• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Recently, as part of my Norton Security Suite, Norton Power Eraser pops up requesting a Scan. The only file that comes up as a risk is ed35e.d1bbc8.  Under Norton Power Eraser, the file TYPE is: "Startup Item" and ACTION is: Remove

Checking my Task Manager, under STARTUP, on this file, under PUBLISHER, it is blank. Under STATUS, I clicked DISABLE, but this file still shows up in the scan of Norton Power Eraser.

This file: ed35e.d1bbc8   is located: C:\USERS\terry\appdata\local\b1a63\ed35e.d1bbc8

If I delete this file (right-click and select delete), the file immediately regenerates. I tried to Google this file name and no search results show up.

What is this file? Is it dangerous? How do I remove it?

Thank you.

回复

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Are you able to either submit the file to Symantec (https://submit.symantec.com/websubmit/retail.cgi) or upload to Virustotal (https://www.virustotal.com)?

Have you tried to delete the file via restarting your OS in "safe mode"?

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Hello @Tshumas To avoid confusion please allow me to ask whether NPE opens itself suggesting a scan for a possible threat, OR, are you running it manually? NPE by default is NOT set to run unless performed manually due to the risk of deleting critical system files due to false positives. My suggestion is to disable Fast Startup within Windows if you have not done so already and reboot the system. When done open the RUN command box and enter %temp%, select ALL files in that directory and delete. Disconnect your device from all connections to the internet and run a FULL regular system scan with your Norton product to see if this file detection reoccurs. If it does submit to Symantec as a false positive for analysis.

https://community.norton.com/en/forums/how-report-false-positives

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Hi Thank you for replying. On the Norton Power Eraser , if you are not familiar with a file, you can click on" Scan the cloud via Norton. it has been  "scanning" for two hours and has not found this file.

I uploaded the file to the Semantic link. So i will have to wait until i receive a reply. in the meantime, i uploaded the file to Virustotal (https://www.virustotal.com (link is external),  and am happy to say, it was not listed in all 55 places as not a virus. 

I did not try the SafeMode route, as i am a little nervous deleting a file which might be part of the WINDOWS 10 operating system.

The weird thing is maybe it is part of Window OS, which is why it automatically pops back. I am thankful you told me about Virus Total, as well as the Semantic submission section. Maybe i will hear something from them.

My Dell PC is working at a quick speed, nothing is sluggish, starts up quickly. So my main worry if it is a file that broke through Norton Security and is stealing my personal data.

Under the COMMENTS section [if you click on the symbol i  (a lower case letter i in italics)] in the NORTON POWER ERASER, it states: "We do not have enough information to know if this item is unsafe. We advise you that you do not take any action on this item." However, what is weird is that why within only the last month, every so often (maybe it is once a week), has NORTON POWER ERASER popped up suggesting I run it to make sure there are no outside risks? Only this file is listed. Unless this file was installed with a recent automatic WINDOWS 10 update, where did it come from? Thanks.

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@Tshumas

would you be able to provide the link of the file uploaded to Virustotal or the corresponding hash? You can also follow @SoulAsylum suggestion regarding Fast reboot and system scan. I would also suggest scanning your system with a second engine (for example Malwarebytes). Norton and Malwabytes work well together and complement each other (The free version will do for you in this case)

好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

I don't have the link to VirusTotal after i uploaded the file.  I tried to upload the file here, but it won't allow any files other than txt, pdf, or zip

So i had to winzip it.

This is all the information from that site I have.

SHA256:   6728ec2e874fc1c783c7c20fd65905286176e7d2c3b845c77d618969fd254f02

File name:  ed35e.d1bbc8

Detection ratio:  0 / 55

Analysis date: 2017-04-09 23:26:13 UTC ( 0 minutes ago )

Also, I did an On-Demand scan of that file in Norton, and it said"No threats found."

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@Tshumas Press Ctrl+Alt+Delete and open your Task Manager. Scroll over to the Startup tab and see if there is a reference to this file in your startup or a program you do not recognize as being legit, then disable it. Reboot and see if this file reappears at boot time. Thanks.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Thank you very much SoulAsylum. What you described is actually the very first thing I tried. The file "ed35e.d1bbc8" is still selected as Disabled in my Task Manager, but Norton Power Eraser continues to list it as a warning file. One detail I forgot to mention. So if you or M3gatron, who have graciously replied to my quirky problem, or anyone else who might know:            According to the file Properties--> Details, this file was created on Feb 11, 2017 at 3:21 PM.                                                     Under Properties--> General, it states this file Opens with "Microsoft (R) HTML Application host."

