Solve : removing reg keys?

1.	Solve : removing reg keys?
Answer» hey guys, I've got several machines with SYMANTEC antivirus install which i need to remove. Sadly I don't have the install msi so I can't use the easy add/remove programs bit. I've found a manual way of removing the software but it involves loads of keys to be removed from the REGISTRY. is there a way to remove them from a batch file?? link to symantec uninstall instructions if your intrested..... http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5db8e519e16d42f2882573290005aa1d?OpenDocument any ideas would be greatly appreciated!!!! EDIT; I'm using 'reg delete' to remove the keys, but I'm stuck on... Quote Search all subkeys below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Delete any associated subkeys that reference: "Symantec Endpoint Protection". how can I achieve this?If you know the specific keys you want to delete: Quote To delete a specific registry key from the registry: Win 2000, XP - You can create .reg file and specify in it MINUS sign before the key name to delete. Example: del_key.reg Code: [Select][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] After you get your .reg file set up, you can start the reg file from a batch file, or simply run the reg file. You do know that you only need to edit the keys in the branches: [HKEY_CURRENT_USER] & [HKEY_LOCAL_MACHINE] The rest are mirrors and will be updated as well. The easiest way (that I know of) to create the reg file is to search for the keys, then export the keys to a file (or files.) and then edit the file (or files). You can combine the data from several different exports into one reg file, for easier handling. RegSeeker: http://www.snapfiles.com/get/regseeker.htmlvbscript. Not tested. (always do backups of registry before meddling with it) Code: [Select] 'Step 1: Stop Symantec Services. strComputer = "." Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colListOfServices = objWMIService.ExecQuery("Select from Win32_Service") For Each objService in colListOfServices If objService.Caption = "Symantec Endpoint Protection" Or _ objService.Caption = "Symantec Event Manager" Or _ objService.Caption = "Symantec Network Access Control" Or _ objService.Caption = "Symantec Settings Manager" Or _ objService.Caption = "Windows Installer" Or _ Then WScript.Echo objService.Caption objService.StopService() objService.StartMode="Disabled" End If Next 'Step 2 : End task ccApp.exe Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'ccApp.exe'") For Each objProcess in colProcessList objProcess.Terminate() Next ' Step 3 point 4-7,9,14-15: Delete registry keys ' Not including those optional ones Const HKEY_LOCAL_MACHINE = &H80000002 Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ strComputer & "\root\default:StdRegProv") On Error Resume Next Set objFSO = CreateObject("Scripting.FileSystemObject") strRegKeysFile = "regkeystest.txt" Set objFile = objFSO.OpenTextFile(strRegKeysFile) key = "HKEY_LOCAL_MACHINE\" Do Until objFile.AtEndOfLine strKeyPath = Replace(objFile.ReadLine,key,"") WScript.Echo "Deleting " & strKeyPath oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath Loop ' Step 3 - point 8 strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath) oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys If IsArray(arrSubkeys) Then For Each strSubkey In arrSubkeys If InStr("Symantec Endpoint Protection",strSubkey) > 0 Then WScript.Echo HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey 'oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath 'Uncomment to use End If DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey Next End If End Sub 'Steps 3: point 10-13 not done as I don't have testing environment for that. 'Step 4: restart computer. WScript.Echo "Wanna restart computer ? (y\|n)" 'probably want to use InputBox instead Set StdIn = WScript.StdIn strChoice = StdIn.Read(1) If strChoice = "Y" Or strChoice = "y" then Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objOperatingSystem in colOperatingSystems objOperatingSystem.Reboot() Next End If 'Step 5: Do it manually 'Step 6: Do point 5 and 6 yourself. strFolder = "c:\Documents and Settings\All Users\Application Data\Symantec\" strFolder1 = "C:\Documents and Settings\All Users\Start Menu\Programs" strFolder2 = "C:\Program Files\Symantec and delete the Symantec Endpoint Protection" strF1 = strFolder & "SavSubEng" strF2 = strFolder & "SPBBC" strF3 = strFolder & "SyKnAppS" strF4 = strFolder & "Symantec AntiVirus Corporate Edition" strF5 = strFolder & "SRTSP" DeleteFolder strF1 DeleteFolder strF2 DeleteFolder strF3 DeleteFolder strF4 DeleteFolder strF5 Sub DeleteFolder(strPath) For Each objFile In objFSO.GetFolder(strPath).Files objFile.Delete Next For Each objFolder In objFSO.GetFolder(strPath).SubFolders If objFolder.Name <> "SrtETmp" Then DeleteFolder(strPath) End If Next objFSO.DeleteFolder(strPath) End Sub [recovering space - attachment deleted by admin]Cheers for all the replys guy's. I managed to get script written by the pervious owners IT dept that removed it for me. Sadly, the PC's have celeron processer's so it takes about 2 hours!! but it gets the job done. Cheers again for your helpIs the working script too LONG to post? I'd like to see it after all. It's in servarl parts and is very long, I'll slap it on rapid share if you like. Sadly I don't have it here (at home) and it'll have to wait till tuesday when I'm back in the office.

