Best ways to uninstall programs not removable by Revo or security software?

Discussion in 'malware problems & news' started by conceptualclarity, Aug 20, 2013.

Thread Status:
Not open for further replies.
  1. conceptualclarity

    conceptualclarity Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    52
    Location:
    USA
    What do you do when you have a program you are convinced is malware but none of your security software is detecting it? What about if you have a program you simply want to be rid of, but it doesn't show up in uninstall programs like Revo or Iobit Uninstaller? I have found out, for example, that old versions of Java are still on my computer.

    I never hear anybody talk about getting rid of a program by just deleting it in Windows Explorer right click menu. Maybe that's your only resort sometimes. But what do you do about the registry entries?
     
  2. guest

    guest Guest

    I know I have said this multiple times but, I just restore to the previous state from a system image I created before. No need to explore the contents of your program files folder, Windows folder, AppData folder, registry entries, and all those bothersome things. :cool:
     
  3. conceptualclarity

    conceptualclarity Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    52
    Location:
    USA
    OK, that's a good suggestion. But what about things that have been around a good while that you want gone but don't show up in Revo or Add or Remove Programs?
     
  4. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,284
    Back in my XP days, I used to clean the Registry using the search function of Registry First Aid. I searched for a text string closely related to the program I wanted to "uninstall", and deleted all the pertinent keys, after inspecting them one by one. A risky procedure.
     
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    If I remember correctly, Revo Uninstaller has the option to uninstall software not listed under Add/Remove programs. When you use it, you need to browse to the program's .exe file, and then Revo will try to find all files and registry keys related to the program.

    However, the free version of Revo does not have support for 64bit editions of Windows, but you should find the same functionality in some of the other uninstallers like Revo.
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    While I agree with your restoring a system image from backup (if you have any), I also believe that exploring the contents of all those folders is a good learning experience about the ins and outs of your OS, and it is an opportunity that should never be passed! :cool:
     
  7. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I don't know if it is the best way but If I can't un install the program with Revo or Geek or Add or Remove Programs or safe mode. Then I try to erase it with R-Wipe or ERASER then go to the registry and search for orphans with RegSeeker and regedit.
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Why work in a live system? Access the hard drive directly from a LiveCD, WinPE, or another computer. For registry entries, load the hives and save them.
     
  9. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Best way is to use a tool like SysTracer, Regshot2 or InCtrl5 to take snapshot of files and registry entries before and after an install of a new program (and first quick run of it too), then compare the snapshots to see what changes occurred and save that log for later use. After you uninstall the program, you can check if any of those changes still remain (especially files/registry entries added).

    If you already installed the program without taking a file and registry comparison snapshots, then you can install it again on a virtual machine to create the log (the VM should mimic your actual system or at least have the same Windows on it). It's a bit tedious because these logs also contain some noise (especially if the installation involved a reboot), but if you get in the habit of making and using them on a regular basis, then it gets easier recognize what's noise and what's not - also google to find out what registry entries and files modifications to ignore. Personally I prefer to create two or three of these before/after comparison snapshots for an installation that involves a reboot; first for the initial install, but before reboot, second for the reboot (this snapshot has lots of noise), and third for the first run of the program.

    Lastly, check the system32 and system32\drivers folders for remains of the software you are trying to remove. Sort the files by file modification or creation time, or by company, to try to pinpoint leftovers from the program being removed. if you don't remember the installation date and time, then check when the files in the program's main directory were created before you run the uninstaller. before you delete leftover drivers or dll files, make sure the software has no services still running or in autostarts, and also search the registry for references to these sys and dll files and delete those too.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    My procedure - when I can't or don't want use systems/apps snapshots/images/etc - is mostly the same:
    - uninstalling app by using its own uninstaller...if is it security app better is to do this in safe mode...then reboot the system
    - next move is to check autostart entries - if there are some leftover after uninstalled app or not...if "yes" they have to be removed - my favourite program to check this is AutoRuns
    - next move is to check entries in services - if "yes" they have to be removed (good tools are Anvir Task Manager, System Explorer)
    - then I try to find registry entries after removed app by searching keywords connected with that app - the best way used many years is for me to use Regseeker
    - next is to find orphaned files/folders after such app - I use Everything (I search always registry entries before files because some files can be blocked from removing in registry - removing entries unblock most of them)
    - reboot the system and the latest move (only for sureness) is to check entries by using Runscanner...red are empty/suspicious/unneeded but not all of them are to remove.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On my XP unit, I use Inctrl5 to record all the changes each install makes. I also use it the first time I run a new app. Many apps add files and registry entries on their first run, some more so than during the actual install process. All the Inctrl5 reports are saved as text files which can easily be searched. Together with a file listing created after the initial OS setup, they give me a record of every file, folder, and registry entry that gets added, deleted, or changed, and what app is responsible for them.
     
Loading...
Thread Status:
Not open for further replies.