Also around that same time in February, inside my Dell Desktop Tower, one of the cooling fans (appears next to my video card), starts to spin about 5 seconds and slows to a stop - sounding like a jet taking off a runway. It is loud and annoying. It seems it happen when I have a browser opened - Google (occurs most often) , Microsoft Edge, or Firefox (occurs least often). Sometimes, the fan spins and stops nonstop for an hour, takes a break and starts again. It might not do it all day, it might spin and stop twice in a day. There is no apparent consistency. It is like a file is instructing the fan to start, but it is not hot, so the fan stops [like a heater thermostat in your home). I did not think this was related, but who knows?

Googling "computer fan spins" or "computer fan spinning" or "computer fan like jet plane" or a dozen variations in search terms and numerous complaints are retrieved. Virtually every reason found is: it happened after a recent automatic Windows 10 update. There was an update in February. No one has a solution. By coincidence, I had two weeks remaining on a one-year Microsoft Windows 10 Tech Support Service Contract. So I called and Microsoft denies it is their fault; so they did nothing. I had paid $150; I had no choice, but to pay, due to its first Windows 10 update crashed my Dell (only 1½ years old). My first 30 day-free support had just ended. What a coincidence! My Dell PC has been fine every since this new strange occurrence.  Thank you both for being so kind.  :) :) :)

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@Tshumas You are most welcome and I have some news for you concerning the file in question. It IS indeed a Trojan disguising itself at a valid system process mshta. Unless mshta.exe is not found within the SYSTEM32 folder of your Windows based system YOU SHOULD NOT DELETE IT. This file is used by your OS to read HTA files it is non essential but deleting will screw your system up. If you find an instance of this file outside the system32 folder then it is an imposter, mshta.exe will only run in the system32 folder. Perform a system file search and see WHERE your system finds the mshta.exe file location.The malware postulates itself through Chrome usually when an older version is being used.

Perform a system restore to a date BEFORE February 11, 2017 and run Norton Power Eraser while booting in safe mode. Tell it to remove the file IF you indeed find it in a folder outside System32. Also set your Norton product under Early Launch Anti-malware protection to on as well. Hope this helps you and corrects your issue finally.

Lastly your Windows 10 build should be 14393.1066

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Thanks  again!! :) it is much appreciated.

I ran a system search and after an hour, I found MSHTA, but it was only in the Windows System 32.folder

Also, last night WINDOWS 10Home had a major automatic update known as CREATIVE

So my Windows 10 build is now: 15063.138

Version 1703

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Glad the issue is solved for you! I would also personally recommend having another engine installed (for example malwarebytes) as not AV can offer 100% protection. This is especially useful (among others) to remove PUA as Norton doesn't detect all PUA

Creative is the new windows patch that came out recently 

好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Actually, the problem is not solved. i did not do anything. i just searched for the file you named mshta.exe and saw it was only in windows system 32,i still have the above-named file and the fan spinning. However, i can still search for the . antivirus program malwarebytes  and download to see if it will get rid of the file named  ed35e.d1bbc8

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

The fan spinning is probably not related so let's focus on the file itself. Please run the second scan and let us know the results of the scan (make sure you update it first and go through the settings to make sure you select the correct options) 

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@M3gatronThe fan issue more than likely IS related since hta files often run scripts from within Windows Shell in the background. @Tshumas , performing a system restore to a date prior to the infestation date will more than likely correct the issue. After which time I would do a full system scan and recheck for anything weird going on.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@Tshumas I have not received the Creators Update as of this writing so I am now a build behind lol. However. A lot of good work was done by some older members of the forums in the past which I wanted to share with you. Please follow the link here:

https://community.norton.com/en/forums/malware-removal-forum-recommendations

One thing I'd like to stress is a lot of "patience" through those processes. And though you may or may not have a warm and fuzzy about what you do understand the process is tedious. Have someone who is tech savy and can assist you. And there is always something to learned. Please let us know how you fared with things and post here.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Dear SoulAsylum and M3gatron:

I tried the easiest step first. I downloaded Malwarebytes, since you said it was compatible with Norton. I ran it and it found 8 malware files, which I clicked OK to remove. Then it automatically rebooted my Dell PC.

Then I checked my Task Manager in the Start-up column and the file "ed35e.d1bbc8" is officially gone! Yippee !

It might take a day or two to find out if the fan spinning situation is now resolved, also. Yippee! 

I only have one weird thing. My Microsoft Edge, Google Chrome, and Microsoft Internet Explorer all work perfectly. However, when I click on Mozilla Firefox, its window opens but it is blank and the first tab says "Connecting..." with its icon spinning in a circle like it is looking for a website. It is like it is hanging up.

if I try to close Firefox with the "X" in the top right hand corner, it will not close. The only way I can close Firefox, is to right click on the icon in the bottom of the screen (Task bar) and click on close. I tried uninstalling Firefox (in CONTROL PANEL) going to Mozilla to download it again and reinstalling it, but it has the same problem.

So I uninstalled Firefox. I really like Firefox; I use it most of the time, especially with my online courses at edX and COURERA.   You both have been amazing in your help.

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Good news. Out of curiosity ,could you please post the malwarebytes log or screenshot to see what Norton missed. As a said no AV has 100 detection rates. I am positive that your fan issue is not related to virus (maybe it's time to clean the dust from the pc or update its specs!)
好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

@Tshumas Great news to hear on Easter morning. Please mark the thread as solved as appropriate if you are confident your issues are resolved. Glad we could assist. Have a grand day today.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.295 / N360 Deluxe 22.18.0.213 / Norton Core v.282 on Android 2.00
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Dear SoulAsylum and M3gatron: You probably are correct that the fan problem is not connected and I will click on the Malwarebytes program and look for the log to make a screen shot for you.  I cannot do it today.

Thank you for the dust comment; however, the first thing my Electrical Engineer hubby did was open the tower (computer was turned off, of course) and very carefully vacuum the inside. He had commented how little dust was there. When you write "update its specs" are you referring to the fans?  I did go to 'My Dell' website, where it recognizes my computer and checks if all hardware/software is update. Only one fan is starting and stopping like it is searching for a command. The others two fans work normally. Also, there is no heat coming out. 

My other new concern after I ran the Malwarebytes program, why now is my Mozilla Firefox browser not connecting to the Internet? Firefox works on my Samsung cellphone?

As I said, I did uninstall Firefox via Control Panel, then when to Mozilla's official website, downloaded the latest version, and reinstalled it.  My other 3 browsers (Google Chrome, Microsoft's Edge and Internet Explorer) work fine.

When I reinstalled Firefox, the original file that had my Favorites was automatically listed. If I look in my File Manager at C:/Program Files  or C:/ Program Files (x86), there is no folder titled Mozilla. However, there is a Google folder which contains Chrome, as well as a folder called Internet Explorer. So the Mozilla folder must get deleted when it is uninstalled via Control Panel. Another mystery.

好评1 Stats

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Hello

Others have been  complaining today about not being able to connect t9 Firefox today. So it is either a Firefox issue or an Norton issue. Could you please check with Mozilla  and see if there are others complaining about not being able to connect or use Mozilla today? Other than people who also use Norton products.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Wow, thanks. I googled "Firefox not connecting to internet" and this reference popped up.

"Firefox browser not connecting to any website yet internet explorer does," which linked to:

"Firefox can't load websites but other browsers can" at:

https://support.mozilla.org/t5/Fix-problems-with-websites/Firefox-can-t-...

I am going to try this tomorrow. Thank you again. 

好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Actually from the above link, which is:                                                                                                                                     https://support.mozilla.org/t5/Fix-problems-with-websites/Firefox-can-t-...

I tried following the instructions, but I cannot find the Proxy information on my other browsers in reference to trying to re-connect Firefox to the internet. 

Firefox connection settings

If you connect to the Internet through a proxy server that is having connection problems, you will not be able to load websites. To check your Firefox proxy settings:

  1. Click the menu button and choose Options.Preferences.
  2. Select the Advanced panel.
  3. Select the Network tab.
  4. In the Connection section, click Settings….
  5. Change your proxy settings:
  6. Close the Connection Settings window.
  7. Close the about:preferences page. Any changes you've made will automatically be saved.

If you find that changes you make to your Firefox connection settings are not remembered when you restart Firefox, see How to fix preferences that won't save.

好评0

Re: what is file "ed35e.d1bbc8" Norton Power Eraser listed as RISK

Just a quick comment. I found  another article at Mozilla on the problem Firefox suddenly not connecting to the Internet. It did state there is a conflict with Windows 10 update, Malwarebytes, and Firefox. The only work-around I could figure out is to uninstall Malwarebytes, then reinstall Firefox, which i just did and Firefox works perfectly again. My guess is to every once-in-a-while to download Malwarebytes, use it, and then uninstall it. 

Thank you for this extra help. Funny; the one thing that fixed my initial problem with Norton Power Eraser wound up causing a new problem- a conflict with Firefox. Live an learn. 

My only PC problem that still remains is trying to solve the intermittent fan inside by desktop tower 'starting and stopping' and sounding like a jet plane taking off on a runway whenever any browser is open. 

Thank you all for being so patient and kind to someone like me, who is not an expert in strange computer problems. At least I try and do not give up easily.  :) :) :) 

This thread is closed from further comment. Please visit the forum to start a new thread.