How deep is Ewido V4 embedded on my machine

Discussion in 'ewido anti-spyware forum' started by Old Monk, Oct 17, 2006.

Thread Status:
Not open for further replies.
  1. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi folks

    Not so long ago I trialled Ewido 4 and had to remove as lack of memory seemed to cause it some problems (did like it though)

    Thing is, whenever I run Sophos Anti-Rootkit I get a result that a component of Ewido Secuity Suite is hidden and whilst removable, SAR advises not to.

    And now, I've just recovered from a 'serious error' and on looking at the Event Viewer there are 2 errors pertaining to the Ewido Guard failing to start as 'system cannot find file specified'

    Program file for Ewido contains only 3 MO files and a DAT file.

    I run CCleaner and Registy Mechanic and both say I'm clean of issues.

    What's going on here, are there remnants of Ewido I can't get rid of ?
     
  2. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Look in your Computer properties>Harware>Device Manger>View - show hidden devices> non plug and play. You probably still have the legacy drivers for the Ewido guard. You may need to go into safe mode and change permissions on the registry keys before you can delete them.

    Also make sure the Ewido service is not still listed in Services. If it is, disable it and reboot before trying the remove the drivers.
     
  3. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks OldRebel

    One oldie to another eh :thumb:

    No access to particular machine just at the moment but will look and post back later.

    Never messed with any registry keys manually before so I might need a bit of guidance on that.

    Thanks for your help and I'll come back to you with what I find
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    Disabled service - fine (still showing disabled in services with driver gone -is that normal ? )

    Deleted driver - fine (didn't need safe mode)

    Scanned with Sophos Anti-Rootkit again and still getting Hidden File - which is actually the uninstall.exe of the security suite in C:\Program Files.

    What's next - should I just let Sophos do it's thing and remove it ? Also how do I get rid of guard.exe in services ?
     
  5. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    No, it's not normal for Ewido to still be showing in services if you have run the uninstaller. That is strange. I suspect one of the official support persons should reply on this. If you still have the uninstaller, perhaps try to run it again to see if that removes the service completely. If that does not, there is a way using the "misc. tools" section of Hijackthis to delete a NT service. I advise caution because it is not normal for the service to still be there. When you originally uninstalled Ewido, did you exit the program first and then reboot after uninstall? I'm kind of scratching my head here, wondering what I would do. I think if you can access that uninstaller file, run it and then reboot. Then run CCleaner again and what other registry cleaners you have and see if it's gone. I can't remember the exact registry keys that I deleted, but I know that RegSupreme by Macecraft will find them.

    Please check out these threads for more information:
    https://www.wilderssecurity.com/showthread.php?t=139806&highlight=legacy
    https://www.wilderssecurity.com/showthread.php?t=149186&highlight=legacy

    I cannot advise you regarding using the Sophos tool.
     
Thread Status:
Not open for further replies.