There may be a glaringly obvious solution to this, but if so, I can't see it. . .
We've just returned to a frozen UK after a lengthy stay in the Canary Islands, where I seem to have spent an inordinate amount of time trying to fix a friend's computer. The computer in question is a five-year-old Dell laptop running Windows XP Media Center OS. When our friends purchased it, an acquaintance of theirs installed a time-limited trial version of Kaspersky AV / Kaspersky Internet Security (I'm not familiar with Kaspersky, so don't know if these are two separate apps or one that's all-embracing.)
When the trial period ran out, our friends --who aren't computer literate -- decided not to pay for a license and so installed AVG Free instead. In recent months, they've somehow managed to infect the laptop with various trojans and malware to the point that when we arrived from the airport, their computer was barely functioning.
I set about cleaning the thing up with Malwarebytes and SUPER as well as HiJack This and got rid of all the nasties. I also dumped AVG and installed Avast AV instead. Routinely, I checked to see if they were running a firewall and yes, they were: the Windows Firewall. I also Revo'd the machine to check out apps / publishers and installation dates. . . and discovered Kaspersky was stll showing, even though they'd told me that they had uninstalled it. Yeah. Right.
So-oo. . . I Revo'd Kaspersky and that was that. Or so it seemed. Configuring the new AV replacement, Avast reported that it couldn't function properly because it had detected another AV running at the same time. Huh? I did the usual check of running processes and start-ups and services etc etc but couldn't find a trace of Kaspersky anywhere.
As our computer illiterate friends had set their laptop to always receive and install, atuomatically, every Windows update Microsoft cared to throw at it, I also discovered they were running Internet Explorer 8, a browser that in my experience has been anything but a triumph of engineering. As they seemed unable to access certain websites that anyone else can without effort, I ran an is-it-me online check and yes, the websites were OK but the laptop wasn't. Figuring that Windows Firewall might be to blame, I turned it off. . .
Except Windows reported a firewall was still running: Kaspersky. Windows also obligingly pointed out that running two firewalls at the same time is Not A Good Idea. Well, er, yes.
So-oo. . . I went to Kaspersky Labs and downloaded the company's own uninstaller, that is, Kaspersky's app for detecting and removing any elements of its software still present on a machine after what a user might have thought to have been a successful installation. The Kaspersky Labs uninstaller reported: 'cannot find any traces of Kaspersky on this computer'.
Fair enough. But returning to the firewall -- after three sequential re-boots -- Windows *still* reported that though Windows Firewall was off, Kaspersky firewall was continuing to run. And Avast *still* reported there was a problem with another AV running at the same time. (Which couldn't have been AVG because I also reg edited that as well and found no entries.)
I then ran RegEdit and found something like 30 Kaspersky entries. So I backed up the registry and then manually deleted every Kaspersky reference. I also, coincidentally, dumped IE8 for Firefox: Firefox then routinely accessed all the websites that IE8 had previously failed to reach.
So that was that. System cleaned. Computer de-fragged. System optimised (using jvPowerTools 2010). Kaspersky and AVG both Revo'd out. Kaspersky Labs own uninstaller used (though to no good effect, seeing as how it couldn't find anything relating to its own products.) Computer registry manually cleansed of all Kaspersky entries. Result. . ?
(1) Windows continued to report two firewalls running on the laptop, the Windows firewall and the Kaspersky Firewall;
(2) Avast continued to report two AVs running on the laptop, itself and (though not specified) Kaspersky AV.
We've now flown back to the UK and although our friends' laptop is to all intents and purposes working fine, I've had to leave it in a state I'd never recommend to anyone, that is, in a condition where it *appears* to be running two firewalls and two AVs.
Yes, I accept that -- for some unknown reason -- the existence of the Kaspersky Firewall and the Kaspersky AV is being false-flagged. . . but I can't get my head around the fact that if this is indeed the case, then how come false-flagging is arising from not one but two different security products (Windows firewall, and Avast AV)?
Sorry for the length of this post. But if anyone has any bright ideas, that'd be much appreciated -- thanks!
Hey Mike R
Have you tried the free AnVir task manger that you can get from Ashraf's list of freebies? This gives much better info on running processes & other items (like start-ups), & you may find some things there, say, that may have to be stopped running before it can be removed.
If you uninstall Avast & install the free Micrsoft Security Essentials (Ashraf has an update review on comparisons of these AVs), as I have, & it will list separately the 1. installed AVs & which are ON/OFF, as well as 2. installed anti-spyware! MSE has earned some recognition. & can always be uninstalled later.
… if anyone has any bright ideas, that'd be much appreciated -- thanks!
It's a free registry editor much better than regedit. Once installed, click on the magnifying glass and search the entrire registry for kasperksy references. Delete them.
Now do the same for AVG (but be careful because the entries here may be related to something else).
Problem solved. (I know it works, because I've done it successfully).
In the future, consider using ZSoft Uninstaller 2.5 beta to uninstall programs … it does the same thing automatically. The problem is that the included program uninstallers (for Kaspersky and for just about everything else) fail to uninstall everything and some installers (like Avast) are too stupid to recognize it.
In SOME cases, you'll need permission to delete some protected registry items (and no, you can't change this permission yourself, at least not easily). In this case use Winternals PSexec.exe utility with the batch file that reads
Start "" "c:Program FilesPsExecpsexec" -i -d -s "Z:rr.exe"
Copy this line to a text file and give the file a name that ends in .bat
Change the file paths (those are the c: and z: references) to where you have installed psexec and resplendant registrar (that's the rr.exe reference).
Run the batch file and repeat the search and delete as I explained above. Psexec, by the way, is included in the winternals utilities or you can probably find it separately. Google to find it.
Holler if you need further help and I (or someone who knows what I'm talking about) can assist you more.
Finally, note that registrar lite will prompt you at the exit to upgrade to the full version. The full version really does very little that the lite version doesn't
Wow gosh golly! MANY many thanks to yourpalal and blue for such fast replies -- as comprehensive as they're constructive! I really am indebted to you both.
First off: I hadn't come across the Resplendant Registrar (Lite) before so have DL'd from MajorGeeks and yes, it's quite a revelation: I'll spend some time playing around with it this evening. Many thanks then, blue, and also for the tip about giving the upgrade a miss (seeing as how the Lite version is, for all practical purposes, all that's needed.) Also, a big thanks for the step-by-step guide re Winternals -- again, it's not something I've used before -- and batch file processing, because it's amazing how often something is obvious to the author of a post but less so to the reader. The guidance is much appreciated. And yup, I take your point about dumb uninstallers -- there really are too many of 'em for comfort -- though until now I've been happy with Revo. . . which kind of begs the question, d'you think ZSoft Uninstaller is a better bet?
Big thanks of course to mypalal especially for the insight into Microsoft Security Essentials -- yet again, something else I'm not familiar with -- and, of course, for taking the trouble to spekk everything out. (Oh, as to AnVir: yup, I did want to run it, but our friends' laptop inevitably didn't have it and just at the precise moment I was looking to DL it, their Internet connection went down -- apparently, a regular occurrence in the Canary Islands. So I had to forego AnVir.)
As will be appreciated, we're back in the UK now whilst the laptop is still 2,000 miles away so it's not going to be as easy as popping next door to try these latest fixes, I'll have to remote desk it because our friends haven't a clue how to do anything themselves.
Meantime though, muchas gracias again to you both: I've rarely come across a better example of the way others are so willing to provide so much in the way of advice and support!
A final but 100% crystal clear solution is the obvious:
a) backup your friends data (or better tell him to do the backup so that he is responsible afterwards. you may guideline him for extra things to backup)
b) Do a factory restore with the original restore disks of the notebook
c) install whichever AV-Aware you like!
Many many times, I have found this to be the less time consuming solution AND your friend will enjoy the benefits of a new installation :-)
Most Users Ever Online: wp_sferrorlog
Currently Online: Bejiening
Currently Browsing this Page:
Guest Posters: 9
Newest Members: debkdarlin, Nammtar, matchservice, bellar, razalimah, riber
Administrators: Ashraf (1741), Locutus (1886), amnesia (270)