Clean-Up Tool for Comodo Internet Security (OLD)

Updated Version Available!

This is a batch file for removing left-over files and registry entries. It should only be used if:

  • You can’t uninstall Comodo Internet Security
  • You can’t install Comodo Internet Security
  • Comodo Internet Security is already uninstalled, and you want to make sure everything’s gone

The batch file will remove files and registry entries associated with the following components:

  • Firewall
  • Antivirus
  • Defense+
  • Ask Toolbar, Hopsurf Toolbar, Live PC Support and SafeSurf

Vista users will have to run the batch file as an administrator. For Windows XP-users, make sure you’re logged in on an administrator account.

Registered users: Download the attachment at the end of this post.
Non-registered users: Download from one of the following locations:
http://rapidshare.com/files/406373715/CIS_Clean-up_Tool.zip
http://www.mediafire.com/file/mozuzj0dnnv/CIS%20Clean-up%20Tool.zip

Now unzip it using Windows built-in extractor or a software like WinRAR or 7-zip, and then run it.

Created by Ragwing. Send a PM if you should have questions or feedback.
Last updated: July 11, 2010

Note: This tool is NOT provided by Comodo Group. Comodo Group holds no responsibility for the potential damage caused by using this tool.

[attachment deleted by admin]

Thanks :a0

I looked at the batch file and it needs modification for Vista/Win7. Currently looking into the paths and will test it tomorrow after I uninstall CIS for a clean install of v3.9.

Found a glitch in the batch file: cd %systemdrive%\Documents and Settings\All Users[b]Skrivbord[/b]" wouldn’t that be cd %systemdrive%\Documents and Settings\All Users[b]Desktop[/b]"?

Not if you have a Swedish version of Windows. :smiley:

[attachment deleted by admin]

LOLOLOL… I had to look up the word skrivboard and find out what it was in what language.

With versions other than the English version the underlying paths are still in English even though Explorer may show your local language IIRC.

The tool does not remove the Comodo folder in Program files and it also does not remove Comodo Group and some other registry entries that are clearly marked Comodo Internet Security.

You Are Right. When I Checked With The Batch File It Has Entry Pointing To HKEY_CURRENT_USER\Software\ComodoGroup\CFP and Nothing About HKEY_CURRENT_USER\Software\ComodoGroup\COMODO Internet Security - RC2. And As You Mentioned I Can Find Other Entries Also Which Is Been Left Out. Thats Why I Have Raised The Question Before Whether The Tool Is For Any Previous Release Version Of CIS Or Its Common For All The Versions.

EricJH Has Mentioned That He Is Checking With This. Hope He Will Be Comming Up With An Update Soon.

The tool does not remove the Comodo program files folder or some other COMODO entries (e.g. some registry entries) because they are related to other COMODO software installed on the PC (even if they are marked ‘CIS’). If you want a tool that removes ALL COMODO entries, well, PM Ragwing. :wink:

And yes, I guess it is safe to say that this was made for the current CIS version that was out at that time seeing as keys like ‘HKEY_CURRENT_USER\Software\ComodoGroup\COMODO Internet Security - RC2’ aren’t removed.

thank u 4 this tool ,

*** NOT WORKING ***
when i run the setup, i got message saying there is an old version already installed on my system (x64)

not the 1st time it’s happeing, i got that also with previous builds… so really this is annoying
it was fixed before with format & windows resintall but i do not want to that at this time, so help me to find a solution please!

I’m running now an another product : Agnitum Outpost Firewall (more faster btw & support for IPV6 & true working support for Windows7 but I’m still on XP x64 for few more weeks, and wow no more slow booting like with Comodo but still very effective to catch all suspicious activities when u load Windows), I’m on trial now but I’m gonna try again ZoneAlarm that was my favourite before Comodo!!)

What is wrong with Comodo products?

  • Why adding spyware like SafeSurf / Asktoolbar by default ?
  • Why trusttoolbar.com used before ? (still detected by Agnitum Firewall when i surf to comodo.com)
  • Why no 100% working uninstall exe procedure since the 1st initial Comodo Firewall release? (I’m an old user but I’m getting tired now that nothing is fixed)
  • Why no support for minidumps posted ? I posted like >100 minidumps (BSOD,…) and still no answer to solve them ! This is so annoying and unprofessionnal…

STEPS DONE * HELP IS QUICKLY NEEDED !!! <<< <<< <<<
(nothing bellow has worked, still unable to fully delete & reinstall Comodo CIS)

  • Add/Remove Programs (not present)
  • batch tool
    CIS File+Registry Cleaner.bat
    CFP 3 File+Registry Cleaner.bat

there were still leftovers keys :

REG DELETE “HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Comodo Antivirus” /F
REG DELETE “HKEY_CLASSES_ROOT\file\shellex\ContextMenuHandlers\Comodo Antivirus” /F
REG DELETE “HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Comodo Antivirus” /F
REG DELETE “HKEY_CURRENT_USER\Software\ComodoGroup\COMODO Internet Security” /F
REG DELETE “HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog” /F
REG DELETE “HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\COMODO Internet Security - Log Viewer” /F
REG DELETE “HKEY_LOCAL_MACHINE\Sofware\Microsoft\Windows\CurrentVersion\Uninstall\Comodo Internet Security” /F
REG DELETE "HKEY_CURRENT_USER\Software\CFP\COMODO Firewall" /F
REG DELETE “HKEY_CURRENT_USER\Software\ComodoGroup” /F

and also

HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\software\Wow6432Node\comodogroup
HKEY_LOCAL_MACHINE\software\Wow6432Node\comodogroup\CSC
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdhlp\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdguard\0000
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\legacy_cmdagent\0000
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\Approved\

& more :

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP

  • RegVac

  • RegEdit (to manually remove leftovers keys)

  • CCleaner (nothing in safe mode & then broken Windows in advanced mode)

  • j16 PowerTools (nothing in safe mode & then broken even more Windows in advanced mode)

  • Manually uninstall of CFP 2.x (fwconfig -uninstall → ask to reboot → & fwconfig & clicapi.dll are deleted)
    tool found here : Comodo Forum

  • removing services : CmdAgent & CmdMon
    (there were NOT present)

  • Device Manager > View > Show Hidden Devices > Non-Plug and Play Drivers
    no such thing like “Non-Plug and Play Drivers” are listed so no entries for Comodo like :

    Comodo Application Engine
    Comodo Network Engine

  • WMI Service
    . Stop the the WMI Service (in admin > services)
    . Delete the “repository” folder in C:\windows\system32\wbem
    . start the WMI Service. Starting the service rebuilds the deleted folder and the database.

before stoping the WMI service i checked inside WBEM folder but there is no folder/file called “repository”
if i stop & restart the service (put on autostart), the folder ISN’T recreated anyway…

I’m surprised,seems to me a company smart enough to put it on, should have a clean-up tool to take it off and clean up. Thanks

Just a suggestion but this is what I use when I’m uninstalling something.Revo Uninstaller, it’s completely free and it removes the program properties & their registry entries when uninstalling.Revo works great if you know how to use it, so READ about it.Hope this helps. Download Revo Uninstaller

But Revo Uninstaller is not working on Win x64.

I run xp x64 and it works fine for me.

Both removal tools, CIS File+Registry Cleaner.bat and CFP 3 File+Registry Cleaner.bat, are defective.

Pinned to the archive boards is https://forums.comodo.com/help_for_v3-b105.0/
“Full Removal of Comodo Firewall Pro 3 with SafeSurf Toolbar (If Regular Uninstall Method Fails)”

In the middle of the first post are many registry keys to be deleted, including :-


kk.  HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x32
ll.  HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x64
mm.  HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog
nn.  HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission
oo.  HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro

Both the batch files convert the first 3 deletion targets into a single mishmash, only the last two are correct.


REG DELETE "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog" /F
REG DELETE "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission" /F
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro" /F

After running the batch script I still have an awful lot of very ancient registry keys in
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog

There is one good thing about their continued presence,
having found the REG DELETE target error their presence shows that a script glitch did not cause REG.EXE to trash other applications within
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\ *

I started this post to get advice upon the intention and consequences of the mishmash,
since I have little experience (and never wanted it) of REG.EXE.

