Created
March 4, 2015 18:43
-
-
Save cat5inthecradle/c34fe24163033e394875 to your computer and use it in GitHub Desktop.
Vipre Removal Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| echo #################################################### | |
| echo # # | |
| echo # VIPRE Business Removal Tool v0.1 # | |
| echo # # | |
| echo # Last update: Nov. 17, 2014 # | |
| echo # Source Instructions: http://bit.ly/1qeyRtH # | |
| echo # # | |
| echo #################################################### | |
| echo . | |
| echo THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| echo IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| echo FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| echo AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| echo LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| echo OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
| echo THE SOFTWARE. | |
| echo. | |
| set /p AREYOUSURE="Have you read, understand, and agree to the disclaimer? [y/N] " | |
| IF /I "%AREYOUSURE%" NEQ "Y" GOTO END | |
| echo. | |
| echo Step 1: Running MsiExec /x on known GUIDs | |
| echo. | |
| echo NOTE: You may receive multiple errors saying something to the effect of: | |
| echo. | |
| echo This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. | |
| echo. | |
| echo This is normal. Just click OK to proceed to the next one. | |
| start /wait MsiExec.exe /x CC1CEA69-B7AF-47EE-AB64-68B7A1E2F3CF /qf /l*v "%temp%\VIPRE_MsiUninstall.log" REMOVE=ALL | |
| start /wait MsiExec.exe /x D685DD76-77A3-4661-B9F0-7DAE2D651260 /qf /l*v "%temp%\VIPRE_MsiUninstall.log" REMOVE=ALL | |
| start /wait MsiExec.exe /x 39A086B2-07D6-430B-AE5E-B8AC1CC843A7 /qf /l*v "%temp%\VIPRE_MsiUninstall.log" REMOVE=ALL | |
| start /wait MsiExec.exe /x E10809C0-E65F-4493-A31B-3F86DB6E9E2A /qf /l*v "%temp%\VIPRE_MsiUninstall.log" REMOVE=ALL | |
| echo Done. | |
| echo. | |
| echo Step 2: Stopping and deleting services | |
| SC stop gfiark | |
| SC Delete gfiark | |
| SC stop gfiutil | |
| SC Delete gfiutil | |
| SC stop SBAMSvc | |
| SC Delete SBAMSvc | |
| SC stop SBAPIFS | |
| SC Delete SBAPIFS | |
| SC stop SBEMI | |
| SC Delete SBEMI | |
| SC stop SbFw | |
| SC Delete SbFw | |
| SC stop SBHIPS | |
| SC Delete SBHIPS | |
| SC stop SBPIMSVC | |
| SC Delete SBPIMSVC | |
| SC stop SBRE | |
| SC Delete SBRE | |
| echo Done. | |
| echo. | |
| echo Step 3: Removing registry entries if they exist | |
| reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200} | |
| ) | |
| reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC1CEA69-B7AF-47EE-AB64-68B7A1E2F3CF} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC1CEA69-B7AF-47EE-AB64-68B7A1E2F3CF} | |
| ) | |
| reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D685DD76-77A3-4661-B9F0-7DAE2D651260} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D685DD76-77A3-4661-B9F0-7DAE2D651260} | |
| ) | |
| reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{39A086B2-07D6-430B-AE5E-B8AC1CC843A7} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{39A086B2-07D6-430B-AE5E-B8AC1CC843A7} | |
| ) | |
| reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E10809C0-E65F-4493-A31B-3F86DB6E9E2A} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E10809C0-E65F-4493-A31B-3F86DB6E9E2A} | |
| ) | |
| reg query "HKLM\Software\Sunbelt Software\Sunbelt Enterprise Agent" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\Sunbelt Software\Sunbelt Enterprise Agent" | |
| ) | |
| reg query "HKLM\Software\GFI Software\GFI Business Agent" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\GFI Software\GFI Business Agent" | |
| ) | |
| reg query "HKLM\Software\GFI Software\Deployment" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\GFI Software\Deployment" | |
| ) | |
| reg query HKLM\Software\GFI\LNSS10 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\GFI\LNSS10 | |
| ) | |
| reg query HKLM\Software\SBAMSvc | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\SBAMSvc | |
| ) | |
| reg query HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200} | |
| ) | |
| reg query HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC1CEA69-B7AF-47EE-AB64-68B7A1E2F3CF} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC1CEA69-B7AF-47EE-AB64-68B7A1E2F3CF} | |
| ) | |
| reg query HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D685DD76-77A3-4661-B9F0-7DAE2D651260} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D685DD76-77A3-4661-B9F0-7DAE2D651260} | |
| ) | |
| reg query HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39A086B2-07D6-430B-AE5E-B8AC1CC843A7} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39A086B2-07D6-430B-AE5E-B8AC1CC843A7} | |
| ) | |
| reg query HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E10809C0-E65F-4493-A31B-3F86DB6E9E2A} | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E10809C0-E65F-4493-A31B-3F86DB6E9E2A} | |
| ) | |
| reg query "HKLM\Software\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" | |
| ) | |
| reg query "HKLM\Software\Wow6432Node\GFI Software\GFI Business Agent" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\Wow6432Node\GFI Software\GFI Business Agent" | |
| ) | |
| reg query "HKLM\Software\Wow6432Node\GFI Software\Deployment" | |
| if not ErrorLevel 1 ( | |
| reg delete "HKLM\Software\Wow6432Node\GFI Software\Deployment" | |
| ) | |
| reg query HKLM\Software\Wow6432Node\GFI\LNSS10 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\GFI\LNSS10 | |
| ) | |
| reg query HKLM\Software\Wow6432Node\SBAMSvc | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\Software\Wow6432Node\SBAMSvc | |
| ) | |
| reg query HKCR\Installer\Features\0C90801EF56E39443AB1F368BDE6E9A2 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Features\0C90801EF56E39443AB1F368BDE6E9A2 | |
| ) | |
| reg query HKCR\Installer\Features\116445D9734F351419E319EC305638CC | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Features\116445D9734F351419E319EC305638CC | |
| ) | |
| reg query HKCR\Installer\Features\2B680A936D70B034EAE58BCAC18C347A | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Features\2B680A936D70B034EAE58BCAC18C347A | |
| ) | |
| reg query HKCR\Installer\Features\C21346408A6123D4299DD1D723899DC1 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Features\C21346408A6123D4299DD1D723899DC1 | |
| ) | |
| reg query HKCR\Installer\Features\C928BABD4AA3D694D99624F210BD8691 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Features\C928BABD4AA3D694D99624F210BD8691 | |
| ) | |
| reg query HKCR\Installer\Products\0C90801EF56E39443AB1F368BDE6E9A2 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Products\0C90801EF56E39443AB1F368BDE6E9A2 | |
| ) | |
| reg query HKCR\Installer\Products\116445D9734F351419E319EC305638CC | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Products\116445D9734F351419E319EC305638CC | |
| ) | |
| reg query HKCR\Installer\Products\2B680A936D70B034EAE58BCAC18C347A | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Products\2B680A936D70B034EAE58BCAC18C347A | |
| ) | |
| reg query HKCR\Installer\Products\C21346408A6123D4299DD1D723899DC1 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Products\C21346408A6123D4299DD1D723899DC1 | |
| ) | |
| reg query HKCR\Installer\Products\C928BABD4AA3D694D99624F210BD8691 | |
| if not ErrorLevel 1 ( | |
| reg delete HKCR\Installer\Products\C928BABD4AA3D694D99624F210BD8691 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Features\0C90801EF56E39443AB1F368BDE6E9A2 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Features\0C90801EF56E39443AB1F368BDE6E9A2 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Features\116445D9734F351419E319EC305638CC | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Features\116445D9734F351419E319EC305638CC | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Features\2B680A936D70B034EAE58BCAC18C347A | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Features\2B680A936D70B034EAE58BCAC18C347A | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Features\C21346408A6123D4299DD1D723899DC1 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Features\C21346408A6123D4299DD1D723899DC1 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Features\C928BABD4AA3D694D99624F210BD8691 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Features\C928BABD4AA3D694D99624F210BD8691 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Products\0C90801EF56E39443AB1F368BDE6E9A2 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Products\0C90801EF56E39443AB1F368BDE6E9A2 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Products\116445D9734F351419E319EC305638CC | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Products\116445D9734F351419E319EC305638CC | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Products\2B680A936D70B034EAE58BCAC18C347A | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Products\2B680A936D70B034EAE58BCAC18C347A | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Products\C21346408A6123D4299DD1D723899DC1 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Products\C21346408A6123D4299DD1D723899DC1 | |
| ) | |
| reg query HKLM\SOFTWARE\Classes\Installer\Products\C928BABD4AA3D694D99624F210BD8691 | |
| if not ErrorLevel 1 ( | |
| reg delete HKLM\SOFTWARE\Classes\Installer\Products\C928BABD4AA3D694D99624F210BD8691 | |
| ) | |
| echo Done. | |
| echo. | |
| echo Step 4: Unregistering SBAMScanShell.dll | |
| CD "C:\Program Files (x86)\GFI Software\GFIAgent\" | |
| RegSvr32 /u SBAMScanShellExt.dll /s | |
| echo Done. | |
| echo. | |
| echo Step 5: Removing folders and files if they exist | |
| if exist "C:\Program Files\VIPRE Business Agent\" rmdir /s /q "C:\Program Files\VIPRE Business Agent\" | |
| if exist "C:\Program Files\GFI Software\Deployment\" rmdir /s /q "C:\Program Files\GFI Software\Deployment\" | |
| if exist "C:\Program Files\GFI Software\GFIAgent\" rmdir /s /q "C:\Program Files\GFI Software\GFIAgent\" | |
| if exist "C:\Program Files\GFI Software\LanGuard 10\" rmdir /s /q "C:\Program Files\GFI Software\LanGuard 10\" | |
| if exist "C:\Program Files\Sunbelt Software\Deployment\" rmdir /s /q "C:\Program Files\Sunbelt Software\Deployment\" | |
| if exist "C:\Program Files\Sunbelt Software\SBEAgent\" rmdir /s /q "C:\Program Files\Sunbelt Software\SBEAgent\" | |
| if exist "C:\Program Files (x86)\VIPRE Business Agent\" rmdir /s /q "C:\Program Files (x86)\VIPRE Business Agent\" | |
| if exist "C:\Program Files (x86)\GFI Software\Deployment\" rmdir /s /q "C:\Program Files (x86)\GFI Software\Deployment\" | |
| if exist "C:\Program Files (x86)\GFI Software\GFIAgent\" rmdir /s /q "C:\Program Files (x86)\GFI Software\GFIAgent\" | |
| if exist "C:\Program Files (x86)\GFI Software\LanGuard 10\" rmdir /s /q "C:\Program Files (x86)\GFI Software\LanGuard 10\" | |
| if exist "C:\Program Files (x86)\Sunbelt Software\Deployment\" rmdir /s /q "C:\Program Files (x86)\Sunbelt Software\Deployment\" | |
| if exist "C:\Program Files (x86)\Sunbelt Software\SBEAgent\" rmdir /s /q "C:\Program Files (x86)\Sunbelt Software\SBEAgent\" | |
| if exist "C:\ProgramData\VIPRE Business Agent\" rmdir /s /q "C:\ProgramData\VIPRE Business Agent\" | |
| if exist "C:\ProgramData\GFI Software\Antimalware\" rmdir /s /q "C:\ProgramData\GFI Software\Antimalware\" | |
| if exist "C:\ProgramData\GFI Software\LanGuard 10\" rmdir /s /q "C:\ProgramData\GFI Software\LanGuard 10\" | |
| if exist "C:\ProgramData\Sunbelt Software\Antimalware\" rmdir /s /q "C:\ProgramData\Sunbelt Software\Antimalware\" | |
| if exist "C:\Documents and Settings\All Users\Application Data\VIPRE Business Agent\" rmdir /s /q "C:\Documents and Settings\All Users\Application Data\VIPRE Business Agent\" | |
| if exist "C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware\" rmdir /s /q "C:\Documents and Settings\All Users\Application Data\GFI Software\Antimalware\" | |
| if exist "C:\Documents and Settings\All Users\Application Data\GFI Software\LanGuard 10\" rmdir /s /q "C:\Documents and Settings\All Users\Application Data\GFI Software\LanGuard 10\" | |
| if exist "C:\Documents and Settings\All Users\Application Data\Sunbelt Software\Antimalware\" rmdir /s /q "C:\Documents and Settings\All Users\Application Data\Sunbelt Software\Antimalware\" | |
| if exist "%SYSTEMROOT%\system32\drivers\sbaphd.sys" del "%SYSTEMROOT%\system32\drivers\sbaphd.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\sbapifs.sys" del "%SYSTEMROOT%\system32\drivers\sbapifs.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\SbFw.sys" del "%SYSTEMROOT%\system32\drivers\SbFw.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\SbFwIm.sys" del "%SYSTEMROOT%\system32\drivers\SbFwIm.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\sbhips.sys" del "%SYSTEMROOT%\system32\drivers\sbhips.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\SBREDrv.sys" del "%SYSTEMROOT%\system32\drivers\SBREDrv.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\sbtis.sys" del "%SYSTEMROOT%\system32\drivers\sbtis.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\sbwtis.sys" del "%SYSTEMROOT%\system32\drivers\sbwtis.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\gfiark.sys" del "%SYSTEMROOT%\system32\drivers\gfiark.sys" | |
| if exist "%SYSTEMROOT%\system32\drivers\gfiutil.sys" del "%SYSTEMROOT%\system32\drivers\gfiutil.sys" | |
| echo Done. | |
| echo. | |
| echo This script is now complete. The final task is to reboot. | |
| echo Please ensure you've saved everything and the system is | |
| echo prepared to reboot *IMMEDIATELY*. | |
| echo. | |
| set /p SHOULDIREBOOT="Would you like to reboot the computer now? [y/N]" | |
| IF /I "%SHOULDIREBOOT%" NEQ "Y" GOTO END | |
| shutdown -t 0 -r | |
| :END | |
| endlocal |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for this - as ThreatTrack is now putting in a new GUID for every version number, the GUID list you have is stale. I forked and updated the GUID list from their latest published list. If you'd like to update from my fork, please do, since I would bet your gist has a lot of bookmarks/links already (and is high on Google results for the topic)