• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Power Eraser: inconsistent behaviour

Last few times I ran NPE it gave me several reports I never had before, and which puzzle me.

First strange thing: after the restart it asked me (again) if I would want the run the file NPE.exe, instead of the usual NPE progress screen showing it is already doing its thing. After a few reruns that is now gone.

Next it told me that "NPE has succesfully restored internet connection. Host file and NPE proxy settings may have been modified." After a few reruns that is now gone too.

Subsequently, it reported two files as bad: bhdrvx64. sys and idsvia64.sys. It recommended to delete them (which NPE would do for me at the next restart); I accepted, my pc restarted and I got the message from NPE it failed to delete. Nevertheless it was the last of that. New NPE runs told me all was fine and no threats were found.

Today I ran NPE again. And now it told me the same (reporting them as bad and/or suspicious) about the following files: PortRoyale.exe and MasterSplitter.exe  These files are legit and official, but I nevertheless deleted/uninstalled them. And again after rerunning NPE, it reported that no threats were found. I am wondering if I am facing a buggy version of NPE of perhaps a damaged Windows?

But most of all I want to know if my Root sector is free of bad stuff. Can I still trust NPE on this when it gives these strange file reports? Also I want to know that when NPE checks the root sector, does it only check the root sector of the hard drive containing Windows or also the root sectors of any other hard drives I have installed? (I have three hard drives.)

Normally I do a new Windows installation once a year (which should take care of any residing bad things, because of the formatting of the primary partition), and that is now overdue for some time. So, my only real worry at the moment is the integrity of my root sector. I know what do to if it is infected, but that takes a lot of extra work. So, it would be nice to know that I could still trust NPE on that, set aside its inconsistent file reports.

To be clear: over the last few years I ran NPE, I never before had this behaviour.


System: Windows 7 Ultimate with Norton Antivirus 21.3.0.12 and NPE 4.3.0.13

Replies

Kudos0

Re: Norton Power Eraser: inconsistent behaviour

Last few times I ran NPE it gave me several reports I never had before, and which puzzle me.

First strange thing: after the restart it asked me (again) if I would want the run the file NPE.exe, instead of the usual NPE progress screen showing it is already doing its thing. After a few reruns that is now gone.

Next it told me that "NPE has succesfully restored internet connection. Host file and NPE proxy settings may have been modified." After a few reruns that is now gone too.

Subsequently, it reported two files as bad: bhdrvx64. sys and idsvia64.sys. It recommended to delete them (which NPE would do for me at the next restart); I accepted, my pc restarted and I got the message from NPE it failed to delete. Nevertheless it was the last of that. New NPE runs told me all was fine and no threats were found.

Today I ran NPE again. And now it told me the same (reporting them as bad and/or suspicious) about the following files: PortRoyale.exe and MasterSplitter.exe  These files are legit and official, but I nevertheless deleted/uninstalled them. And again after rerunning NPE, it reported that no threats were found. I am wondering if I am facing a buggy version of NPE of perhaps a damaged Windows?

But most of all I want to know if my Root sector is free of bad stuff. Can I still trust NPE on this when it gives these strange file reports? Also I want to know that when NPE checks the root sector, does it only check the root sector of the hard drive containing Windows or also the root sectors of any other hard drives I have installed? (I have three hard drives.)

Normally I do a new Windows installation once a year (which should take care of any residing bad things, because of the formatting of the primary partition), and that is now overdue for some time. So, my only real worry at the moment is the integrity of my root sector. I know what do to if it is infected, but that takes a lot of extra work. So, it would be nice to know that I could still trust NPE on that, set aside its inconsistent file reports.

To be clear: over the last few years I ran NPE, I never before had this behaviour.


System: Windows 7 Ultimate with Norton Antivirus 21.3.0.12 and NPE 4.3.0.13

Accepted Solution
Kudos1 Stats

Re: Norton Power Eraser: inconsistent behaviour

NPE gets updated occasionally to help handle different threats or to make the operation better. This could explain why you are seeing different behaviours from the past.

It sounds like you do seem to have a handle on how Windows works, but it is not recommended to run NPE unless normal scans with NIS/NAV/360 show there is a problem that they cannot handle. NPE can actually flag a critical Windows System file for deletion, and if the user does not know what the file is and allows NPE to remove it, the system can become unbootable.

An example of that is the driver files that were found by one of your scans. If you understand what they are, you know whether it is safe to remove them, or if they are false positives from the NPE scan.

I'll leave your root sector questions to those with experience in that area.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton Power Eraser: inconsistent behaviour

Thx for your answer, Peter.

That NPE can give false positives, was new to me. That would explain it. Because those files were all present during several previous versions of NPE I ran over the last 18 months. And then they were never considered to be a problem and/or suspicious. Btw: it is not that I run NPE all the time; only once every 2 or 3 months. Just to be on the safe side and to make sure NAV has not missed anything. 

What I mean in my first post with "root sector", is ofcourse the boot sector (a.k.a. master boot record) of the hard drive.

Should be obvious, but it cannot hurt to clearify.

I hope someone can tell me if NPE (or NAV for that matter) scans the boot sector of all hard drives that are present, or only the one containing the Windows installation.

Kudos0

Re: Norton Power Eraser: inconsistent behaviour

AFAIK

The only boot sector that is ever accessed is on the Boot drive. Unless you dual boot from a separate physical hard drive, the other boot sectors should not be used.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton Power Eraser: inconsistent behaviour

Thx for the reply, Peter.

Although your answer is not wrong as such, it is not an answer to my question. For a correct start up of the computer the boot sector of the hard drive containing the Windows installation, needs to be accessed ofcourse.

But every hard drive has a boot sector of its own, and it contains basic info about the hard drive (the number and size of partitions, for example). And during the bios phase of the start up, one can see that the bios performs a basic check on all hard drives to see if they are oke. It can do that only through the boot sector of that particular hard drive. But you are right when you say that the boot sector of the hard drive containing the Windows installation is the essential one.

I know some about this, beacuse I had a boot sector infection some years ago (which made me say goodbye to the free antivirus program and switch to my current NAV). My system then had two hard drives and both boot sectors were infected. So, it seems only logical that a scan by anti-virus software should be able to scan more than the boot sector of one hard drive. Now I only want a confirmation of that assumption.

But we are getting away from my original question, which you already answered in your first reply.
For my boot sector question I will search the forums, and if I cannot find an answer, I will make a seperate thread for it.

Thx again.

Kudos0

Re: Norton Power Eraser: inconsistent behaviour

I stand corrected on my comments on the boot sector. I should have googled before answering.  

 

Here is an older post, but i cannot see protection going backward and not protecting you.

https://www.symantec.com/region/can/eng/press/1998/n980121.html

I'll leave it to  others that know better to answer more definitively.

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.