back to article Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall. The addition of Ncrypt.exe, Norton 360's signed cryptocurrency-mining binary, to installations of Norton antivirus isn't new – but it seems to have taken the non- …

  1. Mishak Silver badge

    Glad I dumped it...

    It caused enough battery drain without it doing so intentionally.

  2. UK DM

    Me too

    If you're reading elreg we can assume you dumped it in the 90s like me though?

    1. Anonymous Coward
      Anonymous Coward

      Re: Me too

      Went downhill after the original Peter Norton left. Surprised he didn't do a "McAfee" about it!

      1. Lon24 Silver badge

        Re: Me too

        It looks like Peter has since he sold the company in 1990 been a philanthropist. No naughty stuff listed in his Wikipedia entry:

        https://en.wikipedia.org/wiki/Peter_Norton

  3. anthonyhegedus Silver badge

    What does installing a crypto miner have to do with computer security?

    So taking 100% of the profits from surreptitiously installing a bitcoin miner is bad, but taking 15% is not bad?

    There's no point in them saying 'but it's opt-in' or 'but we tell you during install'. They know full well that it's going to be ignored. And because it's not a normal part of any security suite, who would expect it to be there anyway? I know I wouldn't. It's disingenuous and they know it.

    Typical of that poisoned brand anyway. For the last 18 years or so, it's been a scam. I remember I bought Norton 2003 for resale to customers and it was just about OK. After that, it got to be the resource hog and scam-monster it is today.

    1. Anonymous Coward
      Anonymous Coward

      Re: What does installing a crypto miner have to do with computer security?

      It's been a long time since I ran into a PC with Norton on it. But was/is Norton the one you have to sign into your online account to find out if your antivirus is about to expire?

      I really found that annoying when I'm fixing a PC and can't tell the user they need to upgrade their antivirus soon. I never recommended Norton because of that.

      1. Andy A Bronze badge

        Re: What does installing a crypto miner have to do with computer security?

        That's part of the reason that the "Your Norton protection is about to expire" spam is such an attractive source of revenue for scammers.

        1. Terry 6 Silver badge

          Re: What does installing a crypto miner have to do with computer security?

          Ahh. Interesting to know. having had a few of those in my spam folder. (And not having, as noted above, used the thing in decades).

      2. Blank Reg Silver badge

        Re: What does installing a crypto miner have to do with computer security?

        It used to tell you how many days were remaining on your subscription at the bottom of the My Norton window, now it just says whether it's active or not. You have to click on it to take you a panel with the expiry date

  4. Pascal Monett Silver badge
    Coat

    "requires powerful hardware"

    Yes, because people buying powerful hardware will not at all mind that 60% of the power they purchased will be going towards "mining" funny money pyramid scheme bullshit.

    The entire professional world has lost its mind (along with the rest of us). NASA lost the Shuttle to beancounters, Internet companies are losing it to marketroids.

    STOP HIJACKING MY PC WITH YOUR BULLSHIT EXCUSES !!

    IT'S MINE, NOT YOURS !!

    Please excuse this outburst of bombastic bob-levels, I'm off to get myself a whisky to calm me down.

    Nurse ? Mine's the one with the flask of JD in the inner pocket.

    1. David 132 Silver badge
      Happy

      Re: "requires powerful hardware"

      Do we feel that “gone a bit bombastic bob” is our local equivalent of Discworld’s “gone totally Bursar”?

      (With apologies to Bob.)

      1. Scotthva5

        Re: "requires powerful hardware"

        If so the JD flask would be dried frog pills.

    2. Hubert Cumberdale Silver badge

      Re: "requires powerful hardware"

      Never mind the computing resources it uses – the literal power is a potential real-world problem. Having been playing RDR2 quite a lot over the "festive" season* I was actually able to see the difference in my electricity bill resulting from the additional ~120W used by my graphics card running at full tilt rather than just ticking over (it also kept my feet warm). If you're paying the electricity bill, mining on non-specialist hardware in the UK is probably a net cost at the moment.

      (*Due to a positive Covid test and mandatory self-isolation.)

