ThreatFire uninstall warning!!

Discussion in 'other anti-malware software' started by Becho, May 7, 2008.

Thread Status:
Not open for further replies.
  1. Becho

    Becho Registered Member

    Joined:
    Oct 16, 2007
    Posts:
    26
    I have been testing the latest version of ThreatFire for about a week. Very impressed but i have some overlap. I decided to remove it from my main rig. I did it from SafeMode. Everything went fine. As an above average user i like searching for remnants of files that are left behind after an uninstall, they always leave something. I found the usual stuff in the hidden App. data but i found a file left in C:/Windows/system32/Drivers called Tfkbmon. The description says "ThreatFire keyboard monitor". I deleted it thinking why in the hell did it not remove itself after the uninstall that was performed prior. WRONG. After deleting it and doing a reboot my usb keyboard was rendered useless. I could not enter my username password at the welcome screen. After trying to use the P/S2 connection, still no go. Even tried SafeMode again, no luck. Even tried a second keyboard, no go. Ended up doing a reformat, wasn't angry, i do one every 8-12 months. Now i have ThreatFire also installed on my children's rig also but this time i did everything above plus i made a back-up of the same Tfkbmon file. Same problem as before, useless keyboard. I'm glad i backed up the file. I put it right back into the system32 folder and now my keyboard works again.

    I posted this so others will be aware incase they felt like doing a clean uninstall like most of us do.

    XP-home SP3.

    I am actual disturbed that PCTools actually installs a new driver for keyboards, it's used for keyloggers, and can render the users rig useless after a CLEAN uninstall. They need more testing.
     
  2. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Threatfire has an unistall tool which is supposed to completely remove TF. You might try it instead of manually deleteing the driver. See post #12 here for a link to the file.

    Also, I would recommend you post your issue on the Threatfire forum. Djames, the mod there, is pretty quick to offer assistance.
     
  3. Becho

    Becho Registered Member

    Joined:
    Oct 16, 2007
    Posts:
    26
    I deleted the driver after i ran the packaged uninstaller. Who would have thought that file would still be necessary after an uninstall.

    Never knew there was a tool. Thanks for the info.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Software uninstallers are always a pain, they almost never do their job complete.
    I also had ThreatFire on board, until I found out that there is an overlapping with Anti-Executable.
    When a bad executable tries to install itself, it's already killed by AE, before TF can do something about it.
    AE has a 100% detection rate, because it has a pure black & white vision on executables, while TF is more a matter of good luck : suspicious behavior or not.
    AE doesn't even look for suspicious behavior, AE is like a cowboy : first shoot, then ask questions, I would do the same with a burglar.

    I didn't have any uninstall problems, because I never uninstall new software with its uninstaller. I use ISR or IB software to get rid of new softwares.
    Another but less reliable method is using a specialized Uninstaller software, supported with a registry cleaner.
    You have to analyze these events and take your precautions from the beginning, because installing and uninstalling softwares create a big mess on your computer.
     
    Last edited: May 7, 2008
  5. Becho

    Becho Registered Member

    Joined:
    Oct 16, 2007
    Posts:
    26
    I understand but they should remove and replace their drivers after an uninstall, clean or not, or at least name it something else besides Tfkbmon. Honestly who wouldn't delete that file after you got rid of the main app?
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I never depend on the developper of a software to do the job. He can do whatever he wants, sometimes they listen, sometimes they don't.
    The bottom line is that you don't have any power to change anything and there is no maintenance contract either.

    My advice : report the problem to ThreatFire support and wait and see what happens.
     
    Last edited: May 7, 2008
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I agree Erik. And that is an enormous confidence builder, theres nothing better then such an app that shoots first and ask questions later. AE does just that, POWERFUL little app with a expertly defined whitelist that can always be update.

    I admire engenuity and pinpoint precision targetting. AE does not take prisoners, it easily & swifty pulls the plug on them and leave no room for doubt like scanners and such.

    It has successfully withstood the test of time and many an unknown or malware have gone down instantly to defeat in the twink of the eye! :D
     
  8. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    off topid

    easter do you use all thus software on you sing?
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    A very good evening to you mata7 from EASTER, Thanks for your question.

    The apps in my signature group below reflect the security programs i have at my disposal but no way i run them all, that would be much more then my PC could withstand.

    I can say i do use at the very least a combination of around no more than 4 of them at a time, sometimes just 3.

    I have to experiment these choices for testing compatibility and do i throw a flurry of malware (actual) at them to see how well they can hold up. Right now i do that without dropping rights and leave Admin account in place.

    I want to prove them and their various mixes to see which ones are best at deflecting attacks.

    EASTER
     
  10. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    thanks man, i was just curios
     
  11. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
  12. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    The reply in TF' forum tells me one thing:

    Removing security apps(especially those with drivers, but mind you, most do) in safe mode is not always safer than in normal mode.

    Wow, my tech know-how gains one ounce more after this. ;)
     
  13. Becho

    Becho Registered Member

    Joined:
    Oct 16, 2007
    Posts:
    26
    His reply to me is misleading. He recommends removing the file but that would give an inoperable keyboard, not good!
     
  14. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I am running Windows XP sp2 and just uninstalled ThreatFire with its own uninstaller. There were two folders left over in All Users and my own Application Data and at least 11 registry keys in Legacy and services. There were none in Windows System32 drivers folder though, and I had everything unhidden. I would reinstall it, but you what? My PC seems a little snappier than it was before.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    May be due to the fact that u did not remove the correspoding reg entery for the driver.
     
  16. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I would say that running the uninstall from the safe mode is what caused the problem.
     
Thread Status:
Not open for further replies.