Thread: Can't delete Avira registry key
View Single Post
  #8  
Old September 4th 18, 03:15 PM posted to alt.comp.os.windows-10
Fokke Nauta[_4_]
external usenet poster
  
Posts: 587
Default Can't delete Avira registry key
On 31/08/2018 22:09, VanguardLH wrote:
Fokke Nauta wrote:

Hi all,

Got a weird problem here. An old friend of mine (86+) is using a laptop
with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the
door, but it won't install as Avira is in the way. So I uninstalled
Avira. Didn't work, So I uninstalled Avira completely with Revo
Uninstaller Pro. Also deleted the lot of registry keys. I thought.
The 1803 update won't still install because of Avira. But it's no longer
there, the folder C:\Program Files (x86)\Avira does no longer exist.
What I saw with Regedit that there is still a key in the registry,
inspite of deleting it with Revo. It's
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of ****
and some sub keys.
I guess that's the reason Windows won't update the 1803 version.
But I can't delete that key. Even when I ran Regedit as administrator,
it won't let me delete that.
How can I get rid of this?

And - perhaps a warning of using Avira? I'm not so keen of it by now.

Fokke

1. When logged in under an admin-level Windows accont, run regedit.exe.
2. Go to the registry key.
3. Take ownership of the registry key. Apply.
4. Exit the security properties dialog. Hit F5 to refresh.
6. Go back into the security properties and under advanced properties.
7. Set permissions to allow all for your account.
8. Set option to recurse the permission changes to the child keys.
9. Apply.
10. New subkeys may appear because now you are the owner of their parent
key and have permissions to see those subkeys.
11. If new subkeys appears, select one and go back to step 3.
12. Once no new subkeys appear, and you have propagated the changes of
ownership and permissions to all them, then you can delete them.

Although you enable the option to propagate or recurse your changes
(ownership and permissions) to the child objects (subkeys), it halts
when reaching a key where you don't have permissions and cannot change
because your account is denied permissions changes.

If you have permissions to see a registry key and can navigate to it
(step 2), you might also want to disable the option for it to inherit
permissions from its parent key. You don't want to bother with changing
the parent key if you don't have to. Disconnect from inheriting from
the parent, take ownership, and then refresh. You need to get out of
the registry key on which you took ownership so a refresh (F5) can take
effect on that key; else, it looks like you took ownership but the
change is not effected (you're trying to lift yourself by your boot
straps).

https://social.technet.microsoft.com...oot?forum=ITCG

There's an example of someone that came up with a Powershell script.
They, too, found they can take ownership on the focused registry key,
not on its children. You need to take ownership, get out of the
permissions property dialog, hit F5 (just to be safe in doing a
refresh), and then right-click on the key again to change its
permissions. The F5 is needed to make what were hidden subkeys (those
to which you did not have permissions to see) become visible, so you can
then navigate down to them to change their ownership, exit the security
wizard, go back in, change permissions, propagate to children, apply,
refresh, see new children, and keep walking down as new subkeys appear.

This is a laborious process to change ownership, refresh, and change
permissions to have new subkeys appear and have to repeat the process on
the newly appearing subkeys. As I recall, it took me about 4 hours of
manual effort to fully eradicate all registry entries for Avast. The
above is from memory and may not be exactly the procedure but it should
be close. Once you take ownership, refresh, and come back to the
registry key to change its permissions, you'll get into a cadence of how
to repeat the process on newly appearing subkeys (they appear because
you are then allowed to see them).

https://www.thewindowsclub.com/how-t...-registry-keys

That describes some of the process. Once you get the error popups
saying you can't do something, you start to get the feel for how to
adapt your procedure to take ownership, recurse the change to the
children, apply, change permissions, apply, exit, refresh, and repeat on
the newly visible children.

I only have to go through the laborious process (take ownership,
refresh, give all permissions, refresh to see subkeys, repeat) maybe
once every couple of years, so I haven't bothered looking for a tool to
automate that procedure. I did find:

https://www.thewindowsclub.com/regow...-registry-keys

I doubt the author is screen scraping the regedit.exe program to make it
walk through the keys and opening property dialogs to make changes that
way. More likely he uses registry API calls in his code. However,
user-mode processes cannot access all of the registry.

I'm keeping a copy of regownit under my download folder (not the default
one under your Windows profile folder but one that I created to manage
my downloads), proably under \Downloads\Software\Windows\Utilities.
Next time I have to take ownership, refresh, change permissions to all,
refresh, to see the otherwise hidden children to do the same on them and
keep walking down each new branch that appears, I'll try regownit to see
if it gets rid of the laborious process. If it works, I'll still have
to do the deletes myself but, at least, the children will be visible and
I can likely just change the parent key upon which I used this tool.
It's a portable tool, so no installation needed.


Thanks!
This is interesting information. Tomorrow I will first try Andy Burns'
approach. I have downloaded RegOwnit, looks like a good tool when you
need it.
I added your information to my knowledge base.

Fokke
Ads