byViralM09-08-201012:18 AM - edited 09-16-201004:55 PM
Bridging the Gap
Norton Power Eraser is the latest Norton Recovery tool. It is being released at the same time as Norton Internet Security and Norton Antivirus 2011. The tool is aimed at detection and clean-up of “0-day” threats (0-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.)
There is special focus on ”Fake AV” (aka ”Rogueware” or ”Crimeware”). Fake AV is a rogue piece of software that pretends to be security software and tempts the user to pay for worthless software; even worse it can install additional malware on the system and claim the system is clean.
Many users still do not use antivirus software, or they use software that is not updated or effective. As a result, their systems can become infected with malware that is extremely difficult to remove. Worse, malware authors routinely attempt to evade or disable security programs. Many will prevent these programs from even installing. For all these reasons, users who end up with an infected computer often need more aggressive techniques to handle detection and remediation.
It was with this vision that Norton Power Eraser (NPE) was created. So far we have been very successful in delivering on that vision. In the first three months of limited release of the tool, the tool has been 80% effective against never-seen-before Fake AV programs, and in our internal tests, the tool has been working about 53% better than the nearest competitor.
Norton Power Eraser downloads and runs quickly and is free for anyone to use.
Running a Scan
Norton Power Eraser is a single executable that can be downloaded from the Symantec Web site and is extremely simple to use – just accept the End User License Agreement and you are ready to scan.
Norton Power Eraser uses aggressive engine heuristics and Symantec’s Reputation technology to discover risks and identify potentially dangerous items. In the Scan Complete screen, the results of this scan appear in the Local Scan column. Files that are found to be threats are flagged as Bad and files that are a potential problem are flagged as Suspicious. Norton always recommends that you remove files that are flagged as Bad if you know that you are infected.
To further assist you in identifying if a suspicious file is a threat, an option called Remote Scan is available for files flagged by the Local Scan. This is an advanced feature that performs a full scan on a file by sending it to the Symantec servers. Remote Scan provides Norton Power Eraser with access to our traditional Signature-based detection engines to increase effectiveness.
Both Local Scan and Remote Scan can identify malicious files. Note that both the scans run independently and if either scan flags a file as Bad, then the file should probably be removed.
Feeling the Power
Given its aggressive nature, Norton Power Eraser ultimately requires you to make the final decision on whether or not to remove an item. Norton Power Eraser does provide recommendations on whether or not to fix items identified on the Scan Complete screen. The results appear under two sections, Detected and Suspected.
The Detected section shows items that Norton Power Eraser considers risks, recommending that they be removed (“Fix” checkbox checked). The Suspected section shows items that require further review. A Remote Scan on items marked Suspicious can help determine if they are malicious. If the Remote Scan deems the file to be Bad, the item will be moved to the Detected section with the “Fix” checkbox automatically checked.
In addition to Remote Scan, to retrieve additional information on a file simply click the file name under the Detected or Suspected sections to open the File Insight screen for that file. File Insight provides valuable information like the Prevalence, Age, and Norton Trust rating for that file – very valuable information to help you make a decision.
The recommended action of Norton Power Eraser can be tabulated as follows:
Not a Known Threat
Not a Known Threat
Further Analysis needed
Should you remove a file in error, the tool comes with safeguards, such as creating System Restore Points and enabling review and undo of previous actions.
Norton Power Eraser is a last-resort, extremely powerful tool to assist in the detection and clean-up of 0-day risks with special focus on Fake AV. If a program has hijacked your computer and is holding you hostage, try Norton Power Eraser. Once again, Symantec widens the gap with the competition by delivering a unique cutting-edge tool.
Displays results of the aggressive heuristic engine supported by Symantec’s Reputation technology.
Sends the file to the Symantec servers for a signature-based scan.
Items for which Symantec recommends removal.
Items for which Symantec recommends further review and a Remote Scan.