Computer held hostage? Try Norton Power Eraser
Bridging the Gap
Norton Power Eraser is the latest Norton Recovery tool. It is being released at the same time as Norton Internet Security and Norton Antivirus 2011. The tool is aimed at detection and clean-up of “0-day” threats (0-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.)
There is special focus on ”Fake AV” (aka ”Rogueware” or ”Crimeware”). Fake AV is a rogue piece of software that pretends to be security software and tempts the user to pay for worthless software; even worse it can install additional malware on the system and claim the system is clean.
Many users still do not use antivirus software, or they use software that is not updated or effective. As a result, their systems can become infected with malware that is extremely difficult to remove. Worse, malware authors routinely attempt to evade or disable security programs. Many will prevent these programs from even installing. For all these reasons, users who end up with an infected computer often need more aggressive techniques to handle detection and remediation.
It was with this vision that Norton Power Eraser (NPE) was created. So far we have been very successful in delivering on that vision. In the first three months of limited release of the tool, the tool has been 80% effective against never-seen-before Fake AV programs, and in our internal tests, the tool has been working about 53% better than the nearest competitor.
Norton Power Eraser downloads and runs quickly and is free for anyone to use.
Running a Scan
Norton Power Eraser is a single executable that can be downloaded from the Symantec Web site and is extremely simple to use – just accept the End User License Agreement and you are ready to scan.
Norton Power Eraser uses aggressive engine heuristics and Symantec’s Reputation technology to discover risks and identify potentially dangerous items. In the Scan Complete screen, the results of this scan appear in the Local Scan column. Files that are found to be threats are flagged as Bad and files that are a potential problem are flagged as Suspicious. Norton always recommends that you remove files that are flagged as Bad if you know that you are infected.
To further assist you in identifying if a suspicious file is a threat, an option called Remote Scan is available for files flagged by the Local Scan. This is an advanced feature that performs a full scan on a file by sending it to the Symantec servers. Remote Scan provides Norton Power Eraser with access to our traditional Signature-based detection engines to increase effectiveness.
Both Local Scan and Remote Scan can identify malicious files. Note that both the scans run independently and if either scan flags a file as Bad, then the file should probably be removed.
Feeling the Power
Given its aggressive nature, Norton Power Eraser ultimately requires you to make the final decision on whether or not to remove an item. Norton Power Eraser does provide recommendations on whether or not to fix items identified on the Scan Complete screen. The results appear under two sections, Detected and Suspected.
The Detected section shows items that Norton Power Eraser considers risks, recommending that they be removed (“Fix” checkbox checked). The Suspected section shows items that require further review. A Remote Scan on items marked Suspicious can help determine if they are malicious. If the Remote Scan deems the file to be Bad, the item will be moved to the Detected section with the “Fix” checkbox automatically checked.
In addition to Remote Scan, to retrieve additional information on a file simply click the file name under the Detected or Suspected sections to open the File Insight screen for that file. File Insight provides valuable information like the Prevalence, Age, and Norton Trust rating for that file – very valuable information to help you make a decision.
The recommended action of Norton Power Eraser can be tabulated as follows:
Local Scan
Remote Scan
Recommendation
Bad
Bad
Fix
Bad
Not a Known Threat
Fix
Suspicious
Bad
Fix
Suspicious
Not a Known Threat
Further Analysis needed
Should you remove a file in error, the tool comes with safeguards, such as creating System Restore Points and enabling review and undo of previous actions.
Summary
Norton Power Eraser is a last-resort, extremely powerful tool to assist in the detection and clean-up of 0-day risks with special focus on Fake AV. If a program has hijacked your computer and is holding you hostage, try Norton Power Eraser. Once again, Symantec widens the gap with the competition by delivering a unique cutting-edge tool.
Key Terms
Local Scan
Displays results of the aggressive heuristic engine supported by Symantec’s Reputation technology.
Remote Scan
Sends the file to the Symantec servers for a signature-based scan.
Detected
Items for which Symantec recommends removal.
Suspected
Items for which Symantec recommends further review and a Remote Scan.
© 2023 NortonLifeLock Inc. All rights reserved.
コメント
1. The problem I see is that in the case of an infected system file, it is clearly recognized as infected, It is going to be noted as "Bad, Bad, Fix." Since "Fix" means delete, the machine becomes unbootable. Here it killed services.exe
http://community.norton.com/t5/Norton-Internet-Security-Norton/Can-t-remove-Infostealer/m-p/269009/highlight/true#M122030
Here it killed winlogon.exe
http://community.norton.com/t5/Other-Norton-Products/Norton-Power-Eraser/m-p/287902/highlight/true#M26667
Here it killed the Intel Processor Manager.
http://community.norton.com/t5/Tech-Outpost/TDSSkiller-TDL4/m-p/243067/highlight/true#M1214
Here it killed another critical driver causing a BSOD.
http://community.norton.com/t5/Norton-Internet-Security-Norton/Infected-w-search-engine-hijack-virus-downloaded-Norton-Power/m-p/286586/highlight/true#M125683
Hmm, took out the LAN here.
http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Antivirus-Email-Error/m-p/263313/highlight/true#M120854
At least, don't call it "Fix." Call it what it is, "Delete." Calling it anything else and marketing it as the latest great repair tool is irresponsible.
I cannot uninstall or delete Mighty Magoo from my computer. Will Norton Power Eraser resolve this problem for me?
Bridging the Gap
Norton Power Eraser is the latest Norton Recovery tool. It is being released at the same time as Norton Internet Security and Norton Antivirus 2011. The tool is aimed at detection and clean-up of “0-day” threats (0-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.)
There is special focus on ”Fake AV” (aka ”Rogueware” or ”Crimeware”). Fake AV is a rogue piece of software that pretends to be security software and tempts the user to pay for worthless software; even worse it can install additional malware on the system and claim the system is clean.
Many users still do not use antivirus software, or they use software that is not updated or effective. As a result, their systems can become infected with malware that is extremely difficult to remove. Worse, malware authors routinely attempt to evade or disable security programs. Many will prevent these programs from even installing. For all these reasons, users who end up with an infected computer often need more aggressive techniques to handle detection and remediation.
It was with this vision that Norton Power Eraser (NPE) was created. So far we have been very successful in delivering on that vision. In the first three months of limited release of the tool, the tool has been 80% effective against never-seen-before Fake AV programs, and in our internal tests, the tool has been working about 53% better than the nearest competitor.
Norton Power Eraser downloads and runs quickly and is free for anyone to use.
Running a Scan
Norton Power Eraser is a single executable that can be downloaded from the Symantec Web site and is extremely simple to use – just accept the End User License Agreement and you are ready to scan.
Norton Power Eraser uses aggressive engine heuristics and Symantec’s Reputation technology to discover risks and identify potentially dangerous items. In the Scan Complete screen, the results of this scan appear in the Local Scan column. Files that are found to be threats are flagged as Bad and files that are a potential problem are flagged as Suspicious. Norton always recommends that you remove files that are flagged as Bad if you know that you are infected.
To further assist you in identifying if a suspicious file is a threat, an option called Remote Scan is available for files flagged by the Local Scan. This is an advanced feature that performs a full scan on a file by sending it to the Symantec servers. Remote Scan provides Norton Power Eraser with access to our traditional Signature-based detection engines to increase effectiveness.
Both Local Scan and Remote Scan can identify malicious files. Note that both the scans run independently and if either scan flags a file as Bad, then the file should probably be removed.
Feeling the Power
Given its aggressive nature, Norton Power Eraser ultimately requires you to make the final decision on whether or not to remove an item. Norton Power Eraser does provide recommendations on whether or not to fix items identified on the Scan Complete screen. The results appear under two sections, Detected and Suspected.
The Detected section shows items that Norton Power Eraser considers risks, recommending that they be removed (“Fix” checkbox checked). The Suspected section shows items that require further review. A Remote Scan on items marked Suspicious can help determine if they are malicious. If the Remote Scan deems the file to be Bad, the item will be moved to the Detected section with the “Fix” checkbox automatically checked.
In addition to Remote Scan, to retrieve additional information on a file simply click the file name under the Detected or Suspected sections to open the File Insight screen for that file. File Insight provides valuable information like the Prevalence, Age, and Norton Trust rating for that file – very valuable information to help you make a decision.
The recommended action of Norton Power Eraser can be tabulated as follows:
Local Scan
Remote Scan
Recommendation
Bad
Bad
Fix
Bad
Not a Known Threat
Fix
Suspicious
Bad
Fix
Suspicious
Not a Known Threat
Further Analysis needed
Should you remove a file in error, the tool comes with safeguards, such as creating System Restore Points and enabling review and undo of previous actions.
Summary
Norton Power Eraser is a last-resort, extremely powerful tool to assist in the detection and clean-up of 0-day risks with special focus on Fake AV. If a program has hijacked your computer and is holding you hostage, try Norton Power Eraser. Once again, Symantec widens the gap with the competition by delivering a unique cutting-edge tool.
Key Terms
Local Scan
Displays results of the aggressive heuristic engine supported by Symantec’s Reputation technology.
Remote Scan
Sends the file to the Symantec servers for a signature-based scan.
Detected
Items for which Symantec recommends removal.
Suspected
Items for which Symantec recommends further review and a Remote Scan.
Back to Top
I tried to use this tool. Unfortunately it does not run without being connected to the internet. I entered safe mode on my laptop with network support because the security issue I am having is propagating when connected. Is there an offline version I can run?
Nice to see a good, concise and well laid out explanation of the tool and its use.
Norton Power Eraser is a very powerful tool. For this reason, it should be considered as one of the last things you try, rather than one of the first. There is a danger of false positives, or identification of system files that should not be removed.
There is an uninstaller provided by Mighty Magoo. The website tests as safe by Norton Safe Web, and as well there is a place to phone if you are having difficulty. That is always the first line of attack.
http://mightymagoo.com/deactivate.html
Hello Hamburgler,
NPE should run correctly in Safe Mode with Networking. Would you want to try that out?
Another offline option I would recommend is running NBRT as a recovery mechanism (it does require a valid Norton Key). http://security.symantec.com/nbrt/nbrt.asp?lcid=1033&serviceid=2&pname=nis&pversion=na&origin=stmnu&env=production&layout=esd&osver=6.1&vendorid=na&ispid=na
Due the type of threats that NPE attacks & the technology used, there is no offline version available. A lot of the Fake AV products would actually want you to stay online so that they can make money etc.