Cleaning up after F-Secure uninstall

Discussion in 'ESET NOD32 Antivirus' started by Ade 1, Mar 9, 2008.

Thread Status:
Not open for further replies.
  1. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Hi there.

    Just installed NOD32 AV 3.0 again and during install it said that some of the following applications could interfere with NOD, namely F-Secure. Ok - so here's what I did do before installing NOD.

    I was trialling FS AV 2008 - uninstalled through add/remove programs and rebooted. Deleted all remaining traces of FS (ie. any program folders left behind, any specific 'fs' files relating to F-Secure (most were text documents), uninstalled 2 FS drivers left behind under 'non plug and play drivers) and any remaining FS reg entries. Finally, I also used the FS uninstall tool as well. So as far as I'm concerned I've removed everything I possibly can. Did a reboot and checked all the above again to make sure nothing was left behind.

    So, after getting the message above from NOD during install, I did a search in the registry for any other f-secure entries. The ones I found relate to legacy drivers (for example, F-Secure HIPS was one of these). Now my problem is that when I try to delete these entries it's giving me accessed denied.

    I'm the only user running with admin privaleges and UAC is off (using Vista 32-bit by the way). I've done a search around the web and seen ppl talking about changing permissions to enable me to delete these entries but it seems I've got the required privaleges. Someone mentioned that you need to use 'system privaleges' to do this but not sure how.

    Anyone else had any F-Secure products installed before they put NOD on? Any messages like the one I got above? Would be really nice to remove these reg entries so any help/advice would be much appreciated.

    By the way, I chose to ignore the alert and installed anyway and is running very well.
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    what's your computer security center tell is it showing eav install or showing two antivirus install
     
  3. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
  4. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Hi. Security center is fine. After uninstalling F-Secure I checked and it showed no antivirus/antispyware installed (I disabled Defender a long time ago). After installing NOD, all is ok. I use Windows Firewall as I'm behind a router and NOD shows up correctly too. I realise FS is notorious for leaving behind "stuff". I've also tried and used other antivirus/security apps in the past and they've never shown up again after I cleaned them all out. I can only pinpoint the legacy drivers reg entries as the remaining F-Secure remnants unless there is other stuff I'm not aware of that is specifically showing as FS.
     
  5. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Just ran this and it said that no existing anti-virus could be found. I'm sure that this problem relates to the reg entries left behind but you never know. I also checked Windows Clean Uninstall and no entries relating to F-Secure appear in there.

    I also just wondered where does NOD scan/obtain its information from with regards to other security apps installed? Regarding when I removed any folders/files relating to f-secure, I used search and looked for "f-secure" and "fs*". Removed everything from the list that appertained to f-secure.
     
  6. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    must be some reg entries left behind search for f-secure related entries in registry manager and delete them
    i think it's FP from EAV installation
    enjoy new EAV And if you got any problem tell us
     
  7. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Thanks for your help and quick response. All f-secure reg entries are gone (before I installed NOD). Only the legacy drivers which are left which cannot be deleted. Also, there are other legacy driver entries such as from AVG when I used that sometime ago so yeah I think it is an FP from NOD.

    I've got no problems since NOD installed and am v happy with it. However, although I consider myself an experienced user, I'm not sure how the 'average joe' would react if they got that message after they uninstalled F-Secure. Perhaps this FP can be addressed in any future versions of NOD.

    Thanks again for your help.
     
  8. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i have a free tool for you to delete legacy drivers of f-secure and avg
    make sure you delete only f-secure and avg drivers not system files
    http://ccollomb.free.fr/unlocker/unlocker1.8.6.exe
    handy tool must have
     
  9. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden
    Well, I hade same issue, before installing Nod32 I ran an online scan with F-Secure and then days later when I was installing trial version of Nod32 it notified me that I had other av-software installed on my pc (namely F-Secure) so I cancelled installation and ran CCleaner and removed everything that appeared on scan list.
    After that I reinstalled Nod32 and the same notification popped up again but this time I chose to just ignore it and continued with the install.
    So far everything seems to be working, my Nod32 is updating regularly, Microsoft safety center tells me that I only have one av (Nod32) and that it is up to date, so it seems that there is no conflict.
    I'm running Windows XP home edition (SP2).
     
  10. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Hi. I already have Unlocker installed and used it once before to delete a Symantec folder which was locked and it worked like a charm. However, I'm not sure you can use it within the registry (through regedit) - only for 'normal' files and folders. Thanks for your help anyway.
     
  11. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Yeah, I chose to ignore and everything's running as it should. Didn't realise that F-Secure online scan would cause this too though. I've tried many different suites in the past from a variety of vendors but it only seems to be f-secure that's causing this issue.

    Anyway, I'll keep looking for a way to remove them but make sure it doesn't take over my life!

    Thanks for all the input. Much appreciated.
     
  12. TonyDownUnder

    TonyDownUnder Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    46
    Ade 1, I've had/hving the same issue as you in relation to Legacy Driver removal which is the real point of your post.

    Under XP it was simple to change the permissions to full control, then apply and then delete.

    For some reason it is not that simple in Vista though the same advice is offered.

    Like you I have a bunch of legacy driver entries for various things in the Registry that I'd like to get rid of once and for all.

    If you figure/find a method it would help many.:)
     
  13. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
  14. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Thanks but I've used CCleaner for a number of years and have tried other registry cleaners but it seems that legacy driver entries left over by uninstalled programs never show up.

    As stated before the real issue is that under Vista it doesn't seem possible to be able to delete redundant legacy registry entries due to not having the permissions to do so even if logged in as administrator.

    I realise that these entries don't seem to have a negative impact on the system but I suppose it would just be nice if there is a way to remove them.
     
  15. TonyDownUnder

    TonyDownUnder Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    46
    Ade 1, I've found a way that works.

    Using Regedit locate the relevant LEGACY_DRIVER and right click. In the Permissions for LEGACY_DRIVER Window click the Advanced button. From the new window that opens click the Owner Tab and Select "administrators" under the "Change Owner To" Heading.
    Tick the box that says 'Replace Owner on SubContainers and objects' and then click apply.

    Close that window. In the Permissions for LEGACY_DRIVER window give Everyone, Owner Rights and System in the Group or user names - Full Control. Click apply/okay.

    You can now right click and delete the Registry Entry for LEGACY_DRIVER.

    There is probably a better way but it's the only one that now works for me.:)
     
  16. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
    you can use left click and "run as administrator" then it will be run as administrator account, its funny you can use that little future on cmd.exe and get 100% control of vista, and make home into with full admin like in ultimate
     
  17. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    Sorry for the delay in replying but just tried what you suggested and it works! Many thanks for your help.
     
  18. leonfg

    leonfg Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    1
    I had the same problem too, but I thought the reason was that the uninstall tool of F-secure wasn't good enough. So NOD32 found something about F-Secure in the filesystem or registry.
     
Thread Status:
Not open for further replies.