1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Simple Software-Restriction Policy blocks AntiVirus, impossible to uninstall

Discussion in 'General Security' started by Palladia-Mors, Dec 22, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
    Many months ago I installed the Simple Software-Restriction Policy on my computer to improve my security, and for a while it worked OK except that I had to turn it off whenever I wanted to update my antivirus software. That has been annoying and a bit worrying but I put up with it.

    This is the program (it was recommended originally by somebody on this forum):
    http://iwrconsultancy.co.uk/softwarepolicy
    http://sourceforge.net/projects/softwarepolicy/

    Yesterday AVG found a trojan had infected part of the program. After removal of that, I decided to uninstall the software policy, but it is IMPOSSIBLE.
    The system tray icon that used to let me temporarily turn off the program (to install and uninstall things) is gone. Gone from the system tray, apparently gone from my machine. It is now impossible to install or uninstall any program, or to update my antivirus, at all, EVER. I cannot get rid of this horrible "security" abomination. The settings .ini file does not have any option for regaining the sytem tray icon. I tried moving the uninstaller into my Program Files, but it still won't uninstall. Windows Add or Remove Programs can't run the uninstaller.

    The MLSoftwarePolicyTrayApplet shortcut is in my startup folder, but softwarepolicy.exe which it points to is GONE. It's as though the program PERMANENTLY destroyed my computer's ability to install anything, and then deleted itself (or AVG deleted it) so it can NEVER be fixed. My computer is completely ruined.

    edit: I tried putting the uninstaller and its .dat file into Program Files while deleting the rest of the program from C:/Windows, it still won't uninstall.

    edit2: Can I restore the deleted stuff from AVG's Virus Vault, and then run the uninstaller in Safe Mode? Should I, or will that ruin my computer even more?

    PLEASE help me destroy this horrible monster!
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
    It's possible that AVG damaged the program by removing some of its components as malware which may or may not have been a false positive.

    It would be difficult to say without knowing what AVG detected and quarantined so please post the report that shows the name of the files.

    As for restoring the files from AVG that would have been an option but it seems you've further damaged the program by deleting things so that may not be possible.
     
  3. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
    I restored everything I deleted.

    AVG does not have a copy-paste ability on the virus report, how do I highlight/copy what it says to post it?

    Are you saying it's impossible to fix and I should give up my whole computer?
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
    No I didn