Uninstalling corrupted MSSE

[HCHTech]

Ugh, what a day - two new customers yesterday with the same problem, a buggered installation of Microsoft Security Essentials on Win7 Home-64. It took me about 2 minutes to sell them managed antivirus, and an hour to get rid of the damned thing so I could install it's replacement.

The first customer had AVG installed along side MSSE, so that was probably the culprit, but the second one had no obvious cause. After an MBAM run which removed only minor junkware and a minor cleanup, I tried:

- Regular uninstall from Control panel -nope, just hangs about 15% of the way through
- manually stopping the service - nope, permission denied, same in safe mode. Unable to modify permissions
- same with newly-created admin user, no dice.
- Microsoft fixit to uninstall MSSE - nope, unable to stop service
- Revo uninstaller - nope, doesn't show on the list of uninstall targets
- take ownership of program files\MS security client directory- nope, unable to modify permissions

I was onsite for both of these, so I didn't have time for a permissions repair run with icacls. One customer was a business and I had to finish my bit during their lunchhour, so there was a clock ticking.

I ended up booting into Linux and renaming the program file directory and the service, then booting back into windows and deleting manually from the registry. What a PITA. I'll be scheduling time for that icacls run over the weekend for both of these, I'm afraid.

 

[ohio_grad_06]

Lot of guys aren't hip on iobit but they have an uninstaller program similar to revo that may help in those situations. Also, maybe could have tried installing a copy of mse over itself to recreate ask it's reg and file entries and then try to do the force uninstall.

 

[glricht]

... Also, maybe could have tried installing a copy of mse over itself to recreate ask it's reg and file entries and then try to do the force uninstall.

Haven't had a borked MSE install in a while, but in the past, this is how we eventually got it out. Install on top of itself and then un-install.

 

[OaksLabs]

The Windows Installer Cleanup Tool will do the trick: http://www.majorgeeks.com/files/details/windows_installer_cleanup_utility.html .

 

[Mick]

When programs don't show up in Revo, I've had success by using it in 'Hunter' mode instead.

 

[Porthos]

Save in notepad as .bat

cd /d "%ProgramFiles%\Microsoft Security Client"

setup.exe /x

TASKKILL /f /im MsMpEng.exe

TASKKILL /f /im msseces.exe

net stop MsMpSvc

sc delete MsMpSvc

REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware" /f

REG DELETE "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run\MSC" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4C677A77F01DD614880F352F9DCD9D3B" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\4D880477777087D409D44E533B815F2D" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4C677A77F01DD614880F352F9DCD9D3B" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D880477777087D409D44E533B815F2D" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\11BB99F8B7FD53D4398442FBBAEF050F" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1F69ACF0D1CF2B7418F292F0E05EC20B" /f

takeown /f "%ProgramData%\Microsoft\Microsoft Antimalware" /a /r

takeown /f "%ProgramData%\Microsoft\Microsoft Security Client" /a /r

takeown /f "%ProgramFiles%\Microsoft Security Client" /a /r

REM Delete the MSE folders.

rmdir /s /q "%ProgramData%\Microsoft\Microsoft Antimalware"

rmdir /s /q "%ProgramData%\Microsoft\Microsoft Security Client"

rmdir /s /q "%ProgramFiles%\Microsoft Security Client"

REM Stop the WMI and its dependency services

sc stop sharedaccess

sc stop mpssvc

sc stop wscsvc

sc stop iphlpsvc

sc stop winmgmt

REM Delete the Repository folder.

rmdir /s /q "C:\Windows\System32\wbem\Repository"

sc stop

EXIT

 

[HFultzjr]

Haven't had a borked MSE install in a while, but in the past, this is how we eventually got it out. Install on top of itself and then un-install.

^^^^^^^^ This!
Reinstall, then remove with something like Revo with aggressive option.

 

[HCHTech]

Save in notepad as .bat

This is essentially what the Fixit does. If you read the article "Fix it myself", these steps are listed (although it doesn't delete all of the . The problem is that there was no way to stop the damned service. It would fail every time with permission denied errors, and takeown would also fail. In my haste because of the countdown clock, I never thought about installing over top. Next time it comes up, I'll definitely try that.

 

[Altster]

This is essentially what the Fixit does. If you read the article "Fix it myself", these steps are listed (although it doesn't delete all of the . The problem is that there was no way to stop the damned service. It would fail every time with permission denied errors, and takeown would also fail. In my haste because of the countdown clock, I never thought about installing over top. Next time it comes up, I'll definitely try that.

And sometimes it is best to do this from safe mode w/networking.

 

[carrcomp]

- Revo uninstaller - nope, doesn't show on the list of uninstall targets

I could be wrong here because it's been a while since I had to Revo MSSE, but don't you need pro for that one?