      1. W.S.Gosset Silver badge
        Paris Hilton

        Re: "requires powerful hardware"

        > been playing RDR2

        I loved him and CDP0 in Star Walls.

        I didn't realise you could play him now -- you must be quite small.

        > mandatory self-isolation

        I saw all those UK protestors on the news demanding isolation for every house to save the endangered climate change. So they succeeded and it's mandatory now? Does this mean you've saved climate change from extinction?

        ----> icon

      2. Anonymous Coward
        Anonymous Coward

        Re: "requires powerful hardware"

        "(it also kept my feet warm)"

        As my contribution to reducing my carbon footprint my laptop is left running all day - as background heating while the gas central heating is turned off. Room temperature of 10C requires wearing three pairs of socks in my hiking boots - indoors. My electricity supplier prides itself on renewable sources. During the summer the gas boiler pilot can be switched off too as mains tap water is "warm" enough***.

        ***back to my childhood conditions.

    3. vincent himpe

      Re: "requires powerful hardware"

      IT'S MINE, NOT YOURS !!

      Careful now ... you don't own any software (even linux stuff is riddled with stuff you don't own). if you have a fruity machine .. they 'think different' about ownership. and even if you built your own box from parts : you don't own the bios, drive firmware ,mouse and keyboard firmware and many other hidden bits and bobs.. and do you really know what that supervision processor is doing in your intel chip ?

      Unless you soldered the thing together from blank parts and wrote (or only use open source firmware) , someone has his sticky fingers in it...

      1. Pascal Monett Silver badge

        Let us agree to disagree.

        First of all, I'm not talking about software. That's a minefield I will not go into. But the hardware is MINE. There is no discussion about that and I don't need to know about hidden bits and bobs to know that I bought it with my money and it BELONGS TO ME.

        Just like my car. I have no notion of automotive engineering, but if I want to put a spoiler on it, it is MINE, so I can.

        You, however, have no right to hop over and install a spoiler without my permission. Yet, because we're talking about software in the end, Norton believes that it does have permission.

        Well it doesn't.

        Not in my world.

        1. David 132 Silver badge
          Coat

          Jeez Pascal, I’m not one to need trigger warnings, but a spoiler alert might have been wise there…

    4. A Non e-mouse Silver badge

      Re: "requires powerful hardware"

      NASA lost the Shuttle to beancounters

      Er, no. NASA lost the shuttle 'cause it was killing people due to design flaws. The fact that it was very expensive to run didn't help the matter.

      I only hope the SLS is just expensive and doesn't kill people too.

  5. Arthur the cat Silver badge

    The world's gone mad

    There's a local "character", Disco Kenny(*), with whom conversation is interesting. A regular interjection in his word stream is "World's gone mad, mate". I see

    offering Ethereum mining as part of its antivirus suite

    and find myself agreeing with him.

    (*) Google for more information.

    1. Jedit Silver badge
      Stop

      "offering Ethereum mining as part of its antivirus suite"

      Excuse me, but I think you'll find that Norton aren't offering it. They're giving it to you whether you ask for it or not.

      1. Terry 6 Silver badge

        Re: "offering Ethereum mining as part of its antivirus suite"

        It's kinda like putting the virus in the anti-virus

    2. W.S.Gosset Silver badge

      Re: The world's gone mad

      Still, yer gotta laugh, aincha mate

    3. This post has been deleted by its author

  6. kurtseifried

    Classic gift card balance "exploit"

    From the GSD entry GSD-2022-1000002 (https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000002.json)

    Norton AntiVirus now includes an Ethereum crypto miner that has several problems including deceptive rewards program and difficulty in uninstalling it.

    Norton keeps 15% of all Ethereum mining proceeds and "pays" the remainder into a users "Norton Crypto Wallet" which is hosted by Norton. It should be noted that the Norton Crypto Wallet cannot be used to make Ethereum transactions, but can only be used to transfer value to a Coinbase account once a certain minimum threshold of value is accrued. The Norton crypto mining and Norton Crypto Wallet are effectively a gift card system where the money can be withdrawn, but not unless a certain balance is available. It should also be noted that the Norton Crypto mining software is reportedly very difficult to uninstall, requiring administrative level privileges, and even then reports indicate effective removal is difficult.

  7. David 132 Silver badge
    Happy

    This article made me twitch.

    I’m currently at CES, showing some new technology.

    I thought the only virus-related thing that would intrude on my week would be this covid thing that seems to be popular right now, but noooo….

    We have a number of PCs and laptops here to run our presence - digital signage, tech demos etc - and on at least half of them I’ve had to waste my time removing Norton or McAfee products, on account of their mania for popping up on the screen at inopportune times - “Would you like to renew your subscription?”, “Install our browser plugin?” etc etc. Aaargh. If I could get hold of the eejit that prepped these machines…

    1. JimboSmith Silver badge

      Re: This article made me twitch.

      We have a number of PCs and laptops here to run our presence - digital signage, tech demos etc - and on at least half of them I’ve had to waste my time removing Norton or McAfee products, on account of their mania for popping up on the screen at inopportune times - “Would you like to renew your subscription?”, “Install our browser plugin?” etc etc. Aaargh. If I could get hold of the eejit that prepped these machines…

      I sympathise, I once manned a stand at a trade show and found myself unable to play the video files I had been supplied with. This was because some idiot had done them as an incompatible format for the flat screen tv we had. I spent the last of the set up/construction days converting the files on the worlds slowest phone (mine) because the laptops hadn't arrived by that point. MD turned up midway through the day and asked what I was up to. I explained and he sighed got his phone out, dialled a number and said to whoever answered it "We employ idiots in your department" then hung up.

      He had apparently called the Marketing Director and berated him. The marketing team had been the ones who supplied the videos. Despite them having been told the model of the TV and the formats supported they'd ignored it. MD then called to find out where the laptops were. He liked my ingenuity in using my phone to convert the files in the absence of anything else. Then he went off for a good lunch at the nearest decent pub and left me to my own devices and my own lunch.

      1. David 132 Silver badge
        Thumb Up

        Re: This article made me twitch.

        Heh heh. That’s genius, and I’m sure it made you popular with the marketing director!

        I did a show in London once where as our local VP arrived to do his tour of the very expensive booth, I was up a stepladder gaffer-taping CAT5 cables to the booth structure. The reason why, I had to explain to him, was that the numpties who’d built the booth had laid out all the cabling on the ground, to every location where it’d be needed. And had then built the entire booth right on top of the cables. Crushing every single one. When we were allowed onto the booth, scant hours before go-live, I wasted precious time terminating, testing, rejecting, re-terminating, etc etc, before realizing the root cause.

        Didn’t allow myself to get too cross with the stand builders though. Never argue with a man who has a nail-gun, claw-hammer, and knuckle tattoos. Oh, and who is busy rolling up acres of temporary carpet for disposal…

        1. JimboSmith Silver badge

          Re: This article made me twitch.

          Luckily Amongst all the other cables in my bag I had an OTG one. The metal covered USB stick really got hot doing it. I remember trying various different unusual methods to cool it with available materials. Marketing were not the most popular bunch in the company. I’ve seen a couple of crushed (and one sliced clean in half) network cables in my time and I know what you’ve been through

      2. Andy The Hat Silver badge

        Re: This article made me twitch.

        That sounds like the first episode of The IT Crowd ... " Hello, security? Everyone on floor 4 is fired. Escort them from the premises. And do it as a team. Remember, you're a team and if you can't act as a team, you're fired too." :-)

    2. ZekeStone

      Re: This article made me twitch.

      " If I could get hold of the eejit that prepped these machines…"

      They probably just went with the OEM pre-installed garbage instead of a clean non-OEM install of windows.

  8. Anonymous Coward
    Anonymous Coward

    Hahaa - WTF?

    Sorry. Is this an early April Fools Day joke?

    From experience, there isn't any processor time left after Norton starts doing its "security" tasks anyway. And surely no one with a powerful machine installs this? I only ever find Norton\McAfee on the low hanging fruit where it comes "for free" with the machine...

    Just so many questions as to who thought this was a good idea? Wow!

  9. CuChulainn Silver badge
    Happy

    Compared to What Other Part?

    "Norton 360's... cryptominer... is tricky to delete"

    When I was on tech support, removing Norton in any part or form was 'tricky' at the best of times.

    In many cases, it was necessary to download a specific removal tool from Norton directly to get it off (and there were several variants even of that). And things got a whole lot worse if someone had activated that ridiculous system Norton had at one time which took over the boot process. That thing was quite capable of bricking someone's machine if it went titsup (and it quite often did).

    When that happened, the only way of helping people was to send them the necessary boot disk (also from Norton) that alleged to put things right and remove it completely. Back then (early noughties) people tended to have one computer so only the one means of accessing the internet to download anything.

    As an aside, I get a giggle when I clear out my spam folder periodically and scan down the list of subject headers: 'LAST WARNING: Your Norton Subscription is About to Expire' or 'Your Norton Subscription Has Expired'. Also McAfee.

    Yeah, right. Like I have ever had any Norton installation files on any machine I've owned.

    If anyone ever called about the Norton Suite preinstalled, I told them not to activate it, to delete it, and get AVG Free instead.

    1. Jedit Silver badge
      Boffin

      "removing Norton in any part or form was 'tricky' at the best of times"

      To be fair, making it hard to remove antivirus software isn't a bad idea. If it was easy, virus writers might be able to disable it as part of the payload.

      1. Peter Gray

        Re: "removing Norton in any part or form was 'tricky' at the best of times"

        AVG Free is owned by Avast, who have also just been bought by NortonLifeLock, and which is also including it's own cryptominer software. The same company is also in talks with Avira I believe, anyone want to bet what will happen if they buy them as well?

    2. X5-332960073452
      Stop

      Re: Compared to What Other Part?

      OMG - NO - AVG free is now as bad as Norton and McAfee

  10. Fruit and Nutcase Silver badge
    Alert

    HTML5 Bitcoin paywall

    Norton antivirus'sThe Register's inbuilt cryptominer...

    https://www.theregister.com/2017/04/01/invisible_bitcoin_paywall/

  11. John70

    So not only they opt you in for the annual recurring £84.99 subscription, they are now using your equipment to mine currency and take 15% as commission?

    1. Boothy Silver badge

      They also keep hold of the other 85% for a time, as they also manage your wallet for you, until such as time as it reaches some amount, defined by them of course, before you can actually get at it!

  12. Fred Daggy Bronze badge
    Black Helicopters

    There was once a rumor that most of the computer viruses were written by the AV companies themselves to generate sales. A kind of standover operation.

    I think we have proof here that this is really true. For once, the paraniod were really correct.

    Anyone think that the Norton name has any residual goodwill left? Peter Norton himself, yes, but the software bearing his name?

    1. Hubert Cumberdale Silver badge
    2. Dave314159ggggdffsdds Silver badge

      "There was once a rumor that most of the computer viruses were written by the AV companies themselves to generate sales"

      No. The rumour, since apparently backed up by evidence, was that they were written by one specific AV company - McAfee. Or Kaspersky, if you were an anti-Russian racist who believed what John McAfee told you.

      "Anyone think that the Norton name has any residual goodwill left?"

      Fans of old English motorbikes?

      1. Anonymous Coward
        Anonymous Coward

        It's not necessarily racism to be cautious about any company based in a fascist dictatorship, especially one in the security market.

        1. Anonymous Coward
          Anonymous Coward

          are you referring to McAfee or Kaspersky here?

  13. Andy The Hat Silver badge

    There was a time when a Norton Utilities floppy was really useful. I believe I've even got a dusty copy of Peter Norton's MS-DOS book somewhere (probably alongside "Programming the Microsoft Mouse" ...). The rot set in when he sold to Symantec (1990 according to the font of all knowledge) who, even then, had built a reputation for bloat and system hogging and were only installed by lazy corporates and IT numpties.

