If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Can't delete Avira registry key
Hi all,
Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke |
Ads |
#2
|
|||
|
|||
Can't delete Avira registry key
Fokke Nauta wrote:
But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. try PSexec to run regedit as system, or execTI to run it as trusted installer |
#3
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 20:27, Andy Burns wrote:
Fokke Nauta wrote: But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. try PSexec to run regedit as system, or execTI to run it as trusted installer Thanks. Could you elaborate on that? I run Psexec on my pc for a remote task to bring our server into hibernation mode. Can I use it to run Regedit on a higher level? Fokke |
#4
|
|||
|
|||
Can't delete Avira registry key
Fokke Nauta wrote:
I run Psexec on my pc for a remote task to bring our server into hibernation mode. Can I use it to run Regedit on a higher level? yes psexec.exe -s -i regedit.exe will run interactively as system, on local computer (unless you use \\remotepc) |
#5
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 21:28, Andy Burns wrote:
Fokke Nauta wrote: I run Psexec on my pc for a remote task to bring our server into hibernation mode. Can I use it to run Regedit on a higher level? yes psexec.exe -s -i regedit.exe will run interactively as system, on local computer (unless you use \\remotepc) Great! Will try it tomorrow. Fokke |
#6
|
|||
|
|||
Can't delete Avira registry key
Fokke Nauta wrote:
Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke 1. When logged in under an admin-level Windows accont, run regedit.exe. 2. Go to the registry key. 3. Take ownership of the registry key. Apply. 4. Exit the security properties dialog. Hit F5 to refresh. 6. Go back into the security properties and under advanced properties. 7. Set permissions to allow all for your account. 8. Set option to recurse the permission changes to the child keys. 9. Apply. 10. New subkeys may appear because now you are the owner of their parent key and have permissions to see those subkeys. 11. If new subkeys appears, select one and go back to step 3. 12. Once no new subkeys appear, and you have propagated the changes of ownership and permissions to all them, then you can delete them. Although you enable the option to propagate or recurse your changes (ownership and permissions) to the child objects (subkeys), it halts when reaching a key where you don't have permissions and cannot change because your account is denied permissions changes. If you have permissions to see a registry key and can navigate to it (step 2), you might also want to disable the option for it to inherit permissions from its parent key. You don't want to bother with changing the parent key if you don't have to. Disconnect from inheriting from the parent, take ownership, and then refresh. You need to get out of the registry key on which you took ownership so a refresh (F5) can take effect on that key; else, it looks like you took ownership but the change is not effected (you're trying to lift yourself by your boot straps). https://social.technet.microsoft.com...oot?forum=ITCG There's an example of someone that came up with a Powershell script. They, too, found they can take ownership on the focused registry key, not on its children. You need to take ownership, get out of the permissions property dialog, hit F5 (just to be safe in doing a refresh), and then right-click on the key again to change its permissions. The F5 is needed to make what were hidden subkeys (those to which you did not have permissions to see) become visible, so you can then navigate down to them to change their ownership, exit the security wizard, go back in, change permissions, propagate to children, apply, refresh, see new children, and keep walking down as new subkeys appear. This is a laborious process to change ownership, refresh, and change permissions to have new subkeys appear and have to repeat the process on the newly appearing subkeys. As I recall, it took me about 4 hours of manual effort to fully eradicate all registry entries for Avast. The above is from memory and may not be exactly the procedure but it should be close. Once you take ownership, refresh, and come back to the registry key to change its permissions, you'll get into a cadence of how to repeat the process on newly appearing subkeys (they appear because you are then allowed to see them). https://www.thewindowsclub.com/how-t...-registry-keys That describes some of the process. Once you get the error popups saying you can't do something, you start to get the feel for how to adapt your procedure to take ownership, recurse the change to the children, apply, change permissions, apply, exit, refresh, and repeat on the newly visible children. I only have to go through the laborious process (take ownership, refresh, give all permissions, refresh to see subkeys, repeat) maybe once every couple of years, so I haven't bothered looking for a tool to automate that procedure. I did find: https://www.thewindowsclub.com/regow...-registry-keys I doubt the author is screen scraping the regedit.exe program to make it walk through the keys and opening property dialogs to make changes that way. More likely he uses registry API calls in his code. However, user-mode processes cannot access all of the registry. I'm keeping a copy of regownit under my download folder (not the default one under your Windows profile folder but one that I created to manage my downloads), proably under \Downloads\Software\Windows\Utilities. Next time I have to take ownership, refresh, change permissions to all, refresh, to see the otherwise hidden children to do the same on them and keep walking down each new branch that appears, I'll try regownit to see if it gets rid of the laborious process. If it works, I'll still have to do the deletes myself but, at least, the children will be visible and I can likely just change the parent key upon which I used this tool. It's a portable tool, so no installation needed. |
#7
|
|||
|
|||
Can't delete Avira registry key
Fokke Nauta wrote:
Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke The preferred approach on AV products, is to locate the "Cleaner" each AV maker has. You search around until you find it. The web page the cleaner is on, will explain how to use it. 1) Run regular uninstall. Reboot. 2) Run "Cleaner" application. Reboot. 3) Now, the product should be gone. The reason for the "Cleaner" to exist, is to enable "re-installation". They don't want to admit you'd ever want to remove a product, because the product sucked. Not all "cleaners" are as good as one another. There are at least some cleaners, which remove every trace of the product from the registry. While you could use the SYSTEM account or TrustedInstaller token, that treatment is reserved for "actual malware". Because actual malware is not systematic in naming convention. Paul |
#8
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 22:09, VanguardLH wrote:
Fokke Nauta wrote: Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke 1. When logged in under an admin-level Windows accont, run regedit.exe. 2. Go to the registry key. 3. Take ownership of the registry key. Apply. 4. Exit the security properties dialog. Hit F5 to refresh. 6. Go back into the security properties and under advanced properties. 7. Set permissions to allow all for your account. 8. Set option to recurse the permission changes to the child keys. 9. Apply. 10. New subkeys may appear because now you are the owner of their parent key and have permissions to see those subkeys. 11. If new subkeys appears, select one and go back to step 3. 12. Once no new subkeys appear, and you have propagated the changes of ownership and permissions to all them, then you can delete them. Although you enable the option to propagate or recurse your changes (ownership and permissions) to the child objects (subkeys), it halts when reaching a key where you don't have permissions and cannot change because your account is denied permissions changes. If you have permissions to see a registry key and can navigate to it (step 2), you might also want to disable the option for it to inherit permissions from its parent key. You don't want to bother with changing the parent key if you don't have to. Disconnect from inheriting from the parent, take ownership, and then refresh. You need to get out of the registry key on which you took ownership so a refresh (F5) can take effect on that key; else, it looks like you took ownership but the change is not effected (you're trying to lift yourself by your boot straps). https://social.technet.microsoft.com...oot?forum=ITCG There's an example of someone that came up with a Powershell script. They, too, found they can take ownership on the focused registry key, not on its children. You need to take ownership, get out of the permissions property dialog, hit F5 (just to be safe in doing a refresh), and then right-click on the key again to change its permissions. The F5 is needed to make what were hidden subkeys (those to which you did not have permissions to see) become visible, so you can then navigate down to them to change their ownership, exit the security wizard, go back in, change permissions, propagate to children, apply, refresh, see new children, and keep walking down as new subkeys appear. This is a laborious process to change ownership, refresh, and change permissions to have new subkeys appear and have to repeat the process on the newly appearing subkeys. As I recall, it took me about 4 hours of manual effort to fully eradicate all registry entries for Avast. The above is from memory and may not be exactly the procedure but it should be close. Once you take ownership, refresh, and come back to the registry key to change its permissions, you'll get into a cadence of how to repeat the process on newly appearing subkeys (they appear because you are then allowed to see them). https://www.thewindowsclub.com/how-t...-registry-keys That describes some of the process. Once you get the error popups saying you can't do something, you start to get the feel for how to adapt your procedure to take ownership, recurse the change to the children, apply, change permissions, apply, exit, refresh, and repeat on the newly visible children. I only have to go through the laborious process (take ownership, refresh, give all permissions, refresh to see subkeys, repeat) maybe once every couple of years, so I haven't bothered looking for a tool to automate that procedure. I did find: https://www.thewindowsclub.com/regow...-registry-keys I doubt the author is screen scraping the regedit.exe program to make it walk through the keys and opening property dialogs to make changes that way. More likely he uses registry API calls in his code. However, user-mode processes cannot access all of the registry. I'm keeping a copy of regownit under my download folder (not the default one under your Windows profile folder but one that I created to manage my downloads), proably under \Downloads\Software\Windows\Utilities. Next time I have to take ownership, refresh, change permissions to all, refresh, to see the otherwise hidden children to do the same on them and keep walking down each new branch that appears, I'll try regownit to see if it gets rid of the laborious process. If it works, I'll still have to do the deletes myself but, at least, the children will be visible and I can likely just change the parent key upon which I used this tool. It's a portable tool, so no installation needed. Thanks! This is interesting information. Tomorrow I will first try Andy Burns' approach. I have downloaded RegOwnit, looks like a good tool when you need it. I added your information to my knowledge base. Fokke |
#9
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 22:11, FredW wrote:
On Fri, 31 Aug 2018 19:59:20 +0200, Fokke Nauta wrote: Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? Did you try the Avira Registry Cleaner? https://www.avira.com/en/downloads Did you restart after deleting some registry keys (which in itself is not good) to check if you could delete the registry you -think- is the cause of your problems? Thanks, wasn't aware of this. Will give it a try tomorrow. Well, it's no harm deleting registry keys - as long as you know what you're doing. And ofcourse a restart after. Fokke |
#10
|
|||
|
|||
Can't delete Avira registry key
On 01/09/2018 00:00, Paul wrote:
Fokke Nauta wrote: Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke The preferred approach on AV products, is to locate the "Cleaner" each AV maker has. You search around until you find it. The web page the cleaner is on, will explain how to use it. 1) Run regular uninstall. Reboot. 2) Run "Cleaner" application. Reboot. 3) Now, the product should be gone. The reason for the "Cleaner" to exist, is to enable "re-installation". They don't want to admit you'd ever want to remove a product, because the product sucked. Not all "cleaners" are as good as one another. There are at least some cleaners, which remove every trace of the product from the registry. While you could use the SYSTEM account or TrustedInstaller token, that treatment is reserved for "actual malware". Because actual malware is not systematic in naming convention. Paul Thanks. I'll try the cleaner tomorrow. Fokke |
#11
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 21:28, Andy Burns wrote:
Fokke Nauta wrote: I run Psexec on my pc for a remote task to bring our server into hibernation mode. Can I use it to run Regedit on a higher level? yes psexec.exe -s -i regedit.exe will run interactively as system, on local computer (unless you use \\remotepc) psexec.exe can't run: access denied. Fokke |
#12
|
|||
|
|||
Can't delete Avira registry key
On 04/09/2018 16:15, Fokke Nauta wrote:
On 31/08/2018 22:09, VanguardLH wrote: Fokke Nauta wrote: Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke 1. When logged in under an admin-level Windows accont, run regedit.exe. 2. Go to the registry key. 3. Take ownership of the registry key. Apply. 4. Exit the security properties dialog. Hit F5 to refresh. 6. Go back into the security properties and under advanced properties. 7. Set permissions to allow all for your account. 8. Set option to recurse the permission changes to the child keys. 9. Apply. 10. New subkeys may appear because now you are the owner of their parent key and have permissions to see those subkeys. 11. If new subkeys appears, select one and go back to step 3. 12. Once no new subkeys appear, and you have propagated the changes of ownership and permissions to all them, then you can delete them. Although you enable the option to propagate or recurse your changes (ownership and permissions) to the child objects (subkeys), it halts when reaching a key where you don't have permissions and cannot change because your account is denied permissions changes. If you have permissions to see a registry key and can navigate to it (step 2), you might also want to disable the option for it to inherit permissions from its parent key. You don't want to bother with changing the parent key if you don't have to. Disconnect from inheriting from the parent, take ownership, and then refresh. You need to get out of the registry key on which you took ownership so a refresh (F5) can take effect on that key; else, it looks like you took ownership but the change is not effected (you're trying to lift yourself by your boot straps). https://social.technet.microsoft.com...oot?forum=ITCG There's an example of someone that came up with a Powershell script. They, too, found they can take ownership on the focused registry key, not on its children. You need to take ownership, get out of the permissions property dialog, hit F5 (just to be safe in doing a refresh), and then right-click on the key again to change its permissions. The F5 is needed to make what were hidden subkeys (those to which you did not have permissions to see) become visible, so you can then navigate down to them to change their ownership, exit the security wizard, go back in, change permissions, propagate to children, apply, refresh, see new children, and keep walking down as new subkeys appear. This is a laborious process to change ownership, refresh, and change permissions to have new subkeys appear and have to repeat the process on the newly appearing subkeys. As I recall, it took me about 4 hours of manual effort to fully eradicate all registry entries for Avast. The above is from memory and may not be exactly the procedure but it should be close. Once you take ownership, refresh, and come back to the registry key to change its permissions, you'll get into a cadence of how to repeat the process on newly appearing subkeys (they appear because you are then allowed to see them). https://www.thewindowsclub.com/how-t...-registry-keys That describes some of the process. Once you get the error popups saying you can't do something, you start to get the feel for how to adapt your procedure to take ownership, recurse the change to the children, apply, change permissions, apply, exit, refresh, and repeat on the newly visible children. I only have to go through the laborious process (take ownership, refresh, give all permissions, refresh to see subkeys, repeat) maybe once every couple of years, so I haven't bothered looking for a tool to automate that procedure. I did find: https://www.thewindowsclub.com/regow...-registry-keys I doubt the author is screen scraping the regedit.exe program to make it walk through the keys and opening property dialogs to make changes that way. More likely he uses registry API calls in his code. However, user-mode processes cannot access all of the registry. I'm keeping a copy of regownit under my download folder (not the default one under your Windows profile folder but one that I created to manage my downloads), proably under \Downloads\Software\Windows\Utilities. Next time I have to take ownership, refresh, change permissions to all, refresh, to see the otherwise hidden children to do the same on them and keep walking down each new branch that appears, I'll try regownit to see if it gets rid of the laborious process. If it works, I'll still have to do the deletes myself but, at least, the children will be visible and I can likely just change the parent key upon which I used this tool. It's a portable tool, so no installation needed. Thanks! This is interesting information. Tomorrow I will first try Andy Burns' approach. I have downloaded RegOwnit, looks like a good tool when you need it. I added your information to my knowledge base. Fokke Tried. And tried RegOwnit. Was able to free the key but still can't delete is. There is an error when deleting the key, it says, or something like that. Fokke |
#13
|
|||
|
|||
Can't delete Avira registry key
On 31/08/2018 22:11, FredW wrote:
On Fri, 31 Aug 2018 19:59:20 +0200, Fokke Nauta wrote: Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? Did you try the Avira Registry Cleaner? https://www.avira.com/en/downloads Did you restart after deleting some registry keys (which in itself is not good) to check if you could delete the registry you -think- is the cause of your problems? Need to run in safe mode. Can't do that when using Teamviewer. Fokke |
#14
|
|||
|
|||
Can't delete Avira registry key
On 01/09/2018 00:00, Paul wrote:
Fokke Nauta wrote: Hi all, Got a weird problem here. An old friend of mine (86+) is using a laptop with W10 Pro 64b. Since a few weeks the 1803 update is knocking on the door, but it won't install as Avira is in the way. So I uninstalled Avira. Didn't work, So I uninstalled Avira completely with Revo Uninstaller Pro. Also deleted the lot of registry keys. I thought. The 1803 update won't still install because of Avira. But it's no longer there, the folder C:\Program Files (x86)\Avira does no longer exist. What I saw with Regedit that there is still a key in the registry, inspite of deleting it with Revo. It's HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avira. It contains a lot of **** and some sub keys. I guess that's the reason Windows won't update the 1803 version. But I can't delete that key. Even when I ran Regedit as administrator, it won't let me delete that. How can I get rid of this? And - perhaps a warning of using Avira? I'm not so keen of it by now. Fokke The preferred approach on AV products, is to locate the "Cleaner" each AV maker has. You search around until you find it. The web page the cleaner is on, will explain how to use it. 1) Run regular uninstall. Reboot. 2) Run "Cleaner" application. Reboot. 3) Now, the product should be gone. The reason for the "Cleaner" to exist, is to enable "re-installation". They don't want to admit you'd ever want to remove a product, because the product sucked. Not all "cleaners" are as good as one another. There are at least some cleaners, which remove every trace of the product from the registry. While you could use the SYSTEM account or TrustedInstaller token, that treatment is reserved for "actual malware". Because actual malware is not systematic in naming convention. Paul Cleaner wants to run in safe mode. Can't do that when using Teamviewer. Fokke |
#15
|
|||
|
|||
Can't delete Avira registry key
Fokke Nauta wrote:
psexec.exe can't run: access denied. Did it say "Couldn't install PSEXESVC service"? If so then you need to "run as administrator" |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|