Jump to content

Malwarebytes Suite Silent Uninstall


Recommended Posts

I'm having a hell of a time getting Malwarebytes Antiransom, Managed Client, Anti-exploit, and Business to cleanly uninstall silently. Using the unins file works with silent, but still leaves the Add Remove Program entry there. And uninstalling that calls up a completely different MSI that lives in the windows installer directory. And that MSI (34860f7.msi for anti exploit) completely ignores the silent argument. Anyone have a luck with this?

Link to post
Share on other sites

Ok, so I was using an old version of the clean tool. Using V3 removed everything except the managed client with the arguments  /VERYSILENT /SUPPRESSMSGBOXES /NORESTART, and adding /managed in a separate run removed the managed client. Problem is, it ignores every other argument. It still presents a box and wants to reboot. 

Link to post
Share on other sites

I have another version that has the switches for silent and no reboot built into it, however, that reboot must still take place before you push a new deployment to that computer - https://malwarebytes.box.com/s/rck2gbt0kqqdp8iw1uk7u6pmjg0gajkr

Another item to note is that if you use this cleaner tool in a GPO script, the silent and no reboot switches will not function, you'll need to define it manually if used in that way. Since this tool version is MSI based, it follows standard MSIExec switches.

Edited by djacobson
fixing link
Link to post
Share on other sites

When ran as a user it uninstalls everything except Antiransomware. When scripted out it does the same, but fails with a 1603 error. Log attached. 

=== Logging started: 11/22/2017  14:32:06 ===
Action start 14:32:06: INSTALL.
Action start 14:32:06: FindRelatedProducts.
Action ended 14:32:06: FindRelatedProducts. Return value 1.
Action start 14:32:06: LaunchConditions.
Action ended 14:32:06: LaunchConditions. Return value 1.
Action start 14:32:06: ValidateProductID.
Action ended 14:32:06: ValidateProductID. Return value 1.
Action start 14:32:06: CostInitialize.
Action ended 14:32:06: CostInitialize. Return value 1.
Action start 14:32:06: FileCost.
Action ended 14:32:06: FileCost. Return value 1.
Action start 14:32:06: CostFinalize.
Action ended 14:32:06: CostFinalize. Return value 1.
Action start 14:32:06: MigrateFeatureStates.
Action ended 14:32:06: MigrateFeatureStates. Return value 0.
Action start 14:32:06: InstallValidate.
Action ended 14:32:06: InstallValidate. Return value 1.
Action start 14:32:06: RemoveExistingProducts.
Action ended 14:32:06: RemoveExistingProducts. Return value 1.
Action start 14:32:06: InstallInitialize.
Action ended 14:32:06: InstallInitialize. Return value 1.
Action start 14:32:06: bz.EarlyInstallMain.
-- CUSTOM ACTION -- InstallMain
-- CUSTOM ACTION -- Elevated
-- CUSTOM ACTION -- User name is NUNYA
-- CUSTOM ACTION -- The user is a member of the Administrators group.
-- CUSTOM ACTION -- GetProperty: Name=BZ.WRAPPED_APPID
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- GetProperty: Name=BZ.INSTALL_SUCCESS_CODES
-- CUSTOM ACTION -- GetProperty: Value=0
-- CUSTOM ACTION -- GetProperty: Name=BZ.ELEVATE_EXECUTABLE
-- CUSTOM ACTION -- GetProperty: Value=Administrators
-- CUSTOM ACTION -- GetProperty: Name=BZ.BASENAME
-- CUSTOM ACTION -- GetProperty: Value=mb-clean.exe
-- CUSTOM ACTION -- Save wrapped installer
-- CUSTOM ACTION -- Get database
-- CUSTOM ACTION -- Open view
-- CUSTOM ACTION -- Query: SELECT `Data` FROM `Binary` WHERE `Name` = 'bz.WrappedSetupProgram'
-- CUSTOM ACTION -- Execute view
-- CUSTOM ACTION -- Get record
-- CUSTOM ACTION -- Create file: C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\mb-clean.exe
-- CUSTOM ACTION -- Read stream
-- CUSTOM ACTION -- Export finished
-- CUSTOM ACTION -- GetParameters: Start.
-- CUSTOM ACTION -- GetProperty: Name=BZ.FIXED_INSTALL_ARGUMENTS
-- CUSTOM ACTION -- GetProperty: Value=/silentnoreboot -managed 
-- CUSTOM ACTION -- GetProperty: Name=BZ.VER
-- CUSTOM ACTION -- GetProperty: Value=P
-- CUSTOM ACTION -- GetProperty: Name=UILevel
-- CUSTOM ACTION -- GetProperty: Value=2
-- CUSTOM ACTION -- GetProperty: Name=WRAPPED_ARGUMENTS
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- GetProperty: Name=BZ.UINONE_INSTALL_ARGUMENTS
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- SubstProperties: Input=/silentnoreboot -managed 
-- CUSTOM ACTION -- GetProperty: Name=SourceDir
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- GetProperty: Name=OriginalDatabase
-- CUSTOM ACTION -- GetProperty: Value=C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\mb-clean-managed.msi
-- CUSTOM ACTION -- SubstProperties: Output=/silentnoreboot -managed 
-- CUSTOM ACTION -- GetParameters: Done./silentnoreboot -managed 
-- CUSTOM ACTION -- GetProperty: Name=
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- GetProperty: Name=UILevel
-- CUSTOM ACTION -- GetProperty: Value=2
-- CUSTOM ACTION -- GetProperty: Name=UILevel
-- CUSTOM ACTION -- GetProperty: Value=2
-- CUSTOM ACTION -- SetProperty: Name=BZ.INIFILE
-- CUSTOM ACTION -- SetProperty: Value=C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
-- CUSTOM ACTION -- InstallPrepareInternal returned successfully
-- CUSTOM ACTION -- GetProperty: Name=BZ.INIFILE
-- CUSTOM ACTION -- GetProperty: Value=C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
-- CUSTOM ACTION -- Settings were written to C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
-- CUSTOM ACTION -- GetProperty: Name=BZ.WRAPPED_APPID
-- CUSTOM ACTION -- GetProperty: Value=
-- CUSTOM ACTION -- Wrapped application id is 
-- CUSTOM ACTION -- Setup file name is C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\mb-clean.exe
-- CUSTOM ACTION -- Valid exit codes are 0
-- CUSTOM ACTION -- Setup parameters are /silentnoreboot -managed
-- CUSTOM ACTION -- Working dir is 
-- CUSTOM ACTION -- Focus is no
-- CUSTOM ACTION -- Elevation mode is 
-- CUSTOM ACTION -- Run wrapped setup
-- CUSTOM ACTION -- Elevation mode is 
-- CUSTOM ACTION -- OS supports elevation
-- CUSTOM ACTION -- Do not elevate executable installer
-- CUSTOM ACTION -- Wait for finish
-- CUSTOM ACTION -- Success running wrapped setup. Exit code 0
-- CUSTOM ACTION -- Check exit code
-- CUSTOM ACTION -- InstallFinish1Internal returned successfully
-- CUSTOM ACTION -- Detect installation context (per user or per machine)
-- CUSTOM ACTION -- Wrapped setup was installed Per Machine
-- CUSTOM ACTION -- SetProperty: Name=ALLUSERS
-- CUSTOM ACTION -- SetProperty: Value=1
Action ended 14:32:16: bz.EarlyInstallMain. Return value 1.
Action start 14:32:16: ProcessComponents.
Action ended 14:32:16: ProcessComponents. Return value 1.
Action start 14:32:16: UnpublishFeatures.
Action ended 14:32:16: UnpublishFeatures. Return value 1.
Action start 14:32:16: RemoveRegistryValues.
Action ended 14:32:16: RemoveRegistryValues. Return value 1.
Action start 14:32:16: InstallFiles.
Action ended 14:32:16: InstallFiles. Return value 1.
Action start 14:32:16: bz.EarlyInstallSetPropertyForDeferred1.
Action ended 14:32:16: bz.EarlyInstallSetPropertyForDeferred1. Return value 1.
Action start 14:32:16: bz.EarlyInstallFinish2.
Action ended 14:32:16: bz.EarlyInstallFinish2. Return value 1.
Action start 14:32:16: WriteRegistryValues.
Action ended 14:32:16: WriteRegistryValues. Return value 1.
Action start 14:32:16: RegisterUser.
Action ended 14:32:16: RegisterUser. Return value 1.
Action start 14:32:16: RegisterProduct.
Action ended 14:32:16: RegisterProduct. Return value 1.
Action start 14:32:16: PublishFeatures.
Action ended 14:32:16: PublishFeatures. Return value 1.
Action start 14:32:16: PublishProduct.
Action ended 14:32:16: PublishProduct. Return value 1.
Action start 14:32:16: InstallFinalize.
-- CUSTOM ACTION -- InstallFinish2
-- CUSTOM ACTION -- Elevated
-- CUSTOM ACTION -- User name is SYSTEM
-- CUSTOM ACTION -- The user is a member of the Administrators group.
-- CUSTOM ACTION -- GetProperty: Name=CustomActionData
-- CUSTOM ACTION -- GetProperty: Value=C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
-- CUSTOM ACTION -- Ini file is C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
-- CUSTOM ACTION -- Wrapped application id is 
-- CUSTOM ACTION -- Unable to get wrapped application id from ini file: C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
CustomAction bz.EarlyInstallFinish2 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:32:16: InstallFinalize. Return value 3.
Action ended 14:32:16: INSTALL. Return value 3.
Property(S): UpgradeCode = {168AB3E9-DE15-4CCC-9BC3-AF1862D526C9}
Property(S): BZ.INSTALLFOLDER = C:\Program Files\[BZ.COMPANYNAME]\
Property(S): bz.EarlyInstallFinish2 = C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
Property(S): ProgramFilesFolder = C:\Program Files\
Property(S): TARGETDIR = C:\
Property(S): SourceDir = C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\
Property(S): ALLUSERS = 1
Property(S): ARPNOREPAIR = 1
Property(S): ARPNOMODIFY = 1
Property(S): BZ.VER = P
Property(S): BZ.COMPANYNAME = EXEMSI.COM
Property(S): BZ.BASENAME = mb-clean.exe
Property(S): BZ.ELEVATE_EXECUTABLE = Administrators
Property(S): BZ.INSTALLMODE = EARLY
Property(S): BZ.WRAPPERVERSION = 6.0.96.0
Property(S): BZ.INSTALL_SUCCESS_CODES = 0
Property(S): BZ.FIXED_INSTALL_ARGUMENTS = /silentnoreboot -managed 
Property(S): Manufacturer = Malwarebytes
Property(S): ProductCode = {44D0DA1A-3E04-44F9-AF63-4038B409EFAB}
Property(S): ProductLanguage = 1033
Property(S): ProductName = mb-clean
Property(S): ProductVersion = 2.4.0.1001
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): LogonUser = NUNYA
Property(S): USERNAME = ADMIN
Property(S): Date = 11/22/2017
Property(S): Time = 14:32:16
Property(S): MsiLogFileLocation = C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\output.log
Property(S): PackageCode = {0BB5F9EC-A58F-4FAB-9353-11D64113E2D6}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): CURRENTDIRECTORY = C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 2672
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 601
Property(S): WindowsBuild = 7601
Property(S): ServicePackLevel = 1
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): SystemFolder = C:\Windows\system32\
Property(S): System16Folder = C:\Windows\system\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\NUNYA\AppData\Local\Temp\
Property(S): CommonFilesFolder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\NUNYA\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\NUNYA\Favorites\
Property(S): NetHoodFolder = C:\Users\NUNYA\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\NUNYA\Documents\
Property(S): PrintHoodFolder = C:\Users\NUNYA\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\NUNYA\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\NUNYA\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\NUNYA\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\NUNYA\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 6
Property(S): PhysicalMemory = 3072
Property(S): VirtualMemory = 4981
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): UserSID = S-1-5-21-2721389147-606651417-1245404044-4578
Property(S): UserLanguageID = 1033
Property(S): ComputerName = KELSER-MGMT-32
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 22
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): MsiNetAssemblySupport = 4.6.1055.0
Property(S): MsiWin32AssemblySupport = 6.1.7601.17514
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): DATABASE = C:\Windows\Installer\283d9e7.msi
Property(S): OriginalDatabase = C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\mb-clean-managed.msi
Property(S): UILevel = 2
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
Property(S): BZ.INIFILE = C:\Users\NUNYA\AppData\Local\Temp\MW-15c9dc26-4205-4e7b-9b1f-4027f2d48970\msiwrapper.ini
Property(S): SOURCEDIR = C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\
Property(S): SourcedirProduct = {44D0DA1A-3E04-44F9-AF63-4038B409EFAB}
Property(S): ProductToBeRegistered = 1
=== Logging stopped: 11/22/2017  14:32:16 ===

 

Link to post
Share on other sites

  • 2 weeks later...

Ok so this was a true overworked, derp moment. I was using the uninstaller with the x switch for uninstall...but the MSI's default action is /i since its prime function is uninstalling. Now I that i realized that and fixed that it works. The only caveat is that when run as a script (like through labtech) it seems to leave the malwarebytes entry in add/remove programs. 

Calling it a second time cleans that up though. Thanks for your help,  djacobson.

Link to post
Share on other sites

I had no idea you were struggling like that! I'm sorry man, I should have given you the common commands for the tool. We're not using /x here since when using this, you are not invoking the msi installer cache of the app itself.

The add-remove entry will be removed after restarting, there's a few pieces like that actually, this is why that restart needs to take place even when the tool suppresses the reboot. It is suppressed so that the admin can choose when the restart happens instead of right away during the tools use.

Very glad to hear that you figured it out!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.