Author Topic: Clean-Up Tool for Comodo Internet Security (OLD)  (Read 301594 times)

Offline Alan Borer

  • Comodo's Hero
  • *****
  • Posts: 526
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #30 on: January 25, 2010, 10:52:09 AM »
Attached is a file showing the result of running my new script on my PC.
This is only the first "LIST" stage which identifies the items to be KILLED,
and whether they are actually FOUND or ABSENT on this system at this time.

The report concludes with
Code: [Select]
PATHS    :- VALID = 8; FROZEN = 0;             ABSENT = 2
FILES    :- FOUND = 8; FROZEN = 0; KILLED = 0; ABSENT = 8
REG_Keys :- FOUND = 44; FROZEN = 0; KILLED = 0; ABSENT = 99
NEED FIX :- FOUND = 52; FROZEN = 0; KILLED = 0;
52 Off Permissions/Residuals to correct.

On this XP Home edition SP3 system with an intact fully operational CIS v3.13 it finds :-
8 files and 44 Registry Keys that should be removed ;
8 files and 99 Registry keys that are ABSENT.

The 8 + 99 = 107 ABSENT items may need spelling corrections.
Otherwise I suspect they may occur on systems with the ASK Tool Bar,
or with an earlier version of Comodo, or with a different operating system.

Please advise me of any errors or omissions in the list of removal targets.

I intend to evaluate the performance of this script upon both CIS 3.13 and 3.5,
comparing this script with the use of Revouninstaller,
and then post results together with my "final" cleanup script.

I will disconnect the LAN cable for safety from the internet before un-installing CIS.

I find that when I set Comodo Configuration to Install/Uninstall it disables Defense+ and AntiVirus,
but the Firewall remains in SAFE mode.

Would it be prudent to additionally disable the Firewall ?
Is there anything else that could interfere with removal ?
Is it prudent to reboot BEFORE removal so that all these disablements have taken full effect ?

Regards
Alan
« Last Edit: January 25, 2010, 10:54:07 AM by Alan Borer »

Offline Alan Borer

  • Comodo's Hero
  • *****
  • Posts: 526
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #31 on: January 28, 2010, 04:34:29 PM »
I attach ZapBeta.txt - please rename as *.BAT.  It is "perfect" and proven for removing Comodo 3.13.etc.
I will take this out of Beta when I have exhaustively tested this upon a system image that was badly trashed using a script I downloaded and ran last year without inspecting.

The benefits over the previous clean-up scripts are :-
1. It clearly identifies every obstinate file/folder/registry-key that refuses to go away;
2. All "DEL" and "RD" commands are skipped if the intended path does not exist
(otherwise the wrong file in a different path could be deleted if it has the same target name)
3. "DEL" and "RD" commands WILL hit their targets even if this script is run from a FLASH drive.

Note - the target is hit by "DEL %WINDIR%\SYSTEM32\GUARD32.DLL"
It is now also hit by "CD /D %WINDIR%\SYSTEM32\" followed by "DEL GUARD32.DLL"
Previous scripts could fail with "CD %WINDIR%\SYSTEM32\" because "DEL GUARD32.DLL" might be looking at the wrong path on the drive that holds the script.

NB Subtle feature, I actually use "DEL GUARD32.DLL*" because I found older variants DLL1 and DLL2 - obviously when Comodo was replaced years ago guard32.dll was protected from deletion during the clean-up, but during the subsequent installation it was not protected so the installer was able to get the old version out of the way - unfortunately by renaming it instead of deleting it.

I disconnected the LAN cable to the Internet for safety and achieved perfect purging by :-
1) disabling Anti-virus and Defence+ and Firewall to avoid any possible gotchas
2) using START \ ALLPROGRAMS \ Comodo \ "Uninstal or Upgrade" link
3) rebooting when complete
4) running my new script.
NB if the stage 3 reboot is omitted, several files are still locked and cannot be removed until a reboot and a further rerun.
NB I fo not know if the disablement of stage 1 is needed - but if I keep on testing I will never post.

After purging with my cleanup script, I had no problem re-installing Comodo.

USEFUL HINT - DO NOT REBOOT WHEN A NEW INSTALLATION IS FINISHED -
Instead, FIRST seize the opportunity to replace the 2 off dummy 4.5 MB "bases.cav" files with previously copied or downloaded versions of the real 91 MB "bases.cav" -
Comodo does NOT protect its files until AFTER the reboot.
THEN you should reboot to complete installation and protection.

Regards
Alan

Offline L.A.R. Grizzly

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1679
  • Akron, Ohio, USA
    • Grizzly's Home Page
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #32 on: February 07, 2010, 09:13:48 PM »
Just a suggestion but this is what I use when I'm uninstalling something.Revo Uninstaller, it's completely free and it removes the program properties & their registry entries when uninstalling.Revo works great if you know how to use it, so READ about it.Hope this helps. Download Revo Uninstaller

Revo also has a nice portable version which can be run from a flash drive:

http://www.revouninstaller.com/revo_uninstaller_free_download_other.html
Main Machine: AMD FX-8320 8 Core 3.50 GHz - 16 GB G.Skill DDR3 RAM - nVidia GT610 Graphics
Main Machine: Win7 Pro SP1 64 Bit - Second Machine: Win7 Pro SP1 32 Bit - Laptop: WinXP Pro SP3 32 Bit
CIS 7.0.317799.4142

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #33 on: February 15, 2010, 06:21:15 PM »
Hi Alan, I think I'm getting completely mad!! I run your BAT routine but there are still 2 registry keys that remain FROZEN. I mean I cannot access them from within regedit. The keys are:

HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro and all subsequents (child)

NB. I used CIS free version 3.13 ...

Any suggestions? Did I forgot some actions?
Thanks for helping.

PS. Could you be more specific about that "bases.cav" file? What it that? Where to download it? Or it's a file that come from an installation or upgrade?

Thanks again.

Riki

I attach ZapBeta.txt - please rename as *.BAT.  It is "perfect" and proven for removing Comodo 3.13.etc.
I will take this out of Beta when I have exhaustively tested this upon a system image that was badly trashed using a script I downloaded and ran last year without inspecting.

The benefits over the previous clean-up scripts are :-
1. It clearly identifies every obstinate file/folder/registry-key that refuses to go away;
2. All "DEL" and "RD" commands are skipped if the intended path does not exist
(otherwise the wrong file in a different path could be deleted if it has the same target name)
3. "DEL" and "RD" commands WILL hit their targets even if this script is run from a FLASH drive.

Note - the target is hit by "DEL %WINDIR%\SYSTEM32\GUARD32.DLL"
It is now also hit by "CD /D %WINDIR%\SYSTEM32\" followed by "DEL GUARD32.DLL"
Previous scripts could fail with "CD %WINDIR%\SYSTEM32\" because "DEL GUARD32.DLL" might be looking at the wrong path on the drive that holds the script.

NB Subtle feature, I actually use "DEL GUARD32.DLL*" because I found older variants DLL1 and DLL2 - obviously when Comodo was replaced years ago guard32.dll was protected from deletion during the clean-up, but during the subsequent installation it was not protected so the installer was able to get the old version out of the way - unfortunately by renaming it instead of deleting it.

I disconnected the LAN cable to the Internet for safety and achieved perfect purging by :-
1) disabling Anti-virus and Defence+ and Firewall to avoid any possible gotchas
2) using START \ ALLPROGRAMS \ Comodo \ "Uninstal or Upgrade" link
3) rebooting when complete
4) running my new script.
NB if the stage 3 reboot is omitted, several files are still locked and cannot be removed until a reboot and a further rerun.
NB I fo not know if the disablement of stage 1 is needed - but if I keep on testing I will never post.

After purging with my cleanup script, I had no problem re-installing Comodo.

USEFUL HINT - DO NOT REBOOT WHEN A NEW INSTALLATION IS FINISHED -
Instead, FIRST seize the opportunity to replace the 2 off dummy 4.5 MB "bases.cav" files with previously copied or downloaded versions of the real 91 MB "bases.cav" -
Comodo does NOT protect its files until AFTER the reboot.
THEN you should reboot to complete installation and protection.

Regards
Alan

« Last Edit: February 16, 2010, 04:15:31 AM by Maverik »

Offline Alan Borer

  • Comodo's Hero
  • *****
  • Posts: 526
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #34 on: February 16, 2010, 06:55:18 AM »
Hi

I have several posts in this topic.  This one is relevant to you


I noticed "inaccessible" amongst all the many errors that flashed across the command window,
and immediately recognised that something that was told to go had chosen to stay.

Only I saw that, nothing else saw it or warned me, instead I was told
"All remains of Comodo Internet Security should now be gone!"

...  it was still getting inaccessible errors when deleting various
"HKEY_LOCAL_MACHINE\SYSTEM\* ControlSet * \Services\Inspect".

I then launched RegEdit and took ownership of those keys, then I ran the script and they gave no more trouble.

The existing script uses REG.EXE to delete keys, and ignores any permissions issues
Regseeker will search for targets and delete and pretend success, ignoring permissions issues.
I do not know if RevoUninstaller failed to detect the ...\Inspect key, or if it too assumes that keys will go when they are told to.

This is why I am slightly tweaking an existing script - every deletion will be tested and if it failed the target will be logged, after which it will be very easy to manually seize authority over what was stuck.

Regards
Alan

The intended benefit of my script is to clearly show the files / folders / keys that Windows has retained.
I am afraid it is up to you to step in and "take ownership".
I have used CACLS to deal with Files and Folders, and RegEdit to deal with registry keys.

I would rather not risk making a mistake when giving you specific guidance on how to do these things.
I am sure there are more experienced and capable people that can advise you.
I will suggest using ERUNT as a registry backup.

Bases.cav is held in
C:\Program Files\COMODO\COMODO Internet Security\scanners

Regards
Alan

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #35 on: February 16, 2010, 09:04:08 AM »
Thanks Alan, indeed I found your script extremely useful in finding those pesky frozen keys.
What is driving me mad is that I cannot succeed in obtaining the necessary privileges/permissions whatsoever, nor logging as administrator neither starting WinXP Pro in safe mode. The result is always the same. Those keys remain inaccessible. I wonder if the cause is due to a system crash occurred when I was removing CIS. I figured out that the crash prevented CIS from freeing those keys and now I'm afraid that nothing could do the task. Am I right? (this question is for everyone who has the knowledge to help me, thanks in advance).
Could it be a solution reinstalling CIS and following Alan's procedure to remove it again?

Many thanks
Riki

Offline Alan Borer

  • Comodo's Hero
  • *****
  • Posts: 526
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #36 on: February 16, 2010, 11:12:42 AM »
Comodo protects some of its files and keys so malware cannot kill it.
I think this is now done in Defense+

This protection can probably be cancelled before removing Comodo,
but I assume that simply un-installing Comodo should also notify Windows to cancel protection,
but if the system crashed during un-installation then keys may be frozen.

My daughter bought our laptop, and as sole user and administrator installed Comodo 2.4.
She subsequently passed this on to me and I became administrator with a new profile,
whilst she retained her profile but dropped down to User level.

When I upgraded Comodo there was no crash, but I could not update due to a frozen registry key.
This might have been a fault of Comodo, but Windows can trash its own registry without needing third party assistance.  Perhaps Windows might have allowed removal had my daughter still been administrator.

This registry editor solved my problem, and should solve yours.
Registrar Lite - v 2.00 build 200.30803, August 2nd 2002
I obtained it free of charge from  http://www.resplendence.com
Unfortunately this old version does not seem to be available from them now,
and the newer versions are more powerful at a cost,
or a bit crippled for the free versions.

It is however available from
http://www.majorgeeks.com/download469.html

That tool allowed me to see that the main Comodo key had about 2000 keys in about 6 sub-levels,
and two were marked RED and inaccessible and for that reason they could not be deleted and therefore the parent keys that contained them could not be deleted.

I selected the main Comodo key and right clicked for Properties,
and then I had buttons for Permissions and Take Ownership.
3 or 4 more clicks and I owned the lot and one more click eliminated them.
I forget exactly what I did and cannot test it because I am now tracking down a problem with my system.
Just be very careful and consider using ERUNT as a backup.

n.b. You can also right click keys with Windows RegEdit,
but that is a game of "blind man's buff" - so many ways to go wrong.

Regards
Alan

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #37 on: February 16, 2010, 11:27:08 AM »
Thanks Alan for your advices. Will try again this evening.

Regards
Riki

Offline L.A.R. Grizzly

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1679
  • Akron, Ohio, USA
    • Grizzly's Home Page
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #38 on: February 16, 2010, 11:39:56 AM »
Thanks Alan for your advices. Will try again this evening.

Regards
Riki

There is a possibility that Comodo Registry Cleaner (in the Comodo System Cleaner Suite) may clean up your registry problem if you can't find a solution.

http://www.comodo.com/home/support-maintenance/system-cleaner.php
Main Machine: AMD FX-8320 8 Core 3.50 GHz - 16 GB G.Skill DDR3 RAM - nVidia GT610 Graphics
Main Machine: Win7 Pro SP1 64 Bit - Second Machine: Win7 Pro SP1 32 Bit - Laptop: WinXP Pro SP3 32 Bit
CIS 7.0.317799.4142

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #39 on: February 16, 2010, 02:53:25 PM »
Thanks for the advice Grizzly but I already tried that ... no joy.
Anyway at the moment I installed CIS 3.14. ... (last rev.) and apart from the weird fact that the "diagnostics" reports that there is a problem in the integrity of the installation which cannot be solved (WHY??), CIS seems working ... let's see.

Regards
Riki

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #40 on: February 17, 2010, 03:55:03 AM »
 ??? I've spoken too early ...
CIS seems not to remember the decisions I make when instructing how to manage applications that want to access this things and this things etc.
Let's start from the beginning

1. Installed CIS 3.14. ... reboot as requested

2. CIS recognized my LAN (ethernet cable to ADSL modem) and my WIFI adapter

3. Tested my web connection (mail, browser, my IL2 1946 simulator) and CIS warned me that Hyperlobby client wanted to access some registry keys (normal) and other things, gave permission, OK.

4. Opened Pentax Photo Laboratory and when tried to browse for a photo, CIS warned me that the application wanted to access explorer in RAM. Now this was a normal behavior; what is wrong now is that CIS in unable to remember my decision ... ??!! Each time I was browsing CIS warned me ...

5. At this time decided to try a complete and clean uninstall. Launched REVO uninstaller (free version) let the process went on and when asked to reboot, I didn't letting REVO to proceed with its scan. REVO actually found a lot of things and deleted them all (almost).

6. Without rebooting, launched Alan's script, which went good as before, reporting at the end that only 2 keys were left because of protection issues (as it happened yesterday)

And at this point I'm completely stuck; there's no way to delete those keys (logging as administrator, power user, in safe mode ... you name it) which by completeness are listed below.

HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro and all subsequents

Registar marks some subkeys with a green key, which confirms that there is a protection I can't override ... OK for the moment I give up and I'm relying on Microsoft Security Essential, but in the future I'd like to go back on CIS if someone (maybe some of the COMODO code engineers) can give me some other ideas on deleting that keys.

Thanks to all
Riki

Offline Alan Borer

  • Comodo's Hero
  • *****
  • Posts: 526
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #41 on: February 17, 2010, 12:28:36 PM »
Registar marks some subkeys with a green key, which confirms that there is a protection I can't override ... OK for the moment I give up and I'm relying on Microsoft Security Essential, but in the future I'd like to go back on CIS if someone (maybe some of the COMODO code engineers) can give me some other ideas on deleting that keys.

I do not know what you did wrong, but your results are NOT possible on my system.

Before posting the link to  http://www.majorgeeks.com/download469.html
I downloaded it and unzipped and found an *.exe package identical to what I am using.

If you have GREEN instead of RED for No Access,
you got the WRONG Registrar Lite,
or your colour rendering is not the same as mine.

These snapshots illustrate how to delete the inaccessible :-

sshot-128  Registrar Lite version 2.00, build 200.30803  
Alan2 is NOT GREEN, BUT RED and is not accessible

sshot-129  When I shifted focus from Extra to Alan2, the right hand side went to ACCESS DENIED
I persisted with right click / export and selected a destination for the export,
BUT finally received "Error exporting key: Access is denied.
That key is protected against WRITE, DELETE, and even READ.

sshot-130  Right click / properties :- about to take ownership
sshot-131  Took ownership
sshot-132  About to alter permissions
sshot-133  I was denied Read and Full Control - but so were all the other groups
sshot-134  I Removed the DENY and asserted Allow for all accounts
sshot-135  CREATOR OWNER also accepted BOLD allows - the others became greyed out Allows
sshot-136  After accept / O.K. etc it still shows ACCESS DENIED - but that is out of date
sshot-137  By backing up to Extra and then returning to Alan2 we can see "a bit of text"
sshot-138  Backing up to Extra again the left column has not been refreshed - still got RED
sshot-139  By collapsing ComodoGroup tree, when it is expanded Alan2 is refreshed - Now YELLOW.

Alan2 is now available for deleting -
but I am keeping this as a test for my script to ensure any "enhancements" will not damage the ability to report deletion failures.

Regards
Alan

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #42 on: February 17, 2010, 06:31:11 PM »
DEAR Alan!!!
that was inspiring!!! I realized that I dowloaded Registar rev. 6.5 ... :-[. BTW in rev. 6.5 the name of the key is in red when access is denied and the folder icon has a small green key superimposed.
I tried to follow your link but no download was present ... ?? I searched for "registrar" but I found a file which is again rev. 6.5 ... Is there any way to send your rev to me? I could send my email in PM ...
It's late right now, hope tomorrow to post pics about your steps applied to my problem. Right now I can say that a right click on folder icons opens a dialog window as in your case, but the [Permission], [Auditing] and [Take Ownership] buttons are dimmed. Guess this lite version is pretty useless ...

Many thanks

Riki
« Last Edit: February 17, 2010, 07:05:51 PM by Maverik »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 18736
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #43 on: February 17, 2010, 09:52:39 PM »
The provided url by Alan is empty indeed. I did the same thing as Maverick and I used the search function of MG and found the v6.5.

I was noticing Maverick didn't reboot after uninstalling. Does that make a difference?

Offline Maverik

  • Newbie
  • *
  • Posts: 12
Re: Clean-Up Tool for Comodo Internet Security (OLD)
« Reply #44 on: February 18, 2010, 04:27:56 AM »
Hallo, in the past I also try with a reboot after CIS had been uninstalled ... same story. The key I reported stay there, stuck and impossible to remove ...

Regards
Riki

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek