Hooked on Faronics - DeepFreeze will not Die

Discussion in 'sandboxing & virtualization' started by JoWazzoo, Dec 29, 2008.

Thread Status:
Not open for further replies.
  1. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    This sucker is worse that Michael Myers in the Halloween series.
    <Windoze XP>

    I need some help / advice to rid myself of the remnants of this piece of s@*t DeepFreeze that are left on my machine. I need to move forward!!

    Dumb me - DLed Deep_Freeze_62587.exe and without a lot of study, went ahead and installed it - BIGGG mistake. <Hey - sounded like a kool app.> Did not actually use it - just clicked it once to extract or whatever it does.

    So - noticed 2 very peculiar things after a reboot for some reason. 1 - Stuff I had just installed was not only not on the machine, neither were their associated DL files. 2 - Noticed that stuff I had deleted from my machine was back. o_O Now over the years, I have dealt with some heady stuff, but this was perplexing. So at this point I did my due-diligence and discovered the dark side of this program. Reviewed dozens of sites, including Faronics, and scores of posts.

    Cut to the chase ....

    1 - Follow the instructions from Faronics as to un-installing their POS. Appeared to do something. But after requisite reboot, on my Desktop there was their st00pid frozen pig icon. Also their main sys proggy deepfrz.sys was still there. The rest including the uninstaller were gone.

    2 - In regular windows, right click both files Delete, reboot, still there.

    3 - In regular windows, send both files to Recycle & Empty, reboot, still there.

    4 - Regular windows, right click both files Unlocker, reboot, still there.

    5 - In regular windows, run both files thru Heidi Eraser, reboot, still there.

    6 - Repeat Steps 2 - 5 in Safe mode

    7 - Try KillBox - no change

    8 - Bootsafe, go to DOS (or command prompt) and use DEL there. No change.

    9 - Nope, did not lower myself to use a Restore. Actually all Restores prior to DF installation mysteriously vanished.

    10 - Yep - tried moved the Bios date ahead several months in conjunction with above.

    So - at this point remaining options are:

    1 - Beg for help here. :p

    2 - Reformat.

    3 - Horseshoe magnet

    4 - Screwdriver

    5 - 44 Magnum.

    I have to admit that the d00dz who wrote this warez are definely 3l33t. But I am really starting to get p@#*ed off.
     
  2. tomazyk

    tomazyk Guest

    Check if there are any Deepfreez services running. If so stop them and disable their startup. Then reboot computer and try to delete those sys files again.
     
  3. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Isn't that how deepfreeze is supposed to work?
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Since you've been left with a partially uninstalled DF,my suggestion would be,if possible to re-install it first then uninstall again using Revo Uninstaller which should hopefully clean up any junk.I know from bitter experience that these type of applications can seriously screw up a system if they start acting up.Deep Freeze isn't just for Christmas,it's for life!
     
    Last edited: Dec 29, 2008
  5. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Perhaps you could contact Faronics support. They should be able to help you better than anyone here.
     
  6. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Did all that. DeepFreeze is not running. Per se that I can determine, but DeepFrz.sys is initiated. I ran FileMon, RegMon and Diskmon, as well as What's Running, AutoRuns and a coupla other thingies and saw no evidence that this is running. But it is affecting my system - some how. :))

    And the DeskTop icon will not die.

    Thanks.
     
  7. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Well yeah when it is running. It is not running but is affecting my system and won't go away.

    Thanks.
     
  8. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Email sent just after I posted here. No response yet.

    Please don't underestimate the posters here, but anyway I doubt that Faronics d00ds will tell me more than is on their site.

    Thansk.
     
  9. GreenWhite

    GreenWhite Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    110
    Ask yourself this, you don´t have to reply to this but do you have a legitimate copy of DeepFreeze ?

    If not, you may be in trouble.
     
  10. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    go to were you installed it and click on it twice. it will open up a window and it will have an unstall window or option choose to unstall it.
     
  11. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Reinstall it
    then


    As far as I can remember, first make sure it's not running
    1. Press SHIFT and double-click the icon in the System Tray
    Use the keyboard shortcut CTRL+SHIFT+ALT+F6
    2. The Password dialog appears. Enter your password.
    3. If you have not set up a password yet, leave the password field blank and click OK.

    Then doubleclick your original installation file for uninstall options.
     
    Last edited: Dec 31, 2008
  12. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    This might help. I hope it does.
    Download and install ZSoft Uninstaller. This works well because it watches where things go when you install a program and then is able to uninstall it properly.
    Then install Deep Freeze again.
    After that you could reboot into safe mode and try to uninstall it or just uninstall DF without going to safe mode.
    Good luck.
    Hugger
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So many responses and all these are hit n trials that will fail for sure. Seems it is in frozen mode so no uninstaller will work obviously, unless u manage to come out of frozen mode somehow

    It needs manual un-install and only support can help you I think.
     
  14. tomazyk

    tomazyk Guest

    You could also try deleting files offline. Try to boot from WindowsXP install cd. Then enter Recovery console. Navigate to locations of DeepFreeze files and delete/rename them.
    It would also be wise to contact Faronics support. They might give you a list of files to be removed.
     
  15. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    "The Frozen or Thawed Deep Freeze icon appears in the System Tray after installation and
    indicates whether the workstation is currently protected by Deep Freeze (Frozen) or unprotected
    Workstation Logon
    Use one of the following ways to logon to Deep Freeze on a workstation.
    • Press SHIFT and double-click the Deep Freeze icon in the System Tray
    • Use the keyboard shortcut CTRL+SHIFT+ALT+F6.
    Either method brings up the logon dialog.
    Enter the administrator password and click OK to logon to Deep Freeze.
    If no password has been set, leave the password field blank and click OK.
    As an additional security feature, Deep Freeze prevents dictionary attacks by automatically restarting
    the workstation after 10 unsuccessful attempts.
    Passwords
    The Password tab is used to set a new password or change the password that was used to logon to Deep
    Freeze.
    Enter a new password, confirm, and click OK to set the password, or Cancel to close the window.
    Alternatively, to have this action occur immediately, click Apply and Reboot.
    ...........................................

    1. Insert the CD-ROM from the media package into the CD-ROM drive.
    2. Select Install/Uninstall Deep Freeze 6 Standard in the window that appears on the desktop.
    If Deep Freeze has been downloaded via the Internet, double-click the file DF6Std.exe to
    begin the installation process.
    The following screen appears:
    3. Choose the drives to Freeze from the list shown. Freezing all drives is recommended.
    4. Click Install to begin the installation.
    Follow the steps presented. Read and accept the license agreement. Deep Freeze is installed
    and the workstation restarts.
    Select Uninstall to uninstall Deep Freeze. The option to Uninstall is only available if Deep
    Freeze has previously been installed on the workstation."

    .................................................

    "The command line has the following options:
    Syntax Description
    [/Install] Install Deep Freeze using installation file
    [/Uninstall] Uninstall Deep Freeze
    [/PW=password] Sets a password during installation
    [/AllowTimeChange] Allows system clock to be changed
    [/Freeze=C,D,...] Freezes only drives listed (Thaws all others)
    [/Thaw=C,D,...] Thaws only drives listed (Freezes all others)
    Example Command Line: DF6Std.exe /Install /Freeze=C /PW=password
    In the above example, only the C: drive is Frozen. Any other drives on the workstation are Thawed. If
    the workstation only has a C: drive, the [/Freeze] switch can be omitted. A password (password) is
    created. After executing the command, Deep Freeze installs and the workstation restarts Frozen.
    The Silent Install System does not work without the [/Install] or [/Uninstall] switch.
    Deep Freeze must be in a Thawed state before [/Uninstall] can be used."

    this is from Deep Freeze own help file
     
    Last edited: Dec 31, 2008
  16. matt231

    matt231 Registered Member

    Joined:
    Mar 28, 2008
    Posts:
    19
    Location:
    Melbourne, Australia
    Okay, I use Deep Freeze on a regular basis and I can tell you this:

    There is NO WAY to remove it from inside Windows unless the system is in a thawed state and you use the same installer file to remove it. Deep Freeze by it's very nature prevents ALL changes to the system - and the 'problems' you have experienced in your first post are exactly what Deep Freeze is designed to do - keep the system in the exact state it was in when you installed Deep Freeze. Deep Freeze was designed to keep out even the most determined hackers/kids and it is one of the best programs in the business. If you know the Deep Freeze password, simply hold down the shift key, double click on the deep freeze icon in the system tray and then set deep freeze to "Thawed" (you may have to reboot). Then, you can simply run the deep freeze installer which will remove deep freeze.