I am now satisfied that it does not cause damage to innocent registry keys, and only omits to delete intended targets.

But if you too run the deletion scripts, be warned that three keys escape deletion.
Also take note that deletion FAILURE for files, folder, or registry keys is ignored by the scripts,
and you still get a false assurance
“All remains of Comodo Internet Security should now be gone!”

I am re-working a script to avoid those problems in preparation for upgrading my protection;
the last time I tried this Windows got a bit damaged, probably caused by the script.

I will submit my new script once I have tested it on myself.

Regards
Alan

in my opinion instead of having a script just use revo uninstaller set to moderate, that will remove anything that is left over from comodo, be it registry keys or files. I have used it to remove comodo over a dozen times to test it and it has always removed everything and comodo has always reinstalled just fine.

I disagree.

I used RevoUninstaller to launch the Comodo built in removal, and to supplement with a few extra remnants that it found. After this I used the CFP 3 File+Registry Cleaner.bat

I noticed “inaccessible” amongst all the many errors that flashed across the command window,
and immediately recognised that something that was told to go had chosen to stay.

Only I saw that, nothing else saw it or warned me, instead I was told
“All remains of Comodo Internet Security should now be gone!”

I cancelled various echo off commands and configured a CMD shell with a tremendous display memory and eventually found that after running the script many times it was still getting inaccessible errors when deleting various
“HKEY_LOCAL_MACHINE\SYSTEM* ControlSet * \Services\Inspect”.

I then launched RegEdit and took ownership of those keys, then I ran the script and they gave no more trouble.

The existing script uses REG.EXE to delete keys, and ignores any permissions issues
Regseeker will search for targets and delete and pretend success, ignoring permissions issues.
I do not know if RevoUninstaller failed to detect the …\Inspect key, or if it too assumes that keys will go when they are told to.

This is why I am slightly tweaking an existing script - every deletion will be tested and if it failed the target will be logged, after which it will be very easy to manually seize authoririty over what was stuck.

Regards
Alan

I would realy appreciate advice upon repairing the registry with the commands

NET STOP WINMGMT /Y
cd "%windir%\system32\wbem\"
RD /S /Q "Repository"
NET START WINMGMT /Y

The existing scripts do this. Why ? What has caused damage that merits repair ?
Is damage caused by the script deleting things ?
Does the initial removal built into Comodo do damage ?

I am very reluctant to perform this.

Three months ago I used the removal script and afterwards the Application event log showed Wimngmt errors for each of 4 off “.NET Framework” *.MOF files.

I rebooted several times with no further errors and hoped that Windows had succeeded in recovering.
I installed the latest C.I.S. and a few days later I noticed that 50 new *.MOF files had appeared in the repository, and dberr.txt error messages were accumulating at 30 minute intervals. The new *.MOF files were created at the same time as the Winmgmt errors.

I was told I had a corrupt registry and it needed repairing, and I was told how to repair it. But I still have problems.

I am going to restore an image of C:\ before it was damaged, and repeat WITH MUCH GREATER CARE the removal of the old Comodo. Now that I am enhancing the clean-up script I see it includes the repository repair commands, and think this could be what broke Windows.

I now realise that when I repeatedly ran the script a dozen times trying to identify what was inaccessible, that each time I was rebuilding the repository.
It is far too much of a coincidence that after rebuilding 12 times it is now broken ! ! !

The rebuild does take some time, so some of the dozen script launches were so close together that the rebuild may have been aborted either before it started or in mid-process.

If I do rebuild the repository I will ensure it is only done the once and allowed plenty of time to complete,
but before I do a rebuild I would like to know why I need to, and what benefit I will get, and what risks I run if I refrain

Regards
Alan

This command is used to clean out left over registrations for the Security Center entries like Firewall and AV.

It could be that CIS is uninstalled but that the registration for Security Center is still active… this command cleans out and rebuilds the repository that keeps that information.

Thank you

May I safely assume I do not need to rebuild the repository unless :-
I receive system event log errors referring to the Security Centre ; or
I fail to achieve a new install of Comodo because it thinks the old one is still installed ?

Regards
Alan