ThreatFire uninstall warning!!

[Becho]

I have been testing the latest version of ThreatFire for about a week. Very impressed but i have some overlap. I decided to remove it from my main rig. I did it from SafeMode. Everything went fine. As an above average user i like searching for remnants of files that are left behind after an uninstall, they always leave something. I found the usual stuff in the hidden App. data but i found a file left in C:/Windows/system32/Drivers called Tfkbmon. The description says "ThreatFire keyboard monitor". I deleted it thinking why in the hell did it not remove itself after the uninstall that was performed prior. WRONG. After deleting it and doing a reboot my usb keyboard was rendered useless. I could not enter my username password at the welcome screen. After trying to use the P/S2 connection, still no go. Even tried SafeMode again, no luck. Even tried a second keyboard, no go. Ended up doing a reformat, wasn't angry, i do one every 8-12 months. Now i have ThreatFire also installed on my children's rig also but this time i did everything above plus i made a back-up of the same Tfkbmon file. Same problem as before, useless keyboard. I'm glad i backed up the file. I put it right back into the system32 folder and now my keyboard works again.

I posted this so others will be aware incase they felt like doing a clean uninstall like most of us do.

XP-home SP3.

I am actual disturbed that PCTools actually installs a new driver for keyboards, it's used for keyloggers, and can render the users rig useless after a CLEAN uninstall. They need more testing.

[Firebytes]

Threatfire has an unistall tool which is supposed to completely remove TF. You might try it instead of manually deleteing the driver. See post #12 here for a link to the file.

Also, I would recommend you post your issue on the Threatfire forum. Djames, the mod there, is pretty quick to offer assistance.

[Becho]

I deleted the driver after i ran the packaged uninstaller. Who would have thought that file would still be necessary after an uninstall.

Never knew there was a tool. Thanks for the info.

[ErikAlbert]

Software uninstallers are always a pain, they almost never do their job complete.
I also had ThreatFire on board, until I found out that there is an overlapping with Anti-Executable.
When a bad executable tries to install itself, it's already killed by AE, before TF can do something about it.
AE has a 100% detection rate, because it has a pure black & white vision on executables, while TF is more a matter of good luck : suspicious behavior or not.
AE doesn't even look for suspicious behavior, AE is like a cowboy : first shoot, then ask questions, I would do the same with a burglar.

I didn't have any uninstall problems, because I never uninstall new software with its uninstaller. I use ISR or IB software to get rid of new softwares.
Another but less reliable method is using a specialized Uninstaller software, supported with a registry cleaner.
You have to analyze these events and take your precautions from the beginning, because installing and uninstalling softwares create a big mess on your computer.

[Becho]

I understand but they should remove and replace their drivers after an uninstall, clean or not, or at least name it something else besides Tfkbmon. Honestly who wouldn't delete that file after you got rid of the main app?

[ErikAlbert]

Quote:

Originally Posted by Becho

I understand but they should remove and replace their drivers after an uninstall, clean or not, or at least name it something else besides Tfkbmon. Honestly who wouldn't delete that file after you got rid of the main app?

I never depend on the developper of a software to do the job. He can do whatever he wants, sometimes they listen, sometimes they don't.
The bottom line is that you don't have any power to change anything and there is no maintenance contract either.

My advice : report the problem to ThreatFire support and wait and see what happens.

[EASTER]

Quote:

Originally Posted by ErikAlbert

AE has a 100% detection rate, because it has a pure black & white vision on executables, while TF is more a matter of good luck : suspicious behavior or not.
AE doesn't even look for suspicious behavior, AE is like a cowboy : first shoot, then ask questions, I would do the same with a burglar.

I agree Erik. And that is an enormous confidence builder, theres nothing better then such an app that shoots first and ask questions later. AE does just that, POWERFUL little app with a expertly defined whitelist that can always be update.

I admire engenuity and pinpoint precision targetting. AE does not take prisoners, it easily & swifty pulls the plug on them and leave no room for doubt like scanners and such.

It has successfully withstood the test of time and many an unknown or malware have gone down instantly to defeat in the twink of the eye!

[mata7]

off topid

easter do you use all thus software on you sing?

[EASTER]

Quote:

Originally Posted by mata7

off topid

easter do you use all thus software on you sing?

A very good evening to you mata7 from EASTER, Thanks for your question.

The apps in my signature group below reflect the security programs i have at my disposal but no way i run them all, that would be much more then my PC could withstand.

I can say i do use at the very least a combination of around no more than 4 of them at a time, sometimes just 3.

I have to experiment these choices for testing compatibility and do i throw a flurry of malware (actual) at them to see how well they can hold up. Right now i do that without dropping rights and leave Admin account in place.

I want to prove them and their various mixes to see which ones are best at deflecting attacks.

EASTER

[mata7]

thanks man, i was just curios

[duke1959]

Looks like this may not be a major issue for everyone if the TF uninstall is done the regular way. I am curious however, if that file would remain in my PC. LOL.

http://www.pctools.com/forum/showthread.php?t=51588

[Perman]

Hi,

The reply in TF' forum tells me one thing:

Removing security apps(especially those with drivers, but mind you, most do) in safe mode is not always safer than in normal mode.

Wow, my tech know-how gains one ounce more after this.

[Becho]

His reply to me is misleading. He recommends removing the file but that would give an inoperable keyboard, not good!

[duke1959]

I am running Windows XP sp2 and just uninstalled ThreatFire with its own uninstaller. There were two folders left over in All Users and my own Application Data and at least 11 registry keys in Legacy and services. There were none in Windows System32 drivers folder though, and I had everything unhidden. I would reinstall it, but you what? My PC seems a little snappier than it was before.

[aigle]

Quote:

Originally Posted by Becho

His reply to me is misleading. He recommends removing the file but that would give an inoperable keyboard, not good!

May be due to the fact that u did not remove the correspoding reg entery for the driver.

[Diver]

I would say that running the uninstall from the safe mode is what caused the problem.