Just ran a scan of my computer using Norton's Eraser. The following items appeared as "bad"; photoshopelements.exe and uphcleanhlp.exe. I am curious why these are "bad" files? Photo Shop Elements is a part of Adobe. The UphClean is a Microsoft item that helps with shutting down Win XP efficiently. When Eraser finds a bad file and one clicks on "Fix", does this mean the file is deleted, or is it fixed in some manner?
Just ran a scan of my computer using Norton's Eraser. The following items appeared as "bad"; photoshopelements.exe and uphcleanhlp.exe. I am curious why these are "bad" files? Photo Shop Elements is a part of Adobe. The UphClean is a Microsoft item that helps with shutting down Win XP efficiently. When Eraser finds a bad file and one clicks on "Fix", does this mean the file is deleted, or is it fixed in some manner?
Just downloaded Power Eraser. Scanned the computer and received the following reports:
photoshopelements.exe...bad
uphcleanhlp.sys...bad
I am reluctant to fix these two items. Why would they be bad?
logic wrote:Just downloaded Power Eraser. Scanned the computer and received the following reports:
photoshopelements.exe...bad
uphcleanhlp.sys...bad
I am reluctant to fix these two items. Why would they be bad?
Hi,
I don't know why they are bad. It is possible that something else has corrupted them. It is possible that an update didn't install correctly. It is possible that there is a minor problem with the hard drive. Regardless of the 'why' the bigger questioon is what are you wanting to do about it? The usual solutions are either to do a repair on the program or uninstall and reinstall it. The choice is yours. We'll be here when you need us.
Hi logic,
Please read the warning about running NPE below. This came direct from the Norton Power Eraser download page. - http://security.symantec.com/nbrt/npe.aspx
"Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them."
It may be that the two files were a false positive.
Logic,
Have you seen the replies to your post back in March
and in particular one from Harry P of Norton about the charges you refered to ?
Hi.
Thanks for the question and for posting the NPE log. It didn't seem to expose too much PII, but you should be careful doing this on a public forum. Feel free to remove it if you wish.
It appears that you have picked up a file-less infector, probably kotver. If you have done nothing since posting this, then the system is still infected. You have Mcaffe and Norton installed. Both appear to be active which is not recommended.
A threat like this is not easy to find and remove once it establishes itself on the system. It doesn't appear that NPE found all of it either. It found a data file, and a run key load point. If you tried using NPE already to remove this and you are still getting messages about outbound network traffic then you will have to move to a different removal method.
The proposed solution in the links below should work for your infection also.
https://community.norton.com/en/forums/windows-7-startup-menu-files
https://community.norton.com/en/forums/e1dc73dd8
I hope that helps.
T. McCormick
Symantec