    1. Andy A Bronze badge
      Thumb Up

      Who remembers looking inside Ye Olde Norton Utilities executables and seeing the the text Greetings from Peter Norton" ?

    2. Fred Daggy Bronze badge

      I think practically everything sold to Symantec ended up as a dumpster fire.

      1. David 132 Silver badge

        I miss Ghost. Back in the day it was brilliant for cloning Windows machines. Unlike Clonezilla (at least at the time), it had no problem cloning to a larger or smaller drive.

        Symantec bought Ghost and it just turned to a bloated mess.

        1. jtaylor Bronze badge

          Ghost was fabulous! Soon after buying it, Symantec screwed it up so you could no longer run it off a boot floppy. Fortunately, we had bought it from Binary Research, and kept using that simple and efficient version.

          1. Anonymous Coward
            Anonymous Coward

            The Ghost partition or whole disk erase could be booted off a W98 floppy. Very useful to wipe disks before returning kit to IT support - who tended just to reprime the disk for another user.

            Still use it occasionally with a USB floppy or bootable CD - as long as the BIOS disk controller can be set to "IDE". Use BCWIPE and ERASER too - but they tend to be restricted to use on a dedicated PC.

    3. Timbo Bronze badge

      "There was a time when a Norton Utilities floppy was really useful."

      Indeed....I remember getting hold of Norton Utilities v4.5 (this is pre-Symantec) - SpeedDisk was a great defragger, Norton Disk Doctor saved me (and some work PCs) a few times, plus lots of other "neat" programs that had simple functions missing from DOS which was very basic

      And then there was PC Tools and Xtree....both great file/disk managers...and you could fit them all of them on a single 1.2Mb 5 1/4" floppy too.

  14. DrXym Silver badge

    Wow

    A hard to uninstall crypto miner?? Norton is even scuzzier than some of the malware it is supposed to be protecting users from.

  15. Dabooka

    Crikey

    As if Norton wasn't a big enough drain on resources

  16. Rich 2

    What next?

    Maybe an Internet firewall with a built-in deep fake porn builder service?

    As has already been pointed out above, the world is bloody nuts!

  17. Greg D

    Does anyone still use Norton?

    If so, wtf are you doing? Get it out immediately!

  18. CountCadaver

    I wouldn't call 2GB of RAM and a 6GB GPU "Powerful hardware" tbh.....

  19. glennsills

    There has been malware that installs bots on computers for a long time. Anti-malware programs like Norton try to block them, often with success. In this case Norton is installing a bot that works for Norton. Yes, the owner of the Norton license gets most of the money, but that does not change the fact that Norton is using its customers' computers to make money via crypto mining. This is a clear conflict of interest. At the very least, the opt-in policy should be much more explicit, and the executable should not even be downloaded unless the user explicitly agrees.

    The is one of the reasons I use Windows Security instead of a third-party anti-malware program. Microsoft's motivation is to protect the reputation of Windows, and that's it. The third-party tools are scrambling to make a dollar and will occasionally do this sort of drive-by install.

    1. Anonymous Coward
      Anonymous Coward

      Yes, I use Microsoft a lot more than I used to. I was quite negative about it 20 years ago but I think they still only want my money, which paints them in a favourable light compared to the others.

  20. vincent himpe

    we really need to do away with these ununderstandeable eula's.

    make a simple one.

    This software is licenced for usage on x machines . it is not sold : you may use it but do not own it, you cannot resell it. The program is best-effort and may not cover every possible usage case. you will not sue the manufacturer for anything that could be cause by the use or misuse of this program. The program contains technology developed and protected by various means (copyright, trademark, patents). you may not disassemble or peek under the hood (except where allowed by law) . The manufacturer certifies the program only does what is advertised and does not contain any non-declared functionality (spyware). By installing and using the program you accept these terms

    what more does there really need to be in there ?

  21. Armus Squelprom

    Opt-in, my arse

    "Norton Crypto is an opt-in feature only and is not enabled without user permission."

    Perhaps they can show us the dialogue where the customer sees a clear explanation of this function, and then ticks or selects to activate it? Obviously not, what they really mean is "it was buried in the EULA, which only had accept & refuse options". Honestly, who could trust such a scummy company with their IT security?