    I should also note that the following will not work if there is a BIOS password and/or you cannot boot from CDs on the machine. Deep Freeze prevents BIOS password crackers from working for obvious reasons so if there is a BIOS password you are pretty much stuffed.

    Otherwise, you need to do the following:

    Download UBCD4WIN and burn it to a disc. Boot from this disc (it may take a while, be patient) and open the registry editor. Search for "Frzstate2k" and remove any entries related to it. Also do a search for just Deep Freeze and DeepFreeze and remove anything related to that.

    Also remove the Faronics directory from C:\Program Files

    Navigate to C:\WINDOWS\system32 (still in UBCD4WIN) and open the drivers folder. Delete all DeepFreeze's drivers which may be DpFrzLo.sys, DpFrzHi.sys or just DeepFreeze.sys.

    If you boot into Normal Mode you should no longer see the "FrzState2k" service in task manager and deep freeze gone.

    Some other files which you should run a search for are these:

    persis00.sys
    persifrz.vxd which usually resides in c:\windows\system\iosubsys\ (this file is actually all Deep Freeze is, was and will be - however this file is harmless without the C:\Program Files\Faronics directory)

    PLEASE NOTE:

    To attempt to remove deep freeze on a machine that is not yours (i.e, at school) is NOT ALLOWED. It would violate the acceptable use policy as this is tampering with equipment that is not yours and would most likely see you expelled or fired. I cannot stress this enough!
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I really think a reinstall of Windows is probably your best option. If DF can't be blamed, admittedly Faronics should warn clearly that downloading the program without some kind of info could lead to a disaster. This isn't the first time someone gets into a dead end with DF, hating it for the rest of his life.

    They certainly know more, and many people were actually told successfully how to do it depending on the situation. Their support has a good reputation.


    One can see that the combination of DF & AntiExecutable, even with physical access to the computer is almost impenetrable (These programs were designed for this very purpose)
     
    Last edited: Dec 31, 2008
  18. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Hooked on Faronics works for me! Noreally.
    No have flash card. Maybe I send back. I hoping to learn read. This stupid thing.
     
  19. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    I only DLed a Trial copy. I guess it was legit.. :)) BTW, there were Trial copies available at many other sites. I think that I DL it from www.downlaod.com. Regardless, I _am_ in trouble....
     
  20. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Nope. Did that dayz ago. I went thru the hole routine. Deactivated, Thawed, etc. The Install is is still there as is DeepFrz.sys. Even though I cannot kill them by any means, that is not my concern. Deepfreeze is still affecting my system.

    I also DL another copy but cannot Install it as it tells me that I must Uninstall before a new install. Of course, I cannot do the former.

    Thanks.
     
  21. demonon

    demonon Guest

    This site of yours is malicious according to avast webshield and myWOT.
    I think that caused your problem.
     
  22. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Nope - no can do. Cannot Install again. "Deep Freeze 6 Standard must be disabled before any Install/Uninstall can proceed."

    I DLed another copy (same # - Deep_Freeze_62587.exe) and cannot Install until the other is disabled. Of course I disabled it days ago.

    Thanks.
     
  23. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    HHmm .. now there is something I have not tried. Sounds reasonable - will attempt shortly.

    Thanks!!
     
  24. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    You very well could be right. Of course, they have not responded to 2 emails so far - 1 asking nicely for assistance and the second begging for mercy.

    Wiil try to call on Monday. Thanks!!
     
  25. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    12
    Location:
    Ether
    Got the tee-shirts. So far, booted to safe, safe with Cmd prompt, Recovery console. Also booted from Install and clean CD and went to those modes as well. None work. Thanks.
     
Thread Status:
Not open for further replies.