Jump to content
Ever

Uninstall Malwarebytes from command line

Recommended Posts

Hi all,

 

I've spent a significant amount of time looking for a means to silently uninstall MWB via command line script with no user interaction. 
None of the normal uninstall settings were functioning correctly. 
 

Today, by dumb luck I came across a forum with the info and thought I'd share:

"c:\program files\malwarebytes' anti-malware\unins000.exe" /verysilent /suppressmsgboxes /norestart

 

Obviously, you'd swap \Program files (x86)\ on a 64-bit OS. 

This worked beautifully.  Hopefully it saves someone else all of the internet search time.
 

 

 

Share this post


Link to post
Share on other sites

Built a series of PowerShell commands, that'll let you do it remotely:

 

Function List-Programs {
    [cmdletbinding()]
    [cmdletbinding()]
    param(
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string[]]$ComputerName = $env:computername            
    
    )            
    
    begin {
        $UninstallRegKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"
        }            
    
    process {
        foreach($Computer in $ComputerName) {
            Write-Verbose "Working on $Computer"
            if(Test-Connection -ComputerName $Computer -Count 1 -ea 0) {
                $HKLM   = [microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$computer)
                $UninstallRef  = $HKLM.OpenSubKey($UninstallRegKey)
                $Applications = $UninstallRef.GetSubKeyNames()            
                                
                foreach ($App in $Applications) {
                    $AppRegistryKey  = $UninstallRegKey + "\\" + $App
                    $AppDetails   = $HKLM.OpenSubKey($AppRegistryKey)
                    $AppGUID   = $App
                    $AppDisplayName  = $($AppDetails.GetValue("DisplayName"))
                    $AppVersion   = $($AppDetails.GetValue("DisplayVersion"))
                    $AppPublisher  = $($AppDetails.GetValue("Publisher"))
                    $AppInstalledDate = $($AppDetails.GetValue("InstallDate"))
                    $AppUninstall  = $($AppDetails.GetValue("UninstallString"))
                    if(!$AppDisplayName) { continue }
                    $OutputObj = New-Object -TypeName PSobject
                    $OutputObj | Add-Member -MemberType NoteProperty -Name ComputerName -Value $Computer.ToUpper()
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppName -Value $AppDisplayName
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppVersion -Value $AppVersion
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppVendor -Value $AppPublisher
                    $OutputObj | Add-Member -MemberType NoteProperty -Name InstalledDate -Value $AppInstalledDate
                    $OutputObj | Add-Member -MemberType NoteProperty -Name UninstallKey -Value $AppUninstall
                    $OutputObj | Add-Member -MemberType NoteProperty -Name AppGUID -Value $AppGUID
                    $OutputObj# | Select ComputerName, DriveName
                    }
                }
            }
        }            
    
    end {}
    }

Function Uninstall-Program {
    [cmdletbinding()]
    param (
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string]$ComputerName = $env:computername,
    [parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true,Mandatory=$true)]
    [string]$AppGUID
    )
    try {
        $returnval = ([WMICLASS]"\\$computerName\ROOT\CIMV2:win32_process").Create("msiexec `/x$AppGUID `/qn")
        }
    catch {
        write-error "Failed to trigger the uninstallation. Review the error message"
        $_
        exit
        }
    switch ($($returnval.returnvalue)){
        0 { "Uninstallation command triggered successfully" }
        2 { "You don't have sufficient permissions to trigger the command on $Computer" }
        3 { "You don't have sufficient permissions to trigger the command on $Computer" }
        8 { "An unknown error has occurred" }
        9 { "Path Not Found" }
        9 { "Invalid Parameter"}
        }
    }

function Uninstall-MBAM {
    param($computername)
    try
    {
        $AppGUID = (List-Programs -ComputerName $computername | where {$_.AppName -like "*Malwarebytes*"}).AppGUID
        Uninstall-Program -computername $computername -AppGUID $AppGUID
    }
    Catch
    {
        $ErrorMessage = $_.Exception.Message
        $FailedItem = $_.Exception.ItemName
        Write-Host "There was an error on $computername.`r`n$FailedItem`r`nMessage: $ErrorMessage"
        Break
    }
}

Share this post


Link to post
Share on other sites

I don't know if this will prove helpful to you at all, but Malwarebytes uses Inno Setup for its installation packages and the default uninstall commands/switches for Inno Setup can be found here.

That said, for certain business versions it is also possible to deploy the product in an MSI installation package and I do not know if the default MSI uninstall commands work in those situations or not but documentation for MSI installation/uninstallation commands may be found here as well as here.

That said, it is also possible that uninstalling Malwarebytes remotely without authentication/user input is prevented for security purposes (to prevent malware/hackers from automating the uninstall process to bypass Malwarebytes protection) so you may need to refer to the Malwarebytes business product documentation provided when the product was purchased or contact Malwarebytes Business Support directly for further information and assistance.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.