Windows 10: Can anyone help me uninstall maliciously installed computer Administrator software ?

Discus and support Can anyone help me uninstall maliciously installed computer Administrator software ? in Windows 10 Software and Apps to solve the problem; I recently bought a computer. Inset it up but then forgot the password. I have a Best Buy Plus Memebership so I had them factory reset the device.... Discussion in 'Windows 10 Software and Apps' started by Emily Koresh, Jun 25, 2024.

  1. EMILY KORESH
    Emily Koresh Win User

    Can anyone help me uninstall maliciously installed computer Administrator software ?


    I recently bought a computer. Inset it up but then forgot the password. I have a Best Buy Plus Memebership so I had them factory reset the device. HOWEVER when I received it back I noticed that it now has at least 3nuser accounts on it and software for remote monitoring installed on it. and windows powershell In fact they are trying to interfere with the posting of this question. It wont let me access different websites or even then contact customer support on the microsoft website. Is there anyone who can assist me?

    :)
     
    Emily Koresh, Jun 25, 2024
    #1
  2. ANTHONY GAL
    Anthony Gal Win User

    malicious software removal tool

    Hi Alex,

    We would like to know more about the issue by answering the following questions below:

    • Have you tried to uninstall and reinstall Microsoft Windows Malicious Software Removal Tool?
    • What is the last action taken before this issue happens?

    We suggest that you check this link for more details regarding your issue:
    The Microsoft Windows Malicious Software Removal Tool (MSRT) helps remove specific, prevalent malicious software from computers that are running supported versions of Windows.

    We look forward to your response.
     
    Anthony Gal, Jun 25, 2024
    #2
  3. SAYAN_GHOSH
    Sayan_Ghosh Win User
    Not Able to install, uninstall any software. Windows 10 Administrator password required for every action

    Hello Amit,

    Thank you for keeping us posted.

    At this point, I suggest you to check if the user account you are logged into is an administrator account or not. If not, I suggest you to login to the computer
    Administrator account.

    Secondly, I suggest you to check if there are any other user account in your computer with admin privileges.

    To do so, open Advanced User Accounts Control Panel to check all the user accounts created in the computer. Please follow the below steps.

    • Press the Windows key and R from the keyboard to open the Run Command Dialog Box.
    • Enter netplwiz

    Kindly keep us posted.

    Thank you.
     
    Sayan_Ghosh, Jun 25, 2024
    #3
  4. KALEVALEN
    Kalevalen Win User

    Can anyone help me uninstall maliciously installed computer Administrator software ?

    Cannot uninstall program from my computer.

    Solution



    Warning: These removal steps can disable other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process.



    Log on as Administrator
    Manual removal of Symantec Endpoint Protection must be done from the Administrator account. To enable the Administrator account, read the following document from the Microsoft Knowledge Base: Enable and Disable the Built-in Administrator Account.

    When the Administrator account is enabled, log on to that account.

    Stop Symantec Endpoint Protection

    Click Start > Run.
    Type msconfig
    Click OK.
    On the Startup tab, uncheck Symantec Security Technologies.
    In the Services tab, uncheck the following (not all may be present):
    Symantec Event Manager
    Symantec Settings Manager
    LiveUpdate
    Symantec Management Client
    Symantec Network Access Control
    Symantec Endpoint Protection
    Click OK, and then restart the computer.
    After the computer starts up, an alert appears. Check the box and click OK.



    Remove the Teefer2 driver

    Click Start > Settings > Control Panel > Network Connections.
    Click a connection.
    In the dialog, click Properties.
    Select Teefer2 Driver and click Uninstall.
    You will need to repeat these steps for each Network Connection.
    Restart the computer.


    Remove Symantec Endpoint Protection from the registry

    Click Start > Run.
    Type regedit and Click OK.
    In the Windows registry editor, in the left pane, delete the following keys if they are present. If one is not present, proceed to the next one.
    HKEY_CLASSES_ROOT\*\Shellex\ContextMenuHandlers\LDVPMenu
    HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection
    HKEY_LOCAL_MACHINE\SOFTWARE\Sygate Technologies, Inc.
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps, SAVCE value only
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection
    HKEY_LOCAL_MACHINE\SOFTWARE\Whole Security
    HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SevInst
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNAC
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnacNp
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSP
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec AntiVirus
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Teefer2
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wps
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpsHelper
    HKEY_LOCAL_MACHINE\SYSTEM\Symantec
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSvcHst
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SescLU
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus
    Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Select Uninstall.
    Select Edit
    Click Find.
    Type symantec
    Click Find Next.
    A value appears in the right pane that includes the word Symantec, in a key that is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
    If the key that is selected is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, delete the key (in the left pane), and then repeat the search.
    If the key that is selected is not in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, continue to the next step.
    Remove any values with "Symantec" in the path from the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
    Search for the following strings, and delete any registry keys that contain them:
    331D64B67B1D6024FAD99FA7FAAE8F3
    Vpshell2
    VpShellEx
    Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\.
    Under the following registry keys, delete the registry key 12AD9A2D657B7654F96A2EA43F3166B3:
    0E3118066B3FEE6C0AF18C3B9B1A1EE8
    2A31EAB9FA7E3C6D0AF18C3B9B1A1EE8
    6EC3DF47D8A2C9E00AF18C3B9B1A1EE8
    7ABFE44842C12B390AF18C3B9B1A1EE8
    C9AE13788D0B61F80AF18C3B9B1A1EE8
    DA42BC89BF25F5BD0AF18C3B9B1A1EE8



    Remove Symantec Endpoint Security files and folders

    Restart the computer into Safe Mode. To enter Safe Mode on Windows Vista and Windows 7, read the Microsoft article Start your computer in safe mode.
    In Safe Mode, log on as the Administrator account.
    Delete the following files and folders. If a file or folder is not present, proceed to the next one.
    C:\Program Files\Symantec\Symantec Endpoint Protection (Or the appropriate directory if you installed in a different one)
    C:\Program Files\Symantec\LiveUpdate (Or the appropriate directory if you installed in a different one)
    C:\Program Files\Symantec\ (Or the appropriate directory if you installed in a different one)
    C:\Program Files\Common Files\Symantec Shared
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
    C:\ProgramData\Symantec
    Delete the following driver files in C:\Windows\System32\drivers. In all cases delete the files with the extensions .sys, .cat, and .inf with the following prefixes:
    Coh_Mon
    SrtSp
    SrtSp64
    SrtSpl
    SrtSpl64
    SrtSpx
    SrtSpx64
    SymDns
    SymDns64
    SymEvent
    SymEvent64x86
    SymFw
    SymIds
    SymNdis
    SymNdisv
    SymRedir
    SymRedrv
    SymTdi
    SysPlant
    Teefer2
    Wgx
    WpsDrvnt
    WpsHelper
    Delete the following driver files in both C:\Windows\System32 and C:\Windows\SysWOW64:
    BugslayerUtil.dll
    Cba.dll
    FwsVpn.dll
    Loc32Vc0.dll
    MsgSys.dll
    Nts.dll
    Pds.dll
    SysFer.dll
    SymVPN.dll
    Go to C:\Windows\Installer\.
    For each file in C:\Windows\Installer, right-click the file and select Properties.
    On the Summary tab, check to see whether the file was created by Symantec. If it was, delete the file.
    Repeat steps 6-9 for every file in the folder.


    Remove the Teefer driver

    Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
    Type pnputil -e to list the Symantec drivers in the driver store.
    Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
    Type exit to close the command prompt.
    In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
    Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
    Delete any sub keys that have a name containing SYMC_TEEFER2MP.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
    Delete any sub keys that have a name containing SYMC_TEEFER2MP.
    Close the Windows Registry Editor.
    In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
    Delete any network adapters to which teefer was attached.
    This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
    Restart the computer into normal mode.
     
    Kalevalen, Jun 25, 2024
    #4
Thema:

Can anyone help me uninstall maliciously installed computer Administrator software ?

Loading...

  1. Can anyone help me uninstall maliciously installed computer Administrator software ? - Similar Threads - anyone help uninstall

  2. Can anyone help me

    in Windows 10 Software and Apps
    Can anyone help me: I have forgot my email for my pc account and someone has tried to get into it and it’s gone in to a security thing and I can’t get into my pc bc I can’t remember my email can anyone help me please...

  3. Can Anyone Help Me!?

    in Windows 10 Gaming
    Can Anyone Help Me!?: Hello to whom it hopefully concerns,I need help with my computer. I restarted it to handle an internet connection problem an hour ago and it rolled into an update without asking me. The update seemingly completed but since then my computer has not been working properly. It is...

  4. Can anyone help me uninstall maliciously installed computer Administrator software ?

    in Windows 10 Gaming
    Can anyone help me uninstall maliciously installed computer Administrator software ?: I recently bought a computer. Inset it up but then forgot the password. I have a Best Buy Plus Memebership so I had them factory reset the device. HOWEVER when I received it back I noticed that it now has at least 3nuser accounts on it and software for remote monitoring...

  5. Can anyone help me uninstall maliciously installed computer Administrator software ?

    in AntiVirus, Firewalls and System Security
    Can anyone help me uninstall maliciously installed computer Administrator software ?: I recently bought a computer. Inset it up but then forgot the password. I have a Best Buy Plus Memebership so I had them factory reset the device. HOWEVER when I received it back I noticed that it now has at least 3nuser accounts on it and software for remote monitoring...

  6. can anyone help me with this???

    in Windows 10 Gaming
    can anyone help me with this???: A few hours ago we got new fibre broadband installed, and everything is working, other than this computer, it browses the internet but that is all it can do, I tried launching epic games launcher, steam and the xbox game pass app. Unfortunately they dont seem to work, could...

  7. Can anyone help me?

    in Windows 10 Gaming
    Can anyone help me?: I downloaded the Windows 11 OS recently on my Acer i5 lap.. But after two days, my lap screen went black. Now I cant see anything from my lap. Also, the blue light comes and goes off from time to time. Can anyone help me to resolve this issue?...

  8. Can anyone help me?

    in Windows 10 Ask Insider
    Can anyone help me?: I tried to optimize my system for better gaming. And after all the operations, i hit the restart button. But its restarting. It keeps showing the Dell logo and restarts. It keeps showing following errors: Critical Service Failed. SESSION1 INITIALIZATION FAILED. REFMON...

  9. CAN ANYONE HELP ME??

    in AntiVirus, Firewalls and System Security
    CAN ANYONE HELP ME??: A window popped up on my screen asking me to check the box if I wanted my computer for private/home use or public use. The public box was already checked and I accidently hit enter, but I really wanted to check the private box. I have gone into my settings to try and change...

  10. Can ANYONE HELP ME??

    in Windows 10 Software and Apps
    Can ANYONE HELP ME??: LikE i i just want my reward?? Why did u ban me for just Using 5 points like why can't a ADMIN HELP ME??? https://answers.microsoft.com/en-us/windows/forum/all/can-anyone-help-me/f2570169-71bb-458f-8fc3-2dc161e6cb18