    1. Boothy Silver badge

      Re: Opt-in, my arse

      Bit like some recent TVs that pop us several EULA windows on first boot, for you to accept before you can use the TV.

      But one of the EULA is for advertising, but you have to read through it to figure that out, and if accepted, it enables adverts in the EPG.

      You can choose to decline that specific EULA, but how often is that ever an option? So most people assume you need to accept to continue, without realising you can actually decline and not get the adverts!

      To me, these type of questions should be explicitly asked, not hidden in a block of text in the EULA.

      i.e. something like:

      Step 1: Do you want to enable adverts? Yes/No (or Crypto etc).

      Step 2a: If No selected, don't enable and move to Step 3.

      Step 2b: If Yes, show the advertising EULA, and allow acceptance or rejection.

      Step 2c: If Accepted, enable adverts, go to step 3.

      Step 2b: If rejected, do not enable adverts, go to step 3.

      Step 3: Next part of the set-up.

      1. David 132 Silver badge
        Thumb Up

        Re: Opt-in, my arse

        Your suggestion is sensible, logical, and would give end-users fair control over their devices.

        So it’ll never, ever happen.

        1. ShortLegs

          Re: Opt-in, my arse

          Except for the basic underlying issue

          Why the f*** do "I" need an EULA to use the TV I bought and legally own. Its mine. I never bought a licence to use the TV, I bought a TV.

          And any EULA would be unenforceable as the EULA was never displayed at purchase. And I doubt no salesperson - ever - bought the existence of an EULA to a customers attention at time of purchase.

  22. Dropper

    Heh Norton

    Over the last few years I've found it installed on enough PCs and laptops to know plenty of people still use it. Without the crypto stuff enabled, it isn't any worse a drag on resources than any other consumer AV software - if you're not still using something you built in the early 90s.

    And in terms of performance/protection, pretty much all mainstream, commercial AV suites are more or less equal - which is to say slightly better than having Windows Defender but a long way short of having real endpoint s/w and h/w protection.

    What I find funny though is how people are proudly stating they ditched products like Norton in comment entered using Google Chrome or Firefox.

    You don't get to be superior about not installing software that makes free use of your PC when you gift tech companies all your personal information. And if you use any social media or have installed a smart device? ROFL at the people that do this and then claim they know what they're doing because they avoid McAfee or Norton.

    1. Spasticus Autisticus
      WTF?

      Re: Heh Norton

      Dear Drooper

      Yep, nope.

  23. ZekeStone

    Why would any AV software ever have garbage like this?

    Seriously... crypto mining garbage should never have made it into the package in the first place.

    I knew Norton was bloated garbage before. But this is a new low...

  24. Matthew "The Worst Writer on the Internet" Saroff

    Peter Norton Must Be Spinning in His Grave

    Yes, I know, he's still alive, but given the tight code that we wrote in the day, the fact that his name is attached to this abomination must be galling to him.

  25. aquamortus

    GDPR customer opt-out. Would this be allowed?

    Could a publisher as part of the subscription agreement insert an opt-out clause for GDPR for meta data and actual data, as well as the subscription itself? The customer could explicitly opt out, which would raise a defense in the event of an enforcement action.

    There could be two-tier pricing, with a higher price for GDPR opt-in, and a discount for GDPR opt-out. This would, among other things, raise awareness of the cost of GDPR compliance as costs are explicitly passed along to the customer, rather than hidden by embedding it.

  26. Kev99 Silver badge

    I did a quick search and sure enough, found Ncrypt.exe on my machine. Is it running? Not according to Task Manager or Advanced Uninstaller. Even double clicking on the file in File Explorer couldn't get it to run.Is this article about a possible tempest in a teapot? Quite possibly.

    I've been running Norton since Norton Utilities v5 came out and have NEVER had any problems. Maybe it's partially because that in addition to Norton Utilities I don't click on every fool link I see or open every email I get. Or waste time downloading games or cryptomining.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022