When all else fails, discovery and removal of antivirus leftovers!

edited 05-23-12 by J.R. Guthrie

 

Antivirus software is the most invasive application we will ever install on our systems.  Even when the products are properly removed by “Add/Remove Programs”, pieces of code are ALWAYS left behind, and these leftovers can and do conflict with the current antivirus products installed in your system.  This situation has occurred throughout my entire career, and is effected by most antivirus vendors (Symantec, Norton, and McAfee just to tag a few.)  These symptoms range from no Internet access, system errors, revolving “boot looping”, and the dreaded Microsoft BSOD (blue screen of death)  Windows XP appears to be much more susceptible to trouble when upgrading your antivirus.  Where Windows 7 will let avast! 6 install over avast! 4 with almost never an issue (but highly NOT recommended)

Recovery from the A/V process gone awry:

It’s easy to know what antivirus software has been on your computer when you are the guy that loaded it.  What about when you inherit system support on computers that you do not know what was installed prior.  This is where the discovery and removal process for anti-virus leftovers will save you time and grief in getting systems back to par!

This particular process is specific to avast! 6 upgrading over an avast! 4 or avast! 5 installation, however it also applies to other antivirus vendors as well. I have been through this process, removing avast! 4.8, then removing avast! 6 with the uninstaller, and then having to use the removal tool for other A/V vendors that had previously been installed. If you look in your “Program Files” directory, you can find leftover directories of every antivirus / program that was loaded on the system. Microsoft leaves these directories in case you use the “system restore” function, where you go back in time to when one of these programs was still installed and functional.  This prevents a system restore from crashing your system due to missing directories / programs.  Once identified, I used those vendors uninstallers, and have had sporadic success. The last resort is: “WHEN ALL ELSE FAILS” procedure at the end of this article.  Hopefully you won’t have to go there. Here is a most comprehensive list of uninstallers at SingularLabs.

Almost every A/V is here:

http://singularlabs.com/uninstallers/security-software/

This REMOVAL process is specific to avast! 6 upgrading over an avast! 4 or avast! 5 installation (also use when upgrading avast! Free to avast! Pro)

1)            Remove all avast!  versions as well as any other A/V programs from add/remove programs in control panel.

2)            Download the latest version of avast! Uninstall Utility (aswclear.exe) and save it on your desktop.

http://files.avast.com/files/eng/aswclear.exe

3)            Start Windows in Safe Mode (F8 key before Windows splash screen on a reboot)

4)            Open (execute) the uninstall utility aswclear.exe

5)            Choose which version of avast! to uninstall. This process will be repeated for each avast! version (4, 5, and 6)  So let’s assume we had all 3 versions of avast! installed at some point. So we choose version 4.8 and proceed.

6)            If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)

7)          Click REMOVE, close aswclear, and open aswclear, and remove avast! 5, and repeat this process for all versions of avast

8)          Restart your computer

The “WHEN ALL ELSE FAILS” procedure to “scrape” all of avast! remnants from a computer system (AKA Pete Scrape) using the avast! example:

1) Add remove programs, remove avast!, restart.

2) Go to safe mode, use avast! removal tool, select avast! version #, restart, and repeat for every avast version ever loaded on that system

3) In Local disk C:, ProgramFiles, delete “avast” and “Alwil” directories if there. Look here for the other A/V vendors, that you will also have to deal with on a similar basis

4) In C:\Windows\temp, remove all.

5) Start, run, type “%temp%” and remove all.

6) Do a Windows search on all hard disks for instances of “avast” and “Alwil” and delete all.

7) Start, run, type “regedit” (Windows key + R). Under Hkey, current user, software, and remove “avast” and “Alwil”, then under Hkey, local machine, software,  and remove “avast” and “Alwil” (This is specific to Windows XP)

8) Use CCleaner to remove the rest of any avast! orphaned registry remnants, and restart.

9) Install avast! and reboot!

10) Usually, good luck at this point.  And you can substitute other manufacturers products into this script.  Remember, registry hacking is always risky, so always have a backup before you proceed.  It’s kinda like the acknowledgement checkbox in LSPfix, “I know what I’m doing, or, I like to reinstall my operating system”

J.R.  Guthrie

 

Leave a Reply