-
-
Save Coopeh/8470068 to your computer and use it in GitHub Desktop.
@ECHO OFF | |
ECHO ==================================================================== | |
ECHO Sophos Removal v1.0 - Ed Cooper 2014 | |
ECHO Removes Sophos v7 - v10 | |
ECHO ==================================================================== | |
ECHO. | |
ECHO. | |
IF NOT EXIST "%~dp0\msizap.exe" GOTO MSIZAPNOTFOUND | |
ECHO Administrative permissions required. Detecting permissions... | |
ECHO. | |
net session >NUL 2>&1 | |
IF %errorLevel% == 0 ( | |
ECHO All good, let's go! | |
GOTO GO | |
) ELSE ( | |
ECHO Nah, you ain't no admin! Try again with Run as Administrator. | |
ECHO. | |
PAUSE | |
EXIT | |
) | |
:GO | |
ECHO. | |
ECHO ==================================================== | |
ECHO Modifying Services | |
ECHO ==================================================== | |
net stop "Sophos Agent" >NUL 2>&1 | |
net stop "Sophos Anti-Virus" >NUL 2>&1 | |
net stop "Sophos Anti-Virus status reporter" >NUL 2>&1 | |
net stop "Sophos AutoUpdate Service" >NUL 2>&1 | |
net stop "Sophos Message Router" >NUL 2>&1 | |
net stop "Sophos Web Intelligence Service" >NUL 2>&1 | |
net stop "Sophos Client Firewall" >NUL 2>&1 | |
net stop "Sophos Client Firewall Manager" >NUL 2>&1 | |
net stop "Sophos Web Control Service" >NUL 2>&1 | |
sc config sharedaccess start= disabled >NUL 2>&1 | |
sc config browser start= auto >NUL 2>&1 | |
sc config remoteregistry start= auto >NUL 2>&1 | |
sc config lanmanserver start= auto >NUL 2>&1 | |
sc config schedule start= auto >NUL 2>&1 | |
sc config msiserver start= auto >NUL 2>&1 | |
sc config lanmanworkstation start= auto >NUL 2>&1 | |
net stop sharedaccess >NUL 2>&1 | |
net start lanmanworkstation >NUL 2>&1 | |
net start msiserver >NUL 2>&1 | |
net start schedule >NUL 2>&1 | |
net start lanmanserver >NUL 2>&1 | |
net start remoteregistry >NUL 2>&1 | |
net start browser >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Performing MSI Uninstall | |
ECHO ==================================================== | |
msiexec.exe /x "c:\program files\sophos\autoupdate\cache\savxp\sophos anti-virus.msi" /q /norestart >NUL 2>&1 | |
msiexec.exe /x "c:\program files\sophos\autoupdate\cache\rms\sophos remote management system.msi" /q /norestart >NUL 2>&1 | |
msiexec.exe /x "c:\program files\sophos\autoupdate\cache\sau\sophos autoupdate.msi" /q /norestart >NUL 2>&1 | |
msiexec.exe /x "c:\program files\sophos\autoupdate\cache\scf\sophos client firewall.msi" /q /norestart >NUL 2>&1 | |
reg delete HKLM\Software\Sophos /f >NUL 2>&1 | |
reg delete HKCU\Software\Sophos /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SavService" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SAVAdminService" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Certification Manager" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos EMLib Update Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SEMscheduler" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Management Service" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Message Router" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SQLAgent$SOPHOS" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SOPHOS" /f >NUL 2>&1 | |
reg delete "HKLM\System\CurrentControlSet\Services\Eventlog\Sophos" /f >NUL 2>&1 | |
reg delete "HKEY_CLASSES_ROOT\ISPSheet" /f >NUL 2>&1 | |
reg delete "HKEY_CLASSES_ROOT\ISPSheet.1" /f >NUL 2>&1 | |
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{061CC07B-BA7A-44D1-81FA-D36BE1CE55D9}" /f >NUL 2>&1 | |
TASKKILL /F /IM "Almon.exe" >NUL 2>&1 | |
TASKKILL /F /IM "swc_service.exe" >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Performing MSI Cleanup | |
ECHO ==================================================== | |
"%~dp0\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {FED1005D-CBC8-45D5-A288-FFC7BB304121} >NUL 2>&1 | |
"%~dp0\MSIZAP.EXE" tw {12C00299-B8B4-40D3-9663-66ABEA3198AB} >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Performing Registry Cleanup | |
ECHO ==================================================== | |
reg delete HKLM\Software\Sophos /f >NUL 2>&1 | |
reg delete HKCU\Software\Sophos /f >NUL 2>&1 | |
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SavService" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SAVAdminService" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Certification Manager" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos EMLib Update Agent" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SEMscheduler" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Management Service" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sophos Message Router" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SQLAgent$SOPHOS" /f >NUL 2>&1 | |
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SOPHOS" /f >NUL 2>&1 | |
reg delete "HKLM\System\CurrentControlSet\Services\Eventlog\Sophos" /f >NUL 2>&1 | |
reg delete "HKEY_CLASSES_ROOT\ISPSheet" /f >NUL 2>&1 | |
reg delete "HKEY_CLASSES_ROOT\ISPSheet.1" /f >NUL 2>&1 | |
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{061CC07B-BA7A-44D1-81FA-D36BE1CE55D9}" /f >NUL 2>&1 | |
ECHO REGEDIT4 > %TEMP%\SOTMP.REG | |
ECHO. >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E932B7952303A194 3A2218777329E5A8] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0D6888B32A892994 0ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A2ECF5789F971654 CBB5476964870E94] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_CURRENT_USER\Software\Sophos] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVAdminService] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVService] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Agent] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVAdminService] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Agent] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\public.pem"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\BackgroundScanClient.exe"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\WSCClient.exe"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\DataControlManagement.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\DetectionFeedback.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\ComponentManager.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\Configuration.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\DriveProcessor.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\EEConsumer.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\ICAdapter.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\SAVControl.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\SIPSManagement.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\SWIManagement.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\SavProgress.exe"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\ScanManagement.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\SystemInformation.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\TamperProtectionControl.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\TamperProtectionManagement.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\TamperProtectionPlugin.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\ThreatDetection.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\VirusDetection.dll"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\Cache\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\Config\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\data\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\Logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\zh_cn\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\zh_tw\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\AutoUpdate\\DefaultConfig\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\en\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\fr\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\de\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\it\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\ja\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\AutoUpdate\\es\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Windows\\Installer\\{15C418EB-7675-42be-B2B3-281952DA014D}\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\ALC\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\Logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\EMLib\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\EMLib\\Logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Router\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Router\\Envelopes\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\NAC\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Router\\NetworkReport\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Router\\Logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\SAV\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\SCF\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Remote Management System\\3\\Agent\\AdapterStorage\\SDDM\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Windows\\Installer\\{FED1005D-CBC8-45D5-A288-FFC7BB304121}\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sophos\\Sophos Endpoint Security and Control\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Sophos\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\Config\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Windows\\Installer\\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\INFECTED\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\Temp\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Anti-Virus\\Cache\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Data Control\\logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Data Control\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Device Control\\logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Device Control\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Tamper Protection\\logs\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\ProgramData\\Sophos\\Sophos Tamper Protection\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\Web Control\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders] >> %TEMP%\SOTMP.REG | |
ECHO "C:\\Program Files\\Sophos\\Sophos Anti-Virus\\Web Intelligence\\"=- >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Web Control Service] >> %TEMP%\SOTMP.REG | |
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swi_update] >> %TEMP%\SOTMP.REG | |
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %TEMP%\SOTMP.REG | |
ECHO "Sophos AutoUpdate Monitor"=- >> %TEMP%\SOTMP.REG | |
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact >NUL 2>&1 >NUL | |
sc start "SopReg" >NUL 2>&1 >NUL | |
sc delete "SopReg" >NUL 2>&1 >NUL | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Deleting Sophos Services | |
ECHO ==================================================== | |
sc delete SAVService >NUL 2>&1 | |
sc delete SAVAdminService >NUL 2>&1 | |
sc delete "Sophos Agent" >NUL 2>&1 | |
sc delete "Sophos AutoUpdate Agent" >NUL 2>&1 | |
sc delete "Sophos AutoUpdate Service" >NUL 2>&1 | |
sc delete "Sophos Message Router" >NUL 2>&1 | |
sc delete "swi_service" >NUL 2>&1 | |
sc delete "Sophos Client Firewall" >NUL 2>&1 | |
sc delete "Sophos Client Firewall Manager" >NUL 2>&1 | |
sc delete "Sophos Web Control Service" >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Unregistering DLLs | |
