Four days ago, I decided to check my computer using the Power Eraser, which I do occasionally. About 3 weeks earlier I did it, and my computer was clean. This time, I found a bad registry item. I had the program remove it. 2 days later, I checked and found it again, and had it removed. Yesterday, I checked, and found it yet again.
To be sure that I had gotten rid of it, I checked several times yesterday. On some occasions, after NPE said it was fixed, I found it on a follow-up check, and on others, NPE found nothing. Today, I checked, and once again, I found the bad registry item. One scan says it's gone, the next one, says it was still there.
Attached is a screenshot of the bad registry item. The log files can't be uploaded because they are xml files.
I think you're right. MS recreates the key after it gets deleted because it belongs on my system. I'll be more careful in using NPE in the future. Thanks.
That registry key appears to be legit. See this Microsoft Tech Net thread. https://social.technet.microsoft.com/Forums/en-US/92abbd60-125d-4777-ab50-109142cde0c2/could-this-be-a-false-positive?forum=ITCG
As bjm_ noted, Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. That appears to be the case for you. After NPE removes the key, MS is recreating the key. That is why you keep seeing it.
Best to only use NPE if you feel Norton has missed something in your regular scans. And then, check what it wants to remove to ensure it is not a legitimate file.
That's true. NPE is an aggressive tool, and I have heard that it can remove something that is legitimate. I'll remind myself to Chat with Norton in the future when I find something. Thanks.
NPE is not second opinion on-demand scan tool akin to Malwarebytes. Run NPE with caution and scrutinize any detection. And then do not act.
Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal.
Its says: HKEY_LOCAL_MACHINE\Software\Microsoft\Powershell\1\Shelllds\Microsoft.Powershell\"ExecutionPolicy"
By the way, how do I copy and paste into this forum? I try to do it and am told my browser doesnt support it, and that I have to press something (I don't know what, I can't read it) to do it.
google > PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy
Unless you suspect ? after Norton full system scan ....best practice is to leave NPE alone unless directed by support. Best practice if you suspect ? is > Chat with Official Norton Support.
Best practice if you suspect ? is >