Norton Power Eraser

Unlike the yellow eraser, MBAM yet has to try to wipe about all security stuff I have installed on this box. Seriously, if you are unable to distinguish between world's most popular malware removal SW such as MBAM/SAS and malicious software, then perhaps you'd better spend your time programming something else, maybe some Solitaire clone

 

It also has yet to flag Firefox and Thunderbird.

 

May God forbid, of course.

Thanks.

 

I should also note that I don't recall being a part of the "discussion", so this must be directed at the others. I was only talking in general.

 

Directed at 3GUser and Alias.

 

Yesterday I installed Power Eraser on my sisters laptop infected with rogue XP Internet Security 2010, system was completly unusable.Before installing I tried several programs but they couldn't even started. Power Eraser worked great, after cleaning and restart system came back with no errors. what's to say... GREAT JOB SYMANTEC!

 

Good to hear. That is exactly what the program is intended for.

 

Sadly, most posters here are missing the point entirely here with regards to Power Eraser and how it works.

Firstly however, I feel the need again to defend MBAM. If have run it on numerous machines, and it has never ever given me a single false positive. My own laptops should provide an excellent source for false positives, as I usually install new software every day, and in general never do a clean reinstall of Windows.

Now I'm not saying that MBAM will never give false positives, but for me at least it never has. Also some of the competing software such as Ad-Aware, A Squared and Spyware Terminator, I have found to have serious problems with false positives - and as such I don't use them, and would never install them in an attempt to clean an infected machine.

But back to the topic at hand. The intent of Power Erase seems to be not to scan for specific threats like MBAM does, but rather to use heuristics to find potential threats. A good example of this would be to use when other traditional malware/antivirus scanners are unable to remove an infection.
As always when using heuristics it when something is detected it is only a guess (an educated guess) - it is merely saying that the program in question may be a threat. And it is up to the user to leave it to their own judgment as to weather on not remove what has been detected.

I just want to point out too that I am in no way a Symantec/Norton fanboy - I think their removal tool which fully removes any traces of Norton products install is their best program.

 

Haha! That gave me a smile on my face - thank you.

 

Yea to bad MBAM or SAS could have also done the job without detecting all the legitimate apps.

 

Not always true. Even though I love MBAM but there are stuff that could go undetected by MBAM. There is a scareware copyright violation in the wild that MBAM did not detect entirely. It is such a complicated malware that has many facets. I also tried Power Eraser and it did a fantastic job and my VM was completely cleaned of it. Once Symantec tames down its Power Eraser false positive horse, it will be tough to beat.

In fairness a lot of security companies did not detect it. I sent a sample to several of them and F-Secure processed my sample the fastest and they will detect it as Riskware:W32/Antipiracy.A. Congratulation to F-Secure for being fast in responding and processing customers' samples.

Thanks.

 

I was talking about the XP IS2010 rogue.

The only reason NPE detected that specific scareware your referring to is because it flags everything. If it didnt flag everything Im sure it also would have failed.

 

Once again not true. It did have some false positives I have to admit that; however, it did not flag everything on my VM.

Thanks.

 

It's easy to bash Norton/Symantec for lots of historical reasons But if they have come up with a tool that given time might prove to be a useful asset, then good for them. And remember, it is ONLY a Beta at this stage after all.

If it turns out that their modus operandi is to try and kill MBAM etc, then i'll be one of the first in line to bash them, with pleasure, and deserverdly so

 

It didn't flag anything here.

 

A problem that i see with NPE that diminishes its usefulness (imo)is that it seems to depend on an active internet connection ,otherwise it wont scan.What if your internet is down or malware has messed it up?.Are the heuristics only in the cloud too?.For a last resort tool i would need something that doesnt rely on an internet connection only.
ellison

 

Thank you for making a different and valid point.

 

However, that is also true for other applications such as Prevx and Hitman Pro or any other cloud dependent applications. Essentially without the Internet their efficacy is greatly diminished.

Thanks.

 

Hi CT...
yes it is ,but i didn't realise that this tool was wholly dependent (at present)on an internet connection I originally thought it had some sort of inbuilt heuristics engine, plus cloud scanning.
ellison

 

Hi ellison64

Since NPE is still in beta let us hope that Symantec would provide some sort of signature updates and heuristics once released.

Thanks.

 

Our Dell Dimension 4500 hasn't been connected to the internet for many months until today. It has outdated versions of MBAM, SAS, Ad-Aware, Spybot and Bitdefender Free Edition and some unpopular programs. I uninstalled Norton and installed Avast! 5 Free.

The normal scan listed the shortcut TV Shows.Ink which directs to a folder on my harddrive which is currently not connected.

The aggressive scan:

loader.exe - Shortcut - belongs to mkv2vob
PowerISO.exe - Shortcut
pwrisosh.dll - Shell Extension - belongs to PowerISO
KMPlayer.exe - Shortcut
SCDEmu.sys - Driver

All of them have been used by tens of thousands of Norton users (I'm included!), released more than 31 days ago and have a favorable rating from Norton.

Authentium, F-Prot and Rising detect loader.exe (false positive).

 

.....

 

1.0.0.45 released on 03/05/10. Still BETA.

http://security.symantec.com/nbrt/n...d=1033&origin=unk&env=production&tooltype=NMR

 

Thank you. I tested it last night I can report that Norton done a great job in dealing with the false positives.

Thanks again for the link.

 

Still got FP's here. I have Rocketdock and I right clicked the desktop and chose hide desktop icons. Apparently its telling me that this system setting is a virus.