ECHO ==================================================== | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\backgroundscanning.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\componentmanager.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\configuration.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\desktopmessaging.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\driveprocessor.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\eeconsumer.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\filterprocessors.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\fsdecomposer.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icadapter.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icmanagement.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\icprocessors.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\legacyconsumers.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\localisation.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\logging.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\persistance.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI0.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVMSCM.DLL" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\savshellext.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditexports.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scaneditfacade.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\scanmanagement.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\security.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\sophtaineradapter.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\systeminformation.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatdetection.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\threatmanagement.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\translators.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\virusdetection.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\cidsync.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\config.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\inetconn.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\InstlMgr.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ispsheet.dll" >NUL 2>&1 | |
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\logger.dll" >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Removing the Sophos Installation Files | |
ECHO ==================================================== | |
RD /s /Q %TEMP% >NUL 2>&1 | |
MD %TEMP% >NUL 2>&1 | |
RD /s /Q %WINDIR%\TEMP\ >NUL 2>&1 | |
MD %WINDIR%\Temp >NUL 2>&1 | |
RD /S /Q "%PROGRAMFILES%\SOPHOS\AutoUpdate" >NUL 2>&1 | |
RD /S /Q "%PROGRAMFILES%\SOPHOS\Sophos Anti-Virus" >NUL 2>&1 | |
RD /S /Q "%PROGRAMFILES%\SOPHOS\Remote Management System" >NUL 2>&1 | |
RD /S /Q "%PROGRAMFILES%\SOPHOS\" >NUL 2>&1 | |
RD /S /Q "C:\SAVXPSA" >NUL 2>&1 | |
RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" >NUL 2>&1 | |
RD /S /Q "%ALLUSERSPROFILE%\Application Data\Sophos" >NUL 2>&1 | |
RD /S /Q "%USERPROFILE%\Application Data\Sophos" >NUL 2>&1 | |
DEL /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk" >NUL 2>&1 | |
RD /S /Q "%WINDIR%\Installer\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" >NUL 2>&1 | |
RD /S /Q "%WINDIR%\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}" >NUL 2>&1 | |
RD /S /Q "%WINDIR%\Installer\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" >NUL 2>&1 | |
RD /S /Q "%WINDIR%\Installer\{FF11005D-CBC8-45D5-A288-25C7BB304121}" >NUL 2>&1 | |
RD /S /Q "%WINDIR%\Installer\{387EF71D-9F19-4059-B6E5-B29E521AF040}" >NUL 2>&1 | |
DEL /Q "%WINDIR%\System32\Drivers\savonaccesscontrol. sys" >NUL 2>&1 | |
DEL /Q "%WINDIR%\System32\Drivers\savonaccessfilter.s ys" >NUL 2>&1 | |
IF EXIST "C:\Program Files\Sophos" rmdir "C:\Program Files\Sophos" /s /q >NUL 2>&1 | |
IF EXIST "C:\Program Files (x86)\Sophos" rmdir "C:\Program Files (x86)\Sophos" /s /q >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
ECHO ==================================================== | |
ECHO Deleting Sophos Accounts and Sophos Groups | |
ECHO ==================================================== | |
Net user SophosSAU%COMPUTERNAME%0 /DELETE >NUL 2>&1 | |
Net user SophosSAU%COMPUTERNAME%1 /DELETE >NUL 2>&1 | |
Net user SophosSAU%COMPUTERNAME%2 /DELETE >NUL 2>&1 | |
Net user SophosSAU%COMPUTERNAME%3 /DELETE >NUL 2>&1 | |
Net localgroup SophosAdministrator /DELETE >NUL 2>&1 | |
Net localgroup SophosOnAccess /DELETE >NUL 2>&1 | |
Net localgroup SophosPowerUser /DELETE >NUL 2>&1 | |
Net localgroup SophosUser /DELETE >NUL 2>&1 | |
ECHO. | |
ECHO Done | |
ECHO. | |
GOTO DONE | |
:MSIZAPNOTFOUND | |
ECHO msizap.exe not found, please copy it to this script's directory and run the script again | |
PAUSE | |
EXIT | |
:DONE | |
ECHO. | |
ECHO ==================================================== | |
ECHO All done! | |
ECHO ==================================================== | |
ECHO. | |
EXIT |
Worked great for me. One thing I noticed that it did not kill the ALMon process. Other than that, all good. @WINNERI I don't think you would be able to script that kind of thing. Removal from Sophos Cloud AKA Sophos Central would still be manual process. If all the Sophos processes are gone, then it won't be able to report back to Sophos.
I updated this to include newer GUID's & service deletion:
https://gist.github.com/ion-storm/11ff973495002f228b0f7949f3c52e13
Not seeing the difference between your updated bat file and the original (as far as having additional Service Deletions).
You may also want to change your MISZAP.exe references to msicuu2.exe since MISZAP is no longer supported.
In looking at the bat file again, it looks like it is for versions v7-v10.
I am at v11.5.6 - a lot of differences. This bat needs a complete rewrite for 11 ....unless someone has already done it.... maybe you ion-storm?
This worked for me, thank you very much.
Also stubobis1 's info was very helpful as well.
Dear @Coopeh, dear @ion-storm, I hope that you are well.
I'm like @krhoads65, stuck with 11.5.9 version and totally disappointed.
Can anyone help us on this version as previous script does not work any longer.
it is a full nightmare, as sometimes it removes false positive files.
thanks to all the community.
Can you please tell me how to enable/disable sophos web Control. i have only access to administrative command prompt
Great script! Worked for me, I was not able to uninstall following the right way. I was getting an error message: MSI terminated unexpectedlly
THANK YOU SO MUCH
i did all now is not showing in my computer
but in the cloud my computer and all my activities are there
that's mean it is not removed