domingo, 2 de maio de 2010

10 Steps to totally and completely Remove Panda Anti Virus Protection Service from Computer or Server

I decided to add this here first so i won't forget, second so that anyone experiencing the same issue and is tired of looking for the web with no success on this, can apply the procedure i tell you here, and move on to be productive.

Well, how to fully remove Panda Services from the computer?
Why you would want to remove it?

For the second question, you might want to add a new protection from other company and would like to clean the dependencys from the previous one. OR, you happened to have a previous version of Panda Admin Secure and installing a new version does not successfully update all the clients. Or better still, you can't update Panda clients after you have migrated the domain, and freshed install the new version of Panda Admin Secure onto a new server.

Panda is installed on the client side at the following location:
%ProgramFiles%\Panda Software\

There is a file at %ProgramFiles%\Panda Software\Panda Administrator 3 called DServers.ini but changing it to the right server won't change a thing.

So, onto the removal:

There are some approaches that i have gatthered here, there, panda security forum, etc, but i have compiled it all to suit every scenerios to become completely removed , resulting in a always successfull fresh client install after that.

Step 1
Create a distributable package on your latest version of AdminSecure Console and save it to your hard drive. After that, you will have two files, named ConfPavAgent.ini and Pavagent.exe. Edit the ini file in notepad and change "action=install" to "action=uninstall"

Step 2
With the INI file saved, run PavAgent and let it do it's job. It might take a while, 15 minutes is an average on some computers.

Password is panda in lowercase letters
Extract the contents and run \ClientShield\RemoveALL with administrator privilidges. Altough the warning it says that is not responsible for any damage etc, i have run it successfully in dozens of computers and servers. It will take a few seconds to complete, as it works in the windows registry to remove certain keys.

Step 4
Open regedit and go to key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Check if there are any services left starting with PAV and if so, remove them:

Step 5
Go to Device Manager -> View -> Show hidden devices . Check if there are still any hidden devices installed, if so remove them, don't restart yet when it asks:

Step 6
There is a Panda NDIS filter installed in each Network connection you have. Go to the connection properties and uninstall this filter with administrative privilidges:

*Any network Connection will be temporarily lost while removing this filter

Step 7

Step 8
Delete PAV*.* and ShlDrv51.sys from C:\windows\system32\drivers

Step 9
Delete %ProgramFiles%\Panda Software and %ProgramFiles%\Common Files\Panda Software folders . IMPORTANT: Any quarantined file will be deleted as the restore folder is deleted, so if you want to keep any important file you have that may have been blocked and want to restore it, you should try to trestore it first.

Step 10
Check with the tool XSAid3 if there are any registered services left (started or stopped ) and if so remove them and reboot.

Your system will be now cleaned and ready for new client distribution.

One last note, Windows Firewall might be an obstacle to successfully distributing clients remotely, temporarily turn off Windows Firewall or enable Remote Admininstration on the firewall service rules.
Thanks for reading.

Taken  from:

3 comentários: