Jump to content

Uninstall Malwarebytes from command line


Recommended Posts

Hi all,

 

I've spent a significant amount of time looking for a means to silently uninstall MWB via command line script with no user interaction. 
None of the normal uninstall settings were functioning correctly. 
 

Today, by dumb luck I came across a forum with the info and thought I'd share:

"c:\program files\malwarebytes' anti-malware\unins000.exe" /verysilent /suppressmsgboxes /norestart

 

Obviously, you'd swap \Program files (x86)\ on a 64-bit OS. 

This worked beautifully.  Hopefully it saves someone else all of the internet search time.
 

 

 

Link to post
Share on other sites

  • 6 months later...

Built a series of PowerShell commands, that'll let you do it remotely:

 

Function List-Programs {
    [cmdletbinding()]
    [cmdletbinding()]
    param(
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string[]]$ComputerName = $env:computername            
    
    )            
    
    begin {
        $UninstallRegKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"
        }            
    
    process {
        foreach($Computer in $ComputerName) {
            Write-Verbose "Working on $Computer"
            if(Test-Connection -ComputerName $Computer -Count 1 -ea 0) {
                $HKLM   = [microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$computer)
                $UninstallRef  = $HKLM.OpenSubKey($UninstallRegKey)
                $Applications = $UninstallRef.GetSubKeyNames()            
                                
                foreach ($App in $Applications) {
                    $AppRegistryKey  = $UninstallRegKey + "\\" + $App
                    $AppDetails   = $HKLM.OpenSubKey($AppRegistryKey)
                    $AppGUID   = $App
                    $AppDisplayName  = $($AppDetails.GetValue("DisplayName"))
                    $AppVersion   = $($AppDetails.GetValue("DisplayVersion"))
                    $AppPublisher  = $($AppDetails.GetValue("Publisher"))
                    $AppInstalledDate = $($AppDetails.GetValue("InstallDate"))
                    $AppUninstall  = $($AppDetails.GetValue("UninstallString"))
                    if(!$AppDisplayName) { continue }
                    $OutputObj = New-Object -TypeName PSobject
                    $OutputObj | Add-Member -MemberType NoteProperty -Name ComputerName -Value $Computer.ToUpper()
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppName -Value $AppDisplayName
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppVersion -Value $AppVersion
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppVendor -Value $AppPublisher
                    $OutputObj | Add-Member -MemberType NoteProperty -Name InstalledDate -Value $AppInstalledDate
                    $OutputObj | Add-Member -MemberType NoteProperty -Name UninstallKey -Value $AppUninstall
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppGUID -Value $AppGUID
                    $OutputObj# | Select ComputerName, DriveName
                    }
                }
            }
        }            
    
    end {}
    }

Function Uninstall-Program {
    [cmdletbinding()]
    param (
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string]$ComputerName = $env:computername,
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true,Mandatory=$true)]
    [string]$AppGUID
    )
    try {
        $returnval = ([WMICLASS]"\\$computerName\ROOT\CIMV2:win32_process").Create("msiexec `/x$AppGUID `/qn")
        }
    catch {
        write-error "Failed to trigger the uninstallation. Review the error message"
        $_
        exit
        }
    switch ($($returnval.returnvalue)){
        0 { "Uninstallation command triggered successfully" }
        2 { "You don't have sufficient permissions to trigger the command on $Computer" }
        3 { "You don't have sufficient permissions to trigger the command on $Computer" }
        8 { "An unknown error has occurred" }
        9 { "Path Not Found" }
        9 { "Invalid Parameter"}
        }
    }

function Uninstall-MBAM {
    param($computername)
    try
    {
        $AppGUID = (List-Programs -ComputerName $computername | where {$_.AppName -like "*Malwarebytes*"}).AppGUID
        Uninstall-Program -computername $computername -AppGUID $AppGUID
    }
    Catch
    {
        $ErrorMessage = $_.Exception.Message
        $FailedItem = $_.Exception.ItemName
        Write-Host "There was an error on $computername.`r`n$FailedItem`r`nMessage: $ErrorMessage"
        Break
    }
}

Link to post
Share on other sites

  • 3 years later...
  • 2 weeks later...

I don't know if this will prove helpful to you at all, but Malwarebytes uses Inno Setup for its installation packages and the default uninstall commands/switches for Inno Setup can be found here.

That said, for certain business versions it is also possible to deploy the product in an MSI installation package and I do not know if the default MSI uninstall commands work in those situations or not but documentation for MSI installation/uninstallation commands may be found here as well as here.

That said, it is also possible that uninstalling Malwarebytes remotely without authentication/user input is prevented for security purposes (to prevent malware/hackers from automating the uninstall process to bypass Malwarebytes protection) so you may need to refer to the Malwarebytes business product documentation provided when the product was purchased or contact Malwarebytes Business Support directly for further information and assistance.

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.