should remove them [..]

I would not take any action solely based upon NPE scan results.  

From the main Norton Power Eraser Tutorials page:
"Norton Power Eraser uses aggressive methods to detect threats, and there is a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files."


One thing to keep in mind is that NPE does not positively detect known malware - that is the job of your regular Norton Security product.  NPE instead looks for files that might warrant investigation if you suspect that you are infected and regular scans come up clean.  NPE will flag many legitimate files, so never assume that what NPE finds is truly malicious.

https://community.norton.com/en/comment/7975311#comment-7975311 

Kudos0

Re: 6 unidentified items on NPE

How to post an image in the forums.
https://community.norton.com/en/forums/how-post-image-forums-0

For second opinion choose File &/or Search hash at VirusTotal.

MD5 Checksum Tool
https://www.novirusthanks.org/products/md5-checksum-tool/

Kudos0

Re: 6 unidentified items on NPE

I did not take any action since the files may not be malicious.

Kudos0

Re: 6 unidentified items on NPE

Update and run Full Scan with your regular Norton Security product.

For second opinion choose File &/or Search hash at VirusTotal.

Kudos0

Re: 6 unidentified items on NPE

To find why the site is blocking you, you should use the Contact information on that website and ask their support people.

The detected files seem to be related to the .Net Framework within Windows.  See this post from StackOverflow.  https://stackoverflow.com/questions/3693689/what-are-those-stuff-in-c-wi...

The .NET Framework has a set of common libraries that can be used by any application which executes under the control of the .NET Framework and the C:\Windows\Assembly folder is where these common libraries are stored.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: 6 unidentified items on NPE

Hello

I would recommend that you bring your computer to one of the free malware removal sites.  You pick one site and an expert will work with you to fix your computer if there is any malware present. An expert will also help you to see if your computer is clean or infected by giving you tests to run and you give them the results. It does look like Microsoft Net Framework. There is currently a Windows update which is optional for Windows  7. I don't know if those files are related  to that or not. I'm not an expert. Please check out this link for some safe, free malware removal sites.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users who unfortunately has passed away. That site is still being run by a good expert who happens to be one of the other Gurus.  The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Have a Good Night and

Thanks.




 

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 270 I E 11 Chrome latest one

This thread is closed from further comment. Please visit the forum to start a new thread.