Norton Power Eraser detected 2 malicious Registry files

Hey,

 

So I just ran my daily scan of Norton Power Eraser and it completed the scan finding 2 malicious Registry items. 

 

Risk            Type                         Status     Action

 

Registry      System Settings    Bad         Repair

 

The file is:

 

HKEY_USERS\S-1-5-21-3764680785-4163161662-4275111323-1000\Software\Microsoft\Windows\CurrentVersion\Run\"AdobeBridge"

 

The second registry threat is:

 

Risk            Type                         Status     Action

 

Registry      System Settings    Bad         Repair

 

The file is: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\""

 

 

If anybody can tell me how I can deal with this problem it would be greatly appreciated! I did not download anything or go to any malicious websites and NPE is giving me the option to "Fix" the problem so I need some suggestions on what this is and how to deal with it. I will not do anything until I get some instructions on how to deal with this so any help would be great!

 

Thank you very much!

Thanks for your response SendOfJive

 

I ran Norton Power Eraser on my desktop computer after running on my laptop which initially detected the first threat and now on the desktop it gave me the same threat again!

 

\REGISTRY\USER\S-1-5-21-3239396572-1181013912-2643709188-1000\Software\Microsoft\Windows\CurrentVersion\Run\"Weather"

 

\REGISTRY\USER\S-1-5-21-3239396572-1181013912-2643709188-1000\Software\Microsoft\Windows\CurrentVersion\Run\"WMPNSCFG"

 

The second registry is:

 

\REGISTRY\Machine\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\"eRecoveryService"

 

 

I never have the two computers plugged into the router at one time.  Also this is the latest version of Norton Power Eraser and since it is a very aggressive tool is this an internal problem with Norton Power Eraser itself?

 

Should I let it "Fix" the registry files?

 

I'm very confused.

I'm also not really good at manually checking to see if something is malicious. I have little experiance on identifying malicious files by looking at the scan details. :smileysad:


ACS4500 wrote:

Also this is the latest version of Norton Power Eraser and since it is a very aggressive tool is this an internal problem with Norton Power Eraser itself?

 

Should I let it "Fix" the registry files?

 

I'm very confused.


It is not a problem with NPE - that is the way it is designed, which is why you should not use it as an everyday scanner.  It is assumed that you are running NPE because there is an actual, and obvious, problem that the regular Norton products have failed to detect or fix.  Therefore, NPE expects to find malicious files on your system that have escaped detection (otherwise, why would you be running it?).  It isn't looking just for known malicious files - the regular products would have found most of those.  Instead, it is also looking for possible malicious files.  Along with files that appear suspicious, these could also include files of interest that Norton simply does not have enough information about to know with certainty whether they are safe or not.  The essential point is that NPE will "convict" a file as being possibly malicious on much less evidence than the regular Norton products woud require for a conviction - and this leads to far more false positve detections.  I would not have NPE fix the registry entries unless you are certain that they are malicious and contributing to a problem on your computer that is clearly apparent.

 

Ok,

 

Are their any numbers or wording in the file that would suspect it being a malicious file? I'm not too sure just by looking at it.

As far as the computers running it appears that they are running good but I just wanted to be sure. By looking at this information that NPE gave me on these files would you say they where malicous?

Hey,

 

So I just ran my daily scan of Norton Power Eraser and it completed the scan finding 2 malicious Registry items. 

 

Risk            Type                         Status     Action

 

Registry      System Settings    Bad         Repair

 

The file is:

 

HKEY_USERS\S-1-5-21-3764680785-4163161662-4275111323-1000\Software\Microsoft\Windows\CurrentVersion\Run\"AdobeBridge"

 

The second registry threat is:

 

Risk            Type                         Status     Action

 

Registry      System Settings    Bad         Repair

 

The file is: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\""

 

 

If anybody can tell me how I can deal with this problem it would be greatly appreciated! I did not download anything or go to any malicious websites and NPE is giving me the option to "Fix" the problem so I need some suggestions on what this is and how to deal with it. I will not do anything until I get some instructions on how to deal with this so any help would be great!

 

Thank you very much!

You did not mention why you are running NPE. Did you get some warning from your Norton Product?

 

If there were no files found, just registry entries, I would not allow a fix as it could cripple your system.

 

I would suggest a second opinion scan using the FREE version of Malwarebytes. You can find it here http://www.malwarebytes.org/products/malwarebytes_free/

 

If you are really concerned, you should go to one of the free malware removal sites listed below and ask your question there.

http://www.bleepingcomputer.com/
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/
http://support.emsisoft.com/forum/6-help-my-pc-is-infected/

Let us know what you find.


ACS4500 wrote:

As far as the computers running it appears that they are running good but I just wanted to be sure.


Again, that is not the purpose of NPE.  If your regular Norton product says that your system is clean, and you have no obvious signs of infection, you should not be running NPE as a general detection tool.  NPE is intended as a last resort measure to deal with a problem so severe and intractable that the downsides of false positives are outweighed by the benefit of possibly finding files that other scans miss that may be at the root of the problem.  On a clean machine, these false positives lead to unnecessary confusion and worry that there is malware present when there is not.  Disregard the results of the NPE scan unless you are sure you have an infection.

 

Ok,

 

I have not received any notification from my regular Norton 360 6.4 product. I really just did the NPE scan as a cross check of the system just to be sure.  If it would possibly damage the system from detecting false postives then I will just leave NPE alone.  I have been running normal Quick Scans and Full System Scans and all are returning clean.

Running NPE won't do any damage, but removing something that actually belongs on the system could be problematic.

Alright then!

 

Thank you very much SendOfJive and peterweb! Your suggestions and information was very helpful!

You're welcome.

Glad we could be of assistance.

 

Just remember to use the right tool for the right job.