EraserUtilDrv1120.sys

This has been thrown up by my recently installed pc checker (Amigo 360). It is apparently located C:\Program Files\Common Files\Symantec Shared\EENGINE. Just wondering if it is a genuine part of Norton AV or something I should be wary of/delete.

 

Cheers

Hi turboturnip:

 

Welcome to the Norton community.

 

I use NIS v. 20.4.0.40 and have a similar file named C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys.  If you browse to the EraserUtilDrv1120.sys file while in Windows Explorer and right-click to view the file properties, do the details show that the file is digitally signed by Symantec?

 

NIS 2013 Symantec Eraser Engine.jpg

 

 

I'm not certain, but I believe that Symantec's Eraser Engine is responsible for quarantining or deleting malware detected by your Norton product.  Please see SendOfJive's post here for additional information about the Symantec Eraser Service.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 25.0.1 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi Imacri

 

thanks for the info. Have just checked and am not getting the same message from Amigo360. Have also checked explorer and the file is not where you suggested it should be - the only file in EENGINE is eeCtrl.sys.

 

Removed BrowserGuard yesterday and also tried to remove MDM.exe, so if it was linked to either of these it might have been deleted. Searched explorer for the file and nothing found.

 

Oh well,will just have to see if it returns.


turboturnip wrote:

 

This has been thrown up by my recently installed pc checker (Amigo 360). It is apparently located C:\Program Files\Common Files\Symantec Shared\EENGINE.


Hi turboturnip:

 

Post back and let us know you Windows OS, what Norton product you're using (e.g., Norton AntiVirus, Norton Internet Security, Norton 360) and the version number which can be found at Support | About.  The latest version is currently v. 21.1.0.18.  Someone with the same software should be able to tell you if they can find a file called EraserUtilDrv1120.sys located at C:\Program Files\Common Files\Symantec Shared\EENGINE.

 

I'd also suggest that you run an online diagnostic of your Norton product at Support | Get Support to see if AutoFix can detect a problem and possibly repair your installation.  If this EraserUtilDrv1120.sys file is a shared component of the Eraser Engine responsible for removal of malware by your real-time AntiVirus [i.e., rather than the standalone Norton Power Eraser (NPE) utility] then Amigo360 might have accidently corrupted your Norton installation.  I wouldn't advise that you wait until the first time malware tries to infect your system to see if your Eraser Engine is working properly.

 

If you are concerned that your Norton installation was corrupted, the Norton Remove and Reinstall (NRnR) utility is a relatively simple way to reinstall the latest v. 21.x (2014) of your product.

 

If you're looking for a free PC optimization and cleanup utility to replace Amigo360, I'd also suggest that you try Piriform's CCleaner.  Many users in the Norton forum, including myself, recommended this tool.

-----------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * CCleaner 4.08.4428
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi Imacri

 

Thanks again and apologies for not responding before. Very little time before Xmas and away for a few days over Xmas.

 

The Widows OS is XP. The version of Symantec I am using is Symantec AV Corporate Edition (as I worked at a University until recently) - so I don't have a CD. The prog version is 10.0.0.359.

 

Interestingly, shortly after posting my original enquiry EraserUtilDrv1120.sys did not show up any more on the Amigo 360 checker but I have also now uninstalled the latter. The only file in C:\Program Files\Common Files\Symantec Shared\EENGINE is now ee.Ctrl.sys

 

One other strange this is that if I try to run LiveUpdate (as the AV does not appear to have updated itself recently) I am told that "All the Symantec products and components installed on your computer are currently up-to-date." However Windows Security tells me otherwise.

 

Not sure about running the Norton Remove & Reinstall since as mentioned above I am using a Corporate Edition and therefore have no CD if this is asked for.

 

Have just run Norton Power Eraser and it found nothing untoward.

 

PC has been booting up quicker (180 to 210 secs) than it did a few weeks ago but it does then rather crawl. The reason is not usually evident from Task Manager although from time to time (but not in last couple of days) one of the svchost processes has been known to take over all the spare processing power.

 

The other recent change is that, even though the settings have not been changed, if the computer is left for some time (maybe an hour or more) it will have gone to sleep but moving the mouse  then just seems to power down the hard drive and there is nothing showing on the screen and nothing else to do but switch the PC off.

 

Any further assistance greatly appreciated

 


turboturnip wrote:
The version of Symantec I am using is Symantec AV Corporate Edition (as I worked at a University until recently) - so I don't have a CD. The prog version is 10.0.0.359.

Hi turboturnip:

 

Symantec has a separate Symantec Connect user forum for corporate versions of their software where you can get appropriate support .  Links for each of their corporate products can be found here.

 

First, please read the announcement  here which states in part that "On 04 Jul 2012, Symantec AntiVirus 10.x Corporate Edition and Symantec Client Security 3.x will both reach End of Support Life".  This likely explains why your LiveUpdate is not working correctly - see paradoox's post here regarding the same problem with their Symantec AntiVirus 10.x Corporate Edition.  Information on how to migrate to the new Symantec Endpoint Protection (SEP)  v. 12 is posted here, and a link to the SEP user forum can be found here.

 

Since you no longer work with the employer who licensed the copy of the expired Symantec AntiVirus 10.x Corporate Edition software for your home computer, I'm guessing that you won't be able to upgrade to the new Symantec Endpoint Protection software.  If you need to purchase security software for your PC and want to stay with a Symantec product, your can compare their three main products for home users (Norton Antivirus, Norton Internet Security and Norton 360) at  http://us.norton.com/individuals-pc/promo.  There are always good sales this time of year for Norton products - I live in Canada and just purchased a boxed CD of Norton Internet Security at Staples for $19.99, and Best Buy is selling Norton 360 for $29.99 this week as well.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi turboturnip:

Further to my previous post, if your current license does not allow you to upgrade from Symantec AntiVirus (SAV) to Symantec Endpoint Protection (SEP), you should uninstall SAV prior to installing any new security software on your PC to prevent possible conflicts.  This includes any new antivirus software you install that runs in real-time protection mode, whether it is a free version (e.g., AVG Free 2014 , Microsoft Security Essentials v. 4.x, etc. - see the FileHippo site here for more popular examples) or a paid version (e.g., Norton Internet Security, McAfee AntiVirus Plus, etc.).  If you choose Microsoft Security Essentials (MSE) for XP, keep in mind that support for Windows XP ends on 08-Apr-2014 and Microsoft still hasn't announced if it will continue to release antivirus definition updates for MSE for XP beyond that date - see here for more info.

You should be able to uninstall SAV from your Windows Control Panel (Add or Remove Programs) but if you are prompted for an uninstall password set by your previous employer's tech support, there is a thread here in the SEP forum showing a Windows registry edit that will allow you to uninstall SAV without knowing the password.  There is also a Symantec removal tool called CleanWipe that will allow you to completely wipe SAV off your system but it is not available for download on their Enterprise website and you would have to contact Symantec Business Support here and ask for a copy.
------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi there Imacri

 

Many thanks for all the information. Don't have the requested serial number to be able to update to the new corporate version so have decided to trial Norton 360 for one month - and all sems to be working OK at the moment. Will probably also think about changing hardware in next month or two as support for XP will, as you point out, not be provided beyond April.

 

Thanks again 

Hi turboturnip:

 

Glad to hear you're up and running again.  If you have any questions about your Norton 360 trial software there is a N360 board here in the forum where you can get help.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS