Kavsvc Service Removal...

Discussion in 'other anti-virus software' started by dja2k, Dec 19, 2005.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I found all of these entries for left over Kaspersky service called KAVSVC, but I read that it could also be some kind of spyware\adware entry, so don't know if I should manually remove

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Security\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\

    I uninstalled KAV 5 and the beta of ver 2006 when used respectively and now I see some entries stayed behind even though I used the KAV remove utility for ver 2006, but still find traces of both versions , but one step at a time. This is kavsvc , which i have also found traces of kav, avp, kaspersky, klif.sys and kl1.sys. Don't know what others too look for though.

    dja2k
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    djs2k,

    These entries really aren't supposed to be dealt with. The ControlSet001 is what your system has booted from and it is mapped to the CurrentControlSet at boot time. ControlSet00n (n => 2) are backups used to control boots from Last Known Good states. They shouldn't be edited since that, if done unsuccessfully, would eliminate valid ControlSets from possibly rescuing you.

    What precisely are you trying to accomplish?

    Blue
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Don't want to reformat my system, but after having KAV 5, then going to the beta KIS\KAV 2006 , then back to KAV 5 so many times, I can't use them anymore without getting blue screens after installations. Someone said there might be entries that stayed in my registry and\or system folders that don't get replaced by new installations or conflict. Just trying to find the problem before I give up and reformat, which is my last resort for now.

    dja2k
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    dja2k,

    Try to describe the problem in more depth:
    • Does the BSOD occur only if KAV/KIS is installed?
    • Do the KAV/KIS installs and uninstalls proceed without obvious incident
    • Does anything show up in the event viewer? Either current or when the problem started?
    • Have you checked your system files? (Start>Run>sfc /scannow)?
    • What other applications that work at low levels within the OS are running?
    • Is the problem that same one you noted here?
    • Do you notice any other system issues?
    Those are items that come immeidately to mind. There are likely many others. Obviously a quick reinstall of the OS isn't terribly long (2-4 hours total including all updates), as long as all neeeded media and key codes are readily available.

    Blue
     
  5. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    dja2k, did you run the kav removal scripts in safe mode? And did you use the new version for KAV/KIS 6? It's available on the beta ftp server :)
     
  6. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Thanks, and yeah a system reformat is due. Yes the problem only happened when kav was installed. The problem was too much install and uninstall. Yes I used the new removal tool and in safe mode. The problem that i think happened is that kavsvc, kl1.sys, and klif.sys are and were in my system still. I noticed in the even viewer that windows still wanted to run kavsvc service even though it is not intalled anymore. But yeah you are right, why bother finding the problem now, when a simple reformat is due and I was just really avoiding that.

    dja2k
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It's not really that. On my alternate partition, I have installed basically every beta build of KAV or KIS (KIS mainly) since build 202. That's a lot of installs/uninstalls. Actually, it's too many to my taste for a beta test session since no given build is on my machine long enough for any serious stress testing, so I've just focussed on confirming gross compatibility as the builds have appeared.
    Actually, if they were still running the installer should have noticed and prevented an installation, but I don't know what happens if a partial uninstall happens. If this is happening, a simply removal and/or registry clean should put things right and be preferred over an OS reinstall.

    Blue
     
  8. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I was in my event viewer and yet again I saw something that had to do with Kaspersky I think. My system in my view is Kaspersky free, but yet here in the attachment, you can see that it is trying to start a service that is not suppose to be there anymore. I ran a search on what KLMC is and it is associated with Kaspersky Anti-Hack. Is there a way to remove that from happening, cause the .sys file is no where to be found in the windows system32 drivers folder.

    dja2k
     

    Attached Files:

    • KLMC.png
      KLMC.png
      File size:
      16.6 KB
      Views:
      288
  9. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Anyone.....

    dja2k
     
  10. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Anything left under "Non-Plug and Play drivers" in the device manager?
    (Please make sure "View - Show hidden devices" is ticked in the Devide manager tab) :)
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Actually all three entries from KAV are there:

    KL1
    KLIF
    KLMC (This device is not present)

    Can I uninstall those not needed anymore or with that cause problems?

    dja2k
     
  12. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    If there's no Kaspersky software on your machine, you should be safe to remove them (always make a backup / image, OK? :) )
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Done, all okay!

    dja2k
     
  14. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Nice! :)
     
Loading...
Thread Status:
Not open for further replies.