Skip to content

Instantly share code, notes, and snippets.

@robbybarnes

robbybarnes/gist:7549220822aa8e4c714fbd113184e268

Created July 17, 2022 23:05
Show Gist options
  • Save robbybarnes/7549220822aa8e4c714fbd113184e268 to your computer and use it in GitHub Desktop.
Save robbybarnes/7549220822aa8e4c714fbd113184e268 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
#!/usr/bin/env bash
: '
######################################################
Malwarebytes Uninstall Reinstall Tool for Mac
Clean utility for removing all Malwarebytes application software and files.
This script will remove all components of Malwarebytes and prompt to reinstall latest consumer version
created on 2019-June-11 by Aditya
updated on 2021-March-15 by Aditya
Copyright (c) 2021 Malwarebytes
https://support.malwarebytes.com
All rights reserved.
#################################################
'
set +e
#set -x
exec > ~/Documents/mwb_re-install_log.txt 2>&1
runninglogUser=`logname`
runningUser=$(stat -f "%Su" /dev/console)
echo "=========================================="
echo " Malwarebytes Re-install Tool for Mac"
echo " Run from MB-Mac-uninstall-reinstall tool"
echo "------------------------------------------"
echo "script updated on 2021-March-15 by Aditya"
echo ""
echo "$(date +"Report created on %A, %B %d, %Y at %r %Z")"
echo "$(date -u +"%Y-%m-%d %r %Z")"
echo ""
macosver=$(sw_vers -productVersion)
echo "MacOS Version is : $macosver"
#MacOSVersion=$(sw_vers -productVersion | cut -d '.' -f 2)
kernel_ver=$(uname -r | cut -d '.' -f 1)
MacOSVersion=$((${kernel_ver} - 4 ))
echo ""
echo "runningUser > $runningUser"
echo "runninglogUser > $runninglogUser"
echo ""
if groups $(id -u "$runningUser") | grep -q -w admin;
then
echo "Running tool from user:> ("$runningUser") with UID: $(id -u "$runningUser") is admin: Yes"
else
echo "Running tool from user:> "$runningUser" with UID: $(id -u "$runningUser") is admin: No"
echo ""
fi
echo ""
echo "Users Logged: `w` "
echo ""
echo "==================================="
## ----------------------------------------
## Variables
## ----------------------------------------
MB_PRODUCT_IDENTIFIER="mbam"
MB_PRODUCT_IDENTIFIER__UPPERCASE="MBAM"
MB_PRODUCT_DOMAIN="com.malwarebytes.${MB_PRODUCT_IDENTIFIER}"
MB_PRODUCT_DOMAIN_SHORT="MB_${MB_PRODUCT_IDENTIFIER__UPPERCASE}"
APP_SRC="/Applications/Malwarebytes.app"
APP_SUPPORT_DIR="/Library/Application Support/Malwarebytes"
APP_SUPPORT_PRODUCT_DIR="${APP_SUPPORT_DIR}/${MB_PRODUCT_IDENTIFIER__UPPERCASE}"
APP_SRC_V1="/Applications/Malwarebytes Anti-Malware.app/"
APP_SRC_PH_V1="/Library/PrivilegedHelperTools/com.malwarebytes.HelperTool"
APP_SRC_PH_V1_OLD="/Library/PrivilegedHelperTools/com.malwarebytes.MBAMHelperTool"
# File name of our main UI application.
# Note that it has 'Malwarebytes' alias (shown in the Activity Monitor).
FRONTEND_APPLICATION_NAME="FrontendApplication"
FRONTEND_APPLICATION_ALIAS="Malwarebytes"
FRONTEND_LAUNCHER_NAME="Malwarebytes"
FRONTEND_LAUNCHER_ALIAS="${FRONTEND_LAUNCHER_NAME}"
#FRONTEND_APPLICATION_NAME_V1="FrontendApplication"
FRONTEND_APPLICATION_ALIAS_V1="Malwarebytes Anti-Malware"
FRONTEND_LAUNCHER_NAME_V1="Malwarebytes Anti-Malware"
FRONTEND_LAUNCHER_ALIAS_V1="${FRONTEND_LAUNCHER_NAME_V1}"
AGENT_PLIST_SRC="/Library/LaunchAgents/${MB_PRODUCT_DOMAIN}.frontend.agent.plist"
HELPERTOOL_V1="/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist"
HELPERTOOL_V1_OLD="/Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist"
RTP_DAEMON_JOB_NAME="${MB_PRODUCT_DOMAIN}.rtprotection.daemon"
RTP_DAEMON_PLIST_SRC="/Library/LaunchDaemons/${RTP_DAEMON_JOB_NAME}.plist"
SK_DAEMON_JOB_NAME="${MB_PRODUCT_DOMAIN}.settings.daemon"
SK_DAEMON_PLIST_SRC="/Library/LaunchDaemons/${SK_DAEMON_JOB_NAME}.plist"
RTP_KEXT_ID="${MB_PRODUCT_DOMAIN}.rtprotection"
RTP_KEXT_SRC="/Library/Extensions/${MB_PRODUCT_DOMAIN_SHORT}_Protection.kext"
RTP_KEXT_LEGACY_SRC="/Library/Extensions/${RTP_KEXT_ID}.kext"
TRUE=0
FALSE=1
GUEST_UID=201
LAST_SYSTEM_RESERVED_UID=499
## ----------------------------------------
## Helper Functions
## ----------------------------------------
# - Parameters:
# - $1: major version.
# - $2: minor version.
is_available_function()
{
local CURRENT_OSX_VERSION_MAJOR=$(sw_vers -productVersion | awk -F '.' '{print $1}')
local CURRENT_OSX_VERSION_MINOR=$(sw_vers -productVersion | awk -F '.' '{print $2}')
if [ ${CURRENT_OSX_VERSION_MAJOR} -eq $1 ]; then
if [ ${CURRENT_OSX_VERSION_MINOR} -ge $2 ]; then
return ${TRUE}
fi
else
if [ ${CURRENT_OSX_VERSION_MAJOR} -gt $1 ]; then
return ${TRUE}
fi
fi
return ${FALSE}
}
killall_frontends_function()
{
echo "Killing '${FRONTEND_APPLICATION_NAME}' main UI if it's running..."
killall "${FRONTEND_APPLICATION_NAME}"
echo "Killing '${FRONTEND_LAUNCHER_NAME}' launcher if it's running..."
killall "${FRONTEND_LAUNCHER_NAME}"
echo "Killing '${FRONTEND_APPLICATION_NAME_V1}' V1 main UI if it's running..."
killall "${FRONTEND_APPLICATION_NAME_V1}"
echo "Killing '${FRONTEND_LAUNCHER_NAME_V1}' V1 launcher if it's running..."
killall "${FRONTEND_LAUNCHER_NAME_V1}"
echo ""
}
stop_agents_daemons_and_driver_function()
{
# Agents
echo "Agent unload for All active users from '${AGENT_PLIST_SRC}'..."
if [ -f "${AGENT_PLIST_SRC}" ]; then
# Starting from 10.11 we should use new API to load agent
if is_available_function 10 11; then
echo " Using new launchctl interface:"
for uid in $(ps -axo uid,args | grep -i "[l]oginwindow.app" | awk '{print $1}'); do
uid=$(echo $uid | cut -d, -f1)
if [[ $uid -gt ${LAST_SYSTEM_RESERVED_UID} || $uid -eq ${GUEST_UID} ]]; then
echo " UID: $uid"
launchctl bootout gui/"$uid" "${AGENT_PLIST_SRC}"
fi
done
else
echo " Using legacy launchctl interface:"
for pid_uid in $(ps -axo pid,uid,args | grep -i "[l]oginwindow.app" | awk '{print $1 "," $2}'); do
pid=$(echo $pid_uid | cut -d, -f1)
uid=$(echo $pid_uid | cut -d, -f2)
if [[ $uid -gt ${LAST_SYSTEM_RESERVED_UID} || $uid -eq ${GUEST_UID} ]]; then
echo " PID: $pid; UID: $uid"
launchctl bsexec "$pid" chroot -u "$uid" / launchctl unload "${AGENT_PLIST_SRC}"
fi
done
fi
echo "Agent unloading has been finished."
else
echo "Agent is not loaded."
fi
# RTP Daemon
echo "Stopping '${RTP_DAEMON_JOB_NAME}' RTP daemon..."
launchctl unload "${RTP_DAEMON_PLIST_SRC}"
#V1 helper tool unload
echo "Stopping '${HELPERTOOL_V1}' V1 Anti-Malware..."
launchctl unload "${HELPERTOOL_V1}"
echo "Stopping '${HELPERTOOL_V1_OLD}' OLD MABMHelper V1 Anti-Malware..."
launchctl unload "${HELPERTOOL_V1_OLD}"
# RTP KEXT
echo "Unloading '${RTP_KEXT_ID}' FSO driver..."
