not scanning all profiles or removing uninstall info

[Russr]

not scanning all profiles for issues in appdata, and not removing uninstall info from the reg.

example, all the mindspark tool bars.... it will remove the BHO and the folder, but not any of the reg info from uninstaller, so it "looks" like its still installed

i had to write a script to go back and clean up..

 

reg query HKLM\software\classes\installer\products /f "Mindspark" /s | find "HKEY_LOCAL_MACHINE" >> %TEMP%\X.txt 2>NUL
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /f "Mindspark" /s | find "HKEY_LOCAL_MACHINE" >> %TEMP%\X.txt 2>NUL
reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /f "Mindspark" /s | find "HKEY_LOCAL_MACHINE" >> %TEMP%\X.txt 2>NUL
reg query HKEY_CLASSES_ROOT\Installer\Products /f "Mindspark" /s | find "HKEY_LOCAL_MACHINE" >> %TEMP%\X.txt 2>NUL
reg query HKLM\SOFTWARE\Classes\Installer\Features /f "Mindspark" /s | find "HKEY_LOCAL_MACHINE" >> %TEMP%\X.txt 2>NUL

for /f "tokens=* delims= " %%a in (%TEMP%\X.txt) do reg delete "%%a" /f

 

[Russr]

also, failing to delete related services....

 

example..

 

Failed to delete: C:\Program Files (x86)\movies app (Folder) 
Failed to delete: C:\Program Files (x86)\utilitychest_49 (Folder) 

 

because the service is is running...

[thisisu]

Hello,

Thanks for your feedback. I did leave out a lot of registry cleaning as it's very slow in a batch tool and wanted to keep the scan times to a minimum.

Can you give me the names of those services and their processes that JRT failed to detect?

[Russr]

so far, the ones ive run into were MindSpark toolbars... 

i use this script to kill the services now before running JRT, this makes sure it can delete the program folder..

wmic service where "name like 'UnzipApp%%'" call stopservice
wmic SERVICE where "name like 'UnzipApp%%'" delete

wmic service where "name like 'Coupon%%'" call stopservice
wmic SERVICE where "name like 'Coupon%%'" delete

wmic service where "name like 'WeatherBlink%%'" call stopservice
wmic SERVICE where "name like 'WeatherBlink%%'" delete

wmic service where "name like 'Utility Chest%%'" call stopservice
wmic SERVICE where "name like 'Utility Chest%%'" delete

wmic service where "name like 'MapsGalaxy%%'" call stopservice 
wmic SERVICE where "name like 'MapsGalaxy%%'" delete

wmic service where "name like 'onlinemap%%'" call stopservice
wmic SERVICE where "name like 'onlinemap%%'" delete

Edited September 7, 2016 by Russr

[thisisu]

That's a cool trick 

[joypebble]

Can some kind soul tell this way-too-"senior" how to use this information to  get rid of an infected FireFox 60.0.1 (Mac)  of a default search page "Weatherblink?"

Many thanks

--JP

[exile360]

On 7/14/2018 at 5:55 PM, joypebble said:

Can some kind soul tell this way-too-"senior" how to use this information to  get rid of an infected FireFox 60.0.1 (Mac)  of a default search page "Weatherblink?"

Greetings,

Unfortunately since Macs are so different from Windows, the tools and methods for removing threats from Windows don't apply to Macs.  However we do offer free expert assistance with cleaning up infected systems, including Macs.  Just create a new topic in our Mac malware removal area by clicking here and describe the issues you're having and one of our malware removal specialists who deals with Mac malware will assist you as soon as they are available.

While you are waiting, you can try to install the free version of Malwarebytes for Mac from here to see if it is able to detect and remove the threats afflicting your browser.  If not, or if other issues remain, go ahead and post in the link I provided for the malware removal area and they will make sure that you receive the help you need to get your system cleaned.