Kaseya Community

Searching through the registry and deleting specific keys

  • I'm trying to write a script to fully remove Symantec Antivirus. This is going to be part Kaseya scripting and part VBScript. Reading through the steps for manual uninstall, the beginning sounded rather easy to automate. Then I got to this step:

    Expand the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    This key contains many keys.

    Click each key, and look in the right pane for references to Symantec AntiVirus.
    If you see any references to Symantec AntiVirus in the right pane, then delete the entire key.


    So I am wondering if anyone knows of a way to automate reading through the values in a registry key to find if the value contains but is not necessarily equal to a keyword. If I could find such a way to search for values, and then automate deletion of the entire key, it would make my life a lot easier. Any ideas?

    Legacy Forum Name: Searching through the registry and deleting specific keys,
    Legacy Posted By Username: chipscc
  • Here is a VB script that searches the uninstall key and returns GUIDs to c:\temp\GUID.txt. I did not write this and I don't recall who the credit goes to. The const AppName can be adjusted for other purposes.

    On Error Resume Next

    '**********************************************************************
    const AppName = "Symantec"
    '**********************************************************************

    const HKEY_LOCAL_MACHINE = &H80000002

    Set WshShell = WScript.CreateObject("WScript.Shell")

    'First, find the GUID
    strComputer = "."
    Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&_
    strComputer & "\root\default:StdRegProv")
    strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
    objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

    For Each subkey In arrSubKeys
    InstalledAppName = ""
    InstalledAppName = WshShell.RegRead("HKLM\" & strKeyPath & "\" & subkey & "\DisplayName")

    If InStr(InstalledAppName, AppName) > 0 then
    RawGUID = ""
    GUID = ""
    RawGUID = WshShell.RegRead("HKLM\" & strKeyPath & "\" & subkey & "\UninstallString")
    GUID = Mid(RawGUID, instr(RawGUID, "{"), 38)
    If GUID<>"" then
    ' Found matching GUID,
    Const ForAppending = 8
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objTextFile = objFSO.OpenTextFile ("c:\temp\GUID.txt", ForAppending, True)
    objTextFile.WriteLine(GUID)
    objTextFile.Close

    End If
    End If
    Next


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: SMason
  • There is also a symantec removal tool

    http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    Quote from page

    The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: thirteentwenty
  • Thanks guys, I appreciate your help. SMason, so I'm assuming that I would put *Symantec* in between the two empty quotes if I'm looking for any string containing the word, but not necessarily equal to it?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: chipscc
  • I'm only just getting started at scripting. I have an IT background, heavily weighted in network technologies and system administration, so I am by no means an experienced programmer, but wouldn't this code just delete everything in the SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall registry key? I believe that would cause system instability. Wouldn't it?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: chipscc
  • Forget my last comment. I think I get it.

    const AppName = "Symantec"

    Big Smile Nice

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: chipscc
  • After the script generates, you can do a [Get Variable - File Content] on it. From there, you can run remove the package with MSInstaller like this:

       Execute Shell Command - (Continue on Fail)
    Parameter 1 : MsiExec.exe /x#yourVariable# /quiet
    Parameter 2 : 1
    OS Type : 0


    Or you can remove the key by itself with "reg delete"

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: SMason