This one removes toolbars and other junkware:
Recommending by the bleepingcomputer.com people.
Category: Antivirus/Antimalware Tools and Issues
New antijunkware tool
article #588, updated 3872 days ago
Change VIPRE agent server live!!!
article #571, updated 3884 days ago
You can change the server which a VIPRE agent talks to without removal/reinstall!!!
1. Browse to C:\ProgramData\GFI Software\AntiMalware, C:\ProgramData\Sunbelt\AntiMalware, C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware, or C:\Documents and Settings\All Users\Application Data\Sunbelt\Antimalware, depending on version of VIPRE.
2. Delete Policy.xml and Agentsettings.xml
3. Using this registry entry key:
x32:
HKLM\SOFTWARE\SBAMSvc\PolicyServiceMachineName
x64:
HKLM\SOFTWARE\Wow6432Node\SBAMSvc\PolicyServiceMachineName
change the string in PolicyServiceMachineName to the IP or working DNS name of your VIPRE server, then restart service SBAMSvc, and you are in! It will automatically drop the object into default policy of the replacement server.
Manual removal of VIPRE Business agent
article #572, updated 3914 days ago
Silent VIPRE agent MSI install
article #468, updated 3925 days ago
A great command line for silent install of VIPRE agents:
AgentInstaller-SITE-NAME-Workstations-General-EN.MSI /q /qn /promptrestart
Handling Boot Record Viruses
article #521, updated 4046 days ago
An excellent article:
http://cleanbytes.net/the-new-boot-record-viruses-tdl4-how-to-fix-the-master-boot-record-mbr
And resources:
A most recommended method, is to boot from a Windows LiveCD, then download or copy over the current Kaspersky’s TDSSKiller, and do a scan/cleanout with that. Then reboot, and run Hitman Pro for confirmation of deletion.
Remove Trend Micro Worry-Free Business Security Agent
article #505, updated 4095 days ago
Here is a tool:
http://esupport.trendmicro.com/solution/en-us/1057237.aspx
It can be done remotely using pexec, as follows.
First, start a shell:
psexec \\PCNAME -u DOMAIN_OR_PCNAME\login -p password -h -high CMD
Then, in the shell, do thusly:
net use Q: \\SERVER\zip_unpack_location /P:No Q:\UNINSTALL Exit
Three Semi-Manual Antimalware Tools
article #470, updated 4240 days ago
If your usual methods haven’t worked, try all of these:
http://www.securityxploded.com/spydllremover.php
VIPRE Business agent checklist
article #469, updated 4241 days ago
This page will contain an ongoing list of items to check for agent installs, especially in the case of failure to install.
- Under XP, is Simple File Sharing enabled? If so, disabled it.
- Can telnet to the server (per name specified in the policy!) at port 18082? If not, there is a networking problem need fixing.
- Logs showing 1606 errors? Try this: http://support.microsoft.com/kb/886549
- A few others here: http://kb.gfi.com/articles/Skynet_Article/Agent-installation-failed
AVG removal tool
article #119, updated 4243 days ago
Here is AVG’s page which includes the AVG removal tool:
http://www.avg.com/us-en/utilities
A good command line for it is thus:
removeavg.exe /norestart /skipask /silent /deletedirforcehard
You’ll want to replace “removeavg.exe” with the current name of the executable. Also, you will still need to do manual removals of services, possibly toolbars, etcetera; it does not get everything.
Silently Uninstalling Symantec Antivirus 11 and 12
article #451, updated 4276 days ago
For Symantec, rolling one’s own seems usual. I have been doing it using psexec and LabTech command prompt, running the msiexec lines below remotely. One has to get the long code first via regedit. Examples are below under major subversions. But before you do that, make sure there’s no password protection on the client. There are two locations.
First in here:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
and make sure SmcGuiHasPassword is 0.
Second, in here:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security
make sure UseVPUninstallPassword is 0.
And now for some example msiexec lines. The /q is apparently needed just as the /qn, and the last two (very sparsely documented) items appear helpful as well. The GUID (the long code) is the tough part. It comes from:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
searching for “Symantec Endpoint Protection”, and it is possible to have more than one sub-subversion — and therefore more than one GUID — needed within a given LAN, mostly depending on update status.
for 12.1:
MsiExec.exe /X {EFCC6FA1-8F3F-46E6-B7BF-8336CCD3DA67} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {BCE5F3B0-8407-42DB-8073-1812F7D2D1E6} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
for 12.0:
MsiExec.exe /X {895665D9-6614-4930-9D39-3567283DD424} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {D350A6A1-044F-4E19-8267-F1C44775CFC2} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {84B70C16-7032-41EE-965C-3C8D9D566CBB} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
for 11.0:
MsiExec.exe /X {26624215-248C-4F88-A415-35301812FB75} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
MsiExec.exe /X {AAE221D5-C3DD-4FE2-A063-C1368FE730A5} /q /qn /norestart REBOOT=ReallySuppress REMOVE=ALL
msiexec.exe /X {84B70C16-7032-41EE-965C-3C8D9D566CBB} /q /qn /norestart /REBOOT=ReallySuppress REMOVE=ALL
It can take a while — but it happens very silently.