Answer»

hey guys,

I've got several machines with SYMANTEC antivirus install which i need to remove. Sadly I don't have the install msi so I can't use the easy add/remove programs bit.

I've found a manual way of removing the software but it involves loads of keys to be removed from the REGISTRY.

is there a way to remove them from a batch file??

link to symantec uninstall instructions if your intrested.....

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5db8e519e16d42f2882573290005aa1d?OpenDocument

any ideas would be greatly appreciated!!!!

EDIT;

I'm using 'reg delete' to remove the keys, but I'm stuck on...

Quote

Search all subkeys below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Delete any associated subkeys that reference: "Symantec Endpoint Protection".

how can I achieve this?If you know the specific keys you want to delete:

Quote

To delete a specific registry key from the registry:
Win 2000, XP - You can create .reg file and specify in it MINUS sign before the key name to delete. Example:
del_key.reg
Code: [Select][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

After you get your *.reg file set up, you can start the reg file from a batch file, or simply run the reg file.

You do know that you only need to edit the keys in the branches:
[HKEY_CURRENT_USER] & [HKEY_LOCAL_MACHINE]
The rest are mirrors and will be updated as well.

The easiest way (that I know of) to create the reg file is to search for the keys, then export the keys to a file (or files.) and then edit the file (or files). You can combine the data from several different exports into one reg file, for easier handling.
RegSeeker: http://www.snapfiles.com/get/regseeker.htmlvbscript. Not tested. (always do backups of registry before meddling with it)
Code: [Select]
'Step 1: Stop Symantec Services.
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service")
For Each objService in colListOfServices
If objService.Caption = "Symantec Endpoint Protection" Or _
objService.Caption = "Symantec Event Manager" Or _
objService.Caption = "Symantec Network Access Control" Or _
objService.Caption = "Symantec Settings Manager" Or _
objService.Caption = "Windows Installer" Or _
Then
WScript.Echo objService.Caption
objService.StopService()
objService.StartMode="Disabled"
End If
Next

'Step 2 : End task ccApp.exe

Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'ccApp.exe'")
For Each objProcess in colProcessList
objProcess.Terminate()
Next

' Step 3 point 4-7,9,14-15: Delete registry keys
' Not including those optional ones
Const HKEY_LOCAL_MACHINE = &H80000002
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
strRegKeysFile = "regkeystest.txt"
Set objFile = objFSO.OpenTextFile(strRegKeysFile)
key = "HKEY_LOCAL_MACHINE\"
Do Until objFile.AtEndOfLine
strKeyPath = Replace(objFile.ReadLine,key,"")
WScript.Echo "Deleting " & strKeyPath
oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
Loop

' Step 3 - point 8
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath

Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath)
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
If InStr("Symantec Endpoint Protection",strSubkey) > 0 Then
WScript.Echo HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
'oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath 'Uncomment to use
End If
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If

End Sub

'Steps 3: point 10-13 not done as I don't have testing environment for that.

'Step 4: restart computer.
WScript.Echo "Wanna restart computer ? (y|n)" 'probably want to use InputBox instead
Set StdIn = WScript.StdIn
strChoice = StdIn.Read(1)
If strChoice = "Y" Or strChoice = "y" then
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
objOperatingSystem.Reboot()
Next
End If

'Step 5: Do it manually

'Step 6: Do point 5 and 6 yourself.

strFolder = "c:\Documents and Settings\All Users\Application Data\Symantec\"
strFolder1 = "C:\Documents and Settings\All Users\Start Menu\Programs"
strFolder2 = "C:\Program Files\Symantec and delete the Symantec Endpoint Protection"
strF1 = strFolder & "SavSubEng"
strF2 = strFolder & "SPBBC"
strF3 = strFolder & "SyKnAppS"
strF4 = strFolder & "Symantec AntiVirus Corporate Edition"
strF5 = strFolder & "SRTSP"
DeleteFolder strF1
DeleteFolder strF2
DeleteFolder strF3
DeleteFolder strF4
DeleteFolder strF5

Sub DeleteFolder(strPath)
For Each objFile In objFSO.GetFolder(strPath).Files
objFile.Delete
Next
For Each objFolder In objFSO.GetFolder(strPath).SubFolders
If objFolder.Name <> "SrtETmp" Then
DeleteFolder(strPath)
End If
Next
objFSO.DeleteFolder(strPath)
End Sub

[recovering space - attachment deleted by admin]Cheers for all the replys guy's.

I managed to get script written by the pervious owners IT dept that removed it for me. Sadly, the PC's have celeron processer's so it takes about 2 hours!! but it gets the job done.

Cheers again for your helpIs the working script too LONG to post? I'd like to see it after all. It's in servarl parts and is very long, I'll slap it on rapid share if you like.

Sadly I don't have it here (at home) and it'll have to wait till tuesday when I'm back in the office.

Solve : removing reg keys?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment