Symantec Power Eraser is designed to complement mainline antivirus applications by detecting and remediating specific types of threats:
- New variants of existing threats that are not detected by the current definition sets
- Fake antivirus applications and other rogueware
- System settings that have been tampered with maliciously
Because Symantec Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. Use standard antivirus applications and troubleshooting techniques first; if they do not remove all of the threats, use Symantec Power Eraser.
Symantec Power Eraser uses Symantec Insight to help identify if a file can be trusted. Symantec Insight is a reputation based rating system that is available to Symantec products as an online (cloud) service. For this reason Symantec Power Eraser must be run on a system that is connected to the internet. For more information see Symantec Insight.
Symantec Power Eraser uses heuristic techniques to help identify potential malware. These heuristic techniques are defined in a set of updatable definitions. Symantec Power Eraser downloads the latest definitions automatically when you run it. The current definitions are version 4/18/2013 r708.
Scanning Offline User Profiles
Sometimes a user cannot log into a system because undetected malware is causing the startup process to fail. If the potential malware is only using load points associated with that user then it is necessary to scan that user’s load points to find that malware. Symantec Power Eraser, however, does not have the capability to scan user profiles other than the user profile that is currently logged into the system. There are, however, two ways to work around this utilizing Power Eraser technology:
1. Run Load Point Analysis with SymHelp
Load Point Analysis uses Power Eraser technology to scan the most common load points and provides a list of suspected malware similar to Symantec Power Eraser. Load Point Analysis uses Symantec Insight and other file checks to score the trustworthiness of a file. Load Point Analysis offers options to manually select folders to scan. All portable executable files in those folders will be scanned. This provides a work-around to not being able to directly scan the load points associated with a particular user.
2. Run Norton Bootable Recovery Tool
Power Eraser technology is also available in Norton Power Eraser. Norton Power Eraser can be found on the Norton Bootable Recovery Tool. From the Norton Bootable Recovery Tool a user can load offline user profiles from a remote (unbooted) OS and run the Norton Power Eraser scan on that user’s profile. To learn more about this tool go to Norton Bootable Recovery Tool.
Power Eraser and Autoruns
Autoruns is a SysInternals utility that scans load points and displays detailed information about how those load points are configured to start applications automatically. Power Eraser checks all the same locations as Autoruns and currently has the same limitations regarding scanning offline user profiles.