Solved: Simple Software-Restriction Policy blocks AntiVirus, impossible to uninstall

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Palladia-Mors

Thread Starter
Joined
Apr 16, 2008
Messages
270
Many months ago I installed the Simple Software-Restriction Policy on my computer to improve my security, and for a while it worked OK except that I had to turn it off whenever I wanted to update my antivirus software. That has been annoying and a bit worrying but I put up with it.

This is the program (it was recommended originally by somebody on this forum):
http://iwrconsultancy.co.uk/softwarepolicy
http://sourceforge.net/projects/softwarepolicy/

Yesterday AVG found a trojan had infected part of the program. After removal of that, I decided to uninstall the software policy, but it is IMPOSSIBLE.
The system tray icon that used to let me temporarily turn off the program (to install and uninstall things) is gone. Gone from the system tray, apparently gone from my machine. It is now impossible to install or uninstall any program, or to update my antivirus, at all, EVER. I cannot get rid of this horrible "security" abomination. The settings .ini file does not have any option for regaining the sytem tray icon. I tried moving the uninstaller into my Program Files, but it still won't uninstall. Windows Add or Remove Programs can't run the uninstaller.

The MLSoftwarePolicyTrayApplet shortcut is in my startup folder, but softwarepolicy.exe which it points to is GONE. It's as though the program PERMANENTLY destroyed my computer's ability to install anything, and then deleted itself (or AVG deleted it) so it can NEVER be fixed. My computer is completely ruined.

edit: I tried putting the uninstaller and its .dat file into Program Files while deleting the rest of the program from C:/Windows, it still won't uninstall.

edit2: Can I restore the deleted stuff from AVG's Virus Vault, and then run the uninstaller in Safe Mode? Should I, or will that ruin my computer even more?

PLEASE help me destroy this horrible monster!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,106
It's possible that AVG damaged the program by removing some of its components as malware which may or may not have been a false positive.

It would be difficult to say without knowing what AVG detected and quarantined so please post the report that shows the name of the files.

As for restoring the files from AVG that would have been an option but it seems you've further damaged the program by deleting things so that may not be possible.
 

Palladia-Mors

Thread Starter
Joined
Apr 16, 2008
Messages
270
I restored everything I deleted.

AVG does not have a copy-paste ability on the virus report, how do I highlight/copy what it says to post it?

Are you saying it's impossible to fix and I should give up my whole computer?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,106
No I didn't say that. Please provide the names of the files AVG detected and are they still in quarantine?
 
Joined
Sep 21, 2007
Messages
12,462
Hi,

Below is a registry file which you can import to turn off Software Restriction Policy. Just copy and paste the quoted contents into a a file with extension .reg

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"DefaultLevel"=dword:00040000
"TransparentEnabled"=dword:00000002
"PolicyScope"=dword:00000000
"ExecutableTypes"=hex(7):57,00,53,00,43,00,00,00,56,00,42,00,00,00,55,00,52,00,\
  4c,00,00,00,53,00,48,00,53,00,00,00,53,00,43,00,52,00,00,00,52,00,45,00,47,\
  00,00,00,50,00,49,00,46,00,00,00,50,00,43,00,44,00,00,00,4f,00,43,00,58,00,\
  00,00,4d,00,53,00,54,00,00,00,4d,00,53,00,50,00,00,00,4d,00,53,00,49,00,00,\
  00,4d,00,53,00,43,00,00,00,4d,00,44,00,45,00,00,00,4d,00,44,00,42,00,00,00,\
  49,00,53,00,50,00,00,00,49,00,4e,00,53,00,00,00,49,00,4e,00,46,00,00,00,48,\
  00,54,00,41,00,00,00,48,00,4c,00,50,00,00,00,45,00,58,00,45,00,00,00,43,00,\
  52,00,54,00,00,00,43,00,50,00,4c,00,00,00,43,00,4f,00,4d,00,00,00,43,00,4d,\
  00,44,00,00,00,43,00,48,00,4d,00,00,00,42,00,41,00,54,00,00,00,42,00,41,00,\
  53,00,00,00,41,00,44,00,50,00,00,00,41,00,44,00,45,00,00,00
"AuthenticodeEnabled"=dword:00000000
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,106
Hi,

Below is a registry file which you can import to turn off Software Restriction Policy. Just copy and paste the quoted contents into a a file with extension .reg
Your registry fix won't work because the board software inserts spaces. When posting registry fixes to import you need to close up the gaps and then use code tags to retain the fix intact.
 
Joined
Sep 21, 2007
Messages
12,462
Hi Cookiegal,

I edited the message and used Code tags instead of Quote tags. Will it now work?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,106
Hi Cookiegal,

I edited the message and used Code tags instead of Quote tags. Will it now work?
It should be fine now. The other alternative is to upload them as a .txt file attachment in Notepad, for future reference.
 

Palladia-Mors

Thread Starter
Joined
Apr 16, 2008
Messages
270
I have 5 screenshots but can you please suggest where to upload them? I used to have an Imageshack account but they now charge $$$ to upload anything.
 

Palladia-Mors

Thread Starter
Joined
Apr 16, 2008
Messages
270
Alright here are the screenshots. My scheduled scan is running now and found 2 more copies of it had spread to my System Restore so who knows how many more places. And it was in the installer so maybe the "security" program was a virus all along!

Report 1 shows that I tried to tell AVG to quarantine the thing while it was, apparently, already doing that, so the 3 "failures" to quarantine are nothing.

The rest in second post.
 

Attachments

Palladia-Mors

Thread Starter
Joined
Apr 16, 2008
Messages
270
Here are the rest (so far...)

If this virus wasn't already part of the "security" program I installed, then I don't know when it came in... I don't install or download strange things. AVG resident shield caught it when I went to WikiHow to look up how to shell pumpkin seeds, and then Googled the local YMCA to find their phone #. I don't know how it could install itself when the software policy prevents all installations no matter what.


Lunarlander -- I have decided to wait before using that because I'm afraid I'll mess up some more but THANK YOU very much for writing that script.
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top