WARNING "Norton Power Eraser" Trashed My XP Box

vbimport

#1

In hopes this won’t happen to you:

Norton has a free rootkit remover out called “Norton Power Eraser”. DO NOT use it on XP. Totally corrupted the registry (& that was NOT due to finding a rootkit). I’ve been trying to repair the machine for about 4 hours so far. Do NOT use this POS. As it is I currently can not get into Windows on my main computer other than with the recovery console through the Windows CD.

5 hours later:

It appears to be fixed after about 5 hours of work. Right now I am currently doing major back ups before doing a cold reboot to confirm.

After trying everything i could find in the MS knowledge base & the MS official forums (& a couple other net forums) in my case the fix was something I forgot I had; I use a registry management program (which I swear by) called Greatis Reg Run. It has a registry restore feature which I didn’t even think about as I’ve never used the feature before in all the years I’ve owned it. It SEEMS to have fixed the issues in about 10 seconds.

I won’t feel totally safe until doing the cold boot just in case Norton put some sort of weird hook in an ini file that will cause the issue to recur, but I THINK I’m ok.


#2

"The tool uses more aggressive techniques than your Norton security product, hence there is a risk that it will flag legitimate programs for removal. You should carefully review the scan results page before removing any files. ":rolleyes:


#3

[QUOTE=~Jethro~;2642171]"The tool uses more aggressive techniques than your Norton security product, hence there is a risk that it will flag legitimate programs for removal. You should carefully review the scan results page before removing any files. ":rolleyes:[/QUOTE]

:iagree: Totally…no matter what program you use.

[B]@[/B]MooMooMooMoo

I got rid of Norton many years ago and never use any of their tools whether free or not, most likely there is a major conflict between the Norton Power Eraser and your Greatis Reg Run program.


#4

Norton worked well with 9x, but NEVER AGAIN!!! Years ago, I bought one of their utility suites for XP, & it was such a piece it was uninstalled.

Re the disclaimer: it never even ran the scan, so there was no way to to open the interface & select undo! All it did was “prepare” the registry for it to run on reboot, & I was no longer able to access Windows on reboot.

It did something(s) to the registry that prevented XP from running at all.

For those familiar with this set of issues, I first got hal.dll missing error. I restored it from another box (it wasn’t missing). Than got the windows/system32.config/system corrupted error. Rebuilt boot ini. No go. Ran chkdsk/r. Took several hours to run & still wouldn’t boot. The only possible boot was command line through the restore console.

The other MS approved method had a warning not to use with an OEM under any circumstances & the box was a Dell.

That’s when I remembered Reg Run… I love that program!


#5

I haven’t tried Power Eraser but I have to say I find their other software pretty reliable.

When the forum was hacked a while ago Norton Anti Virus flagged it up here and I was able to report it very quickly. The malware didn’t show up on anyone else’s machines as I was the only staff member using Norton.

We nailed it very quickly as a result, before any significant damage could be done, but I always wonder what could have happened if I hadn’t spotted it that quickly.

I’m always wary of tools that modify the registry though and I know this is a bit late for yourself but for the benefit of any others reading this, I’d always recommend taking a backup before relying on [U]any[/U] sort of automated cleanup program regardless of how good a reputation the software has.

Were you able to get it sorted eventually?

[B]Wombler[/B]


#6

You have my sympathy on this MooMooMooMoo . I’ve never been a Norton fan .
When it was some of the temporary antivirus that came with my computer I did the complete uninstall & clean of it.
I haven’t used it much but Norton ghost is their one good software .

Wombler if you are getting good results with Norton you are one of the lucky ones.
I will say I didn’t get any flags on anything while using this forum & I never have.
Is there anything I should scan my system specifically for Wombler ?
I wouldn’t want anything sneaky hiding that my antivirus or antimalware didn’t find.

That being said a good backup software is essential . I use Acronis TI & have been satisfied with it. I also use a registry backup named ERUNT .
It has a companion software for registry optimizing NTREGOPT . This has never caused my any problems.
I also use CCleaner. It offers backup of registry settings it removes but I’ve never needed to use it for anything it removed.
I used one several years ago that did about the same Norton did to you . I was a real newb then & didn’t know better . I had to do a restore to the OOB condition & replace all the software . A good hard lesson in getting & using a backup program.


#7

[QUOTE=cholla;2642198]Wombler if you are getting good results with Norton you are one of the lucky ones.
I will say I didn’t get any flags on anything while using this forum & I never have.
Is there anything I should scan my system specifically for Wombler ?
I wouldn’t want anything sneaky hiding that my antivirus or antimalware didn’t find.
[/QUOTE]

As far as I’m aware it’s the first time it’s ever happened here.

I was online and MSNed a couple of the Senior Admins as soon as I got the warning.

It was dealt with so that quickly that no one else outside the staff even knew about it but I know that the other staff investigating it, without Norton AV installed, queried it before it was confirmed that we had in fact been hacked.

The hackers inserted obfuscated java code that was intended to redirect users to another website but it didn’t work properly and they didn’t have time to exploit it.

As a side effect it did mess up several sections of code however which took some time and effort to fix, such as the style chooser for example, but other than that there were no ill effects that we’re aware of.

As far as your AV protection goes, there’s nothing special to scan for as we caught this exceptionally quickly, the inserted code was disabled almost immediately, and the system was patched not long after to prevent this particular exploit.

HTH.

[B]Wombler[/B]


#8

[QUOTE=Wombler;2642249]The hackers inserted obfuscated java code that was intended to redirect users to another website but it didn’t work properly and they didn’t have time to exploit it.[/QUOTE]
Actually they inserted some obfuscated code to PHP files. Not related to Java, could have been Javascript though. Don’t remember exactly

As a side effect it did mess up several sections of code however which took some time and effort to fix, such as the style chooser for example, but other than that there were no ill effects that we’re aware of.

The style chooser issue was caused by a very nasty bug in PHP. Could be that someone tried to rebuild styles which caused the style chooser to disappear.


#9

[QUOTE=Wombler;2642194]

I’m always wary of tools that modify the registry though and I know this is a bit late for yourself but for the benefit of any others reading this, I’d always recommend taking a backup before relying on [U]any[/U] sort of automated cleanup program regardless of how good a reputation the software has.[B]Wombler[/B][/QUOTE]
The reason I posted this was specifically to warn others with XP before they had the experience I did!

[QUOTE=Wombler;2642194]

Were you able to get it sorted eventually?

[B]Wombler[/B][/QUOTE]

Yes (thank God!), it appears the Reg Run registry restore took. I’ve only done one cold boot since running it so far, but it did boot & the machine is only exhibiting one very minor issue, which is likely due to the back up being a few days old.


#10

[QUOTE=Liggy;2642274]Actually they inserted some obfuscated code to PHP files. Not related to Java, could have been Javascript though. Don’t remember exactly
[/QUOTE]

It was javascript. I’ve mixed up my terminology there. :slight_smile:

[QUOTE=MooMooMooMoo;2642282]The reason I posted this was specifically to warn others with XP before they had the experience I did!

Yes (thank God!), it appears the Reg Run registry restore took. I’ve only done one cold boot since running it so far, but it did boot & the machine is only exhibiting one very minor issue, which is likely due to the back up being a few days old.[/QUOTE]

Excellent, glad to hear that, and that’s a great reason to start a thread BTW as we’re all here to help each other.

[B]Wombler[/B]


#11

[QUOTE=MooMooMooMoo;2642282]The reason I posted this was specifically to warn others with XP before they had the experience I did!

Yes (thank God!), it appears the Reg Run registry restore took. I’ve only done one cold boot since running it so far, but it did boot & the machine is only exhibiting one very minor issue, which is likely due to the back up being a few days old.[/QUOTE]
Maybe its time for Windows 8, its free now for beta but only 14.95 after that for a full Pro Licence…:flower:


#12

[QUOTE=alan1476;2642288]Maybe its time for Windows 8, its free now for beta but only 14.95 after that for a full Pro Licence…:flower:[/QUOTE]

I suspect my hardware isn’t Win 8 ready, (+ would need Dell Win 8 drivers for my older boxes), but really like the pricing you mention. I was planning on learning Linux by 2014 when XP patches go away, but at $7.50 per year, I may consider 8.

on the other hand much of my resentment towards MS is I don’t wish to buy in to this never ending cycle of software “upgrades”; only required because MS stops issuing patches.

I’d still be on Win 98 if I could be. XP does have a couple advantages (less crashes & NTFS), but the fact is 98 is much faster & in it’s day was more secure.

IMO, Vista is garbage, & my one experience of removing a virus from a friend’s Win 7 box left me with a pretty low opinion of Win 7.


#13

Norton Commander is the best product the ever had…