kextunload -b "${RTP_KEXT_ID}"
# SK Daemon
echo "Stopping '${SK_DAEMON_JOB_NAME}' SK daemon..."
launchctl unload "${SK_DAEMON_PLIST_SRC}"
}
forget_product_package_function()
{
if pkgutil --packages | grep -q "malwarebytes"; then
pkgutil --forget com.malwarebytes.mbam.uninstaller || true
pkgutil --forget com.malwarebytes.mbam.installer || true
pkgutil --forget com.malwarebytes.pkg.EndpointAgent || true
pkgutil --forget com.malwarebytes.ncep.installer || true
pkgutil --forget com.malwarebytes.ncep.uninstaller || true
fi
}
remove_product_business_useragent_function()
{
cmdremoveEP="/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon.app/Contents/MacOS/EndpointAgentDaemon"
if [ -f "$cmdremoveEP" ]; then
echo "Business version removal started"
echo ""
eval "'$cmdremoveEP' -uninstall"
echo "Business version is removed"
echo ""
else
echo ""
echo "Malwarebytes Business version EP is not installed."
echo ""
return
fi
}
# remove NCEP SDK
removeNCEP()
{
cmdremovencep="/Library/Application Support/Malwarebytes/NCEP/Engine.bundle/Contents/Resources/Remove_Malwarebytes.pkg"
if [ -f "$cmdremovencep" ]; then
echo ""
echo "Removing NCEP SDK..."
echo ""
eval "installer -pkg '$cmdremovencep' -target /"
else
echo ""
echo "Malwarebytes NCEP SDK is not installed."
echo ""
fi
}
# remove Consumer version via removal_pkg
removeMBAM()
{
cmdremovembam="/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/Resources/Remove_Malwarebytes.pkg"
if [ -f "$cmdremovembam" ]; then
echo "Removing consumer version..."
eval "installer -pkg '$cmdremovembam' -target /"
else
echo ""
echo "Malwarebytes consumer version is not installed or pkg is not present."
echo ""
fi
}
remove_product_files_function()
{
echo "Removing files...started"
removeNCEP || true
remove_product_business_useragent_function || true
removeMBAM || true
##will check and remove files manually
remove_folder_function "${APP_SRC}"
#remove_folder_function "${APP_SUPPORT_PRODUCT_DIR}"
remove_folder_function "${RTP_KEXT_SRC}"
remove_folder_function "${RTP_KEXT_LEGACY_SRC}"
remove_file_function "${AGENT_PLIST_SRC}"
remove_file_function "${RTP_DAEMON_PLIST_SRC}"
remove_file_function "${SK_DAEMON_PLIST_SRC}"
find /tmp/ -type f -name "com.malwarebytes.*" | while read path; do
remove_file_function "$path";
done
# parse all user folders and remove: /Users/xxxx/Library/Application Support/Malwarebytes
for userFolderPath in /Users/*; do
echo ""
echo "Removing user's folder for: $userFolderPath"
rm -rf "$userFolderPath/Library/Application Support/com.malwarebytes.*"
rm -rf "$userFolderPath/Library/Application Support/Malwarebytes"
rm -f "$userFolderPath/Library/Preferences/com.malwarebytes.*"
echo "removed files from home folder: $userFolderPath"
echo ""
done
rm -f "${HELPERTOOL_V1}"
rm -f "${HELPERTOOL_V1_OLD}"
rm -rf "${APP_SRC_V1}"
rm -f "${APP_SRC_PH_V1}"
rm -f "${APP_SRC_PH_V1_OLD}"
# remove NCEP system LaunchDaemon plist files
rm -f "/Library/LaunchDaemons/com.malwarebytes.ncep.rtprotection.daemon.plist"
rm -f "/Library/LaunchDaemons/com.malwarebytes.ncep.settings.daemon.plist"
# Remove MBBR CLI
echo ""
echo "Removing Malwarebytes MBBR"
rm -rf "/Applications/Malwarebytes Breach Remediation.app"
rm -rf "/usr/local/bin/mbbr"
rm -rf "/usr/local/bin/mbbr-data"
rm -rf "/usr/local/bin/mbbr-logs"
##removing adwaremedic file oldest version
rm -rf ~/Library/Application\ Support/com.thesafemac.adwaremedic/
rm -rf /Applications/AdwareMedic.app
rm -rf /Applications/Malwarebytes\ Anti-Malware*
echo "Removing files...end"
echo ""
forget_product_package_function
# Removing DIR even its not empty
rm -rf "${APP_SUPPORT_DIR}" || true
echo ""
### using python lib from Kyle github, which is most helpful to remove dock items
##Copyright 2008 Kyle Crawford
##https://github.com/kcrawford/dockutil/blob/master/scripts/dockutil
echo ">>>Running dockutil python script to remove mwb icon from dock"
echo ""
scriptDir=$(cd "$(dirname "$0")"; pwd -P)
"$scriptDir"/dockutil -v --remove 'Malwarebytes Anti-Malware' --allhomes; "$scriptDir"/dockutil -v --remove 'Malwarebytes' --allhomes 2>&1
echo ""
echo ">>>end of uninstall scripts"
echo ""
}
# Changes the owner of the file to the needed one and deletes it.
remove_file_function()
{
# Below we append '|| true' to NOT fail whole script in case of rm/chmod/chown failure which is ok.
chown 0:0 "$1" || true
chmod 755 "$1" || true
rm -f "$1" || true
}
# Changes the owner of the folder to the needed one and deletes it.
remove_folder_function()
{
# Below we append '|| true' to NOT fail whole script in case of rm/chmod/chown failure which is ok.
chown -R 0:0 "$1" || true
chmod -R 755 "$1" || true
rm -rf "$1" || true
}
##function to install mbw 3.x/4.x
install_mwb4_latest()
{
echo ""
echo ">>>downloading installer 4.x.xx to tmp"
echo ""
curl -L -o '/tmp/Malwarebytes-Mac-4.x.xx.pkg' https://downloads.malwarebytes.com/file/mb-mac
echo ""
echo ">>>running installer 4.x.xx with Current user: $(whoami) ($(id -u)) on macOS '$macosver' "
echo ""
if [ -e /tmp/Malwarebytes-Mac-4.x.xx.pkg ]; then
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-4.x.xx.pkg -target /
sleep 2
open /Applications/Malwarebytes.app/
sleep 2
rm -rf /tmp/Malwarebytes-Mac-4.x.xx.pkg
else
echo ">>>could not find the installer file. Exiting"
echo ""
fi
}
install_mwb3_Yosemite()
{
echo ""
echo ">>>downloading installer 3.9.3x legacy for Yosemite to tmp"
echo ""
curl -L -o '/tmp/Malwarebytes-Mac-3.9.3x.xx.pkg' https://downloads.malwarebytes.com/file/mb3-mac-legacy
echo ""
echo ">>>running installer 3.9.3x with Current user: $(whoami) ($(id -u)) on macOS '$macosver' "
echo ""
if [ -e /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg ]; then
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg -target /
sleep 2
open /Applications/Malwarebytes.app/
sleep 2
rm -rf /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg
else
echo ">>>could not find the installer file. Exiting"
echo ""
fi
}
install_mb4_EICaptain()
{
echo ""
echo ">>>downloading installer 4.6.x legacy for EI Captain to tmp"
echo ""
curl -L -o '/tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg' https://downloads.malwarebytes.com/file/mb-mac-4-16-12
echo ""
echo ">>>running installer Malwarebytes-Mac-4.6.12.EICaptain.pkg with Current user: $(whoami) ($(id -u)) on macOS '$macosver' "
echo ""
if [ -e /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg ]; then
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg -target /
sleep 2
open /Applications/Malwarebytes.app/
sleep 2
rm -rf /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg
else
echo ">>>could not find the installer file. Exiting"
echo ""
fi
}
install_Mbam()
{
if [[ "$MacOSVersion" == "10" ]]; then
install_mwb3_Yosemite
elif [[ "$MacOSVersion" == "11" ]]; then
install_mb4_EICaptain
elif [[ "$MacOSVersion" =~ (12|13|14|15|16) ]]; then ## 16 means Big Sur
install_mwb4_latest
else
echo "could not find correct macOS Version"
fi
}
checkInternet()
{
curl -Is http://www.google.com | head -1 | grep 200
if [[ $? -eq 0 ]]; then
#echo "Internet available"
return 0
else
#echo "No internet"
return 1
fi
}
## ----------------------------------------
## Main
## ----------------------------------------
echo "Current user: $(whoami) ($(id -u)) on macOS '$macosver' "
echo ""
####eject disk mounted
echo "eject mounted disk for Malwarebytes Anti-Malware"
diskutil unmount /Volumes/Malwarebytes\ Anti-Malware
echo ""
killall_frontends_function || true
stop_agents_daemons_and_driver_function || true
remove_product_files_function
sleep 1
###end of script
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment