VIPRE Agent Removal Script, also helpful for failed agent installs

article #448, updated 1030 days ago

The script below was written using the VIPRE manual recommends. It can be downloaded here as RemoveVIPRE.cmd. It leaves a problematical remnant for which you will need msicuu2. Very corrupt agents may need further intervention, e.g., manual removal of files and folders, clearing of system and profile temp files, and possibly registry deletions as well.

@echo off

echo --------------------------------------------
echo ------- VIPRE Removal Script by J.E.B. -----
echo --------------- version 3.1 ----------------
echo --------------------------------------------
echo ---------------- 2013-08-09 ----------------
echo --------------------------------------------

net stop sbamsvc
net stop sbapifs
net stop sbemi
net stop sbhips
net stop SBPIMSvc
net stop sbre
net stop sbtis
net stop sbfwimcl
net stop sbfwimclmp
net stop gfi_lanss10_attservice

taskkill /F /IM SBPIMSvc.exe
taskkill /F /IM SBAMSvc.exe
taskkill /F /IM SBAMTray.exe
taskkill /f /im SBRC.EXE

sc delete sbamsvc
sc delete sbapifs
sc delete sbemi
sc delete sbhips
sc delete SBPIMSvc
sc delete sbre
sc delete sbtis
sc delete sbfwimcl
sc delete sbfwimclmp
sc delete gfi_lanss10_attservice

REM *** First change permissions on general registry keys ***

echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAPIFS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBEMI [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBHIPS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBPIMSVC [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBRE [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\Sbtis [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCL [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCLMP [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\2B680A936D70B034EAE58BCAC18C347A [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\1363B974717ACE24EB715AECFB5698B1 [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574 [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Then remove general registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAMSvc /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAPIFS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBEMI /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBHIPS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBPIMSVC /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBRE /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbtis /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCL /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCLMP /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice /f

REG DELETE HKEY_CLASSES_ROOT\Installer\Products\2B680A936D70B034EAE58BCAC18C347A /F
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\1363B974717ACE24EB715AECFB5698B1 /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574" /f

REM *** Change permissions on x86-specific registry keys ***

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI\LNSS10 [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x86-specific registry keys ***

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\SBAMSvc" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI\LNSS10" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REM *** Change permissions on x64-specific registry keys ***

echo \registry\machine\SOFTWARE\Wow6432Node\SBAMSvc [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Wow6432Node\GFI\LNSS10 [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x64-specific registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\LNSS10" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REM *** Clean up misc items from VIPRE support sessions etc. ***

DEL "%USERPROFILE%\appdata\local\temp\removevipre\sbrc.exe"
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBRegRebootCleaner" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBAMTray" /f

REM *** Finish up. ***

del RemoveVIPRE.regfix

RegSvr32 /u /s SBAMScanShellExt.DLL

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\LanGuard 10 Agent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\Sunbelt Software\SBEAgent"

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\Sunbelt Software\SBEAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\LanGuard 10 Agent"

RMDIR /S /Q "%AppData%\Sunbelt\Antimalware"
RMDIR /S /Q "%AppData%\Sunbelt Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\LanGuard 10"

echo ---------------------------
echo ---------------------------
echo RemoveVIPRE completed.
echo ---------------------------
echo ---------------------------

Categories:   VIPRE Antivirus   Antivirus/Antimalware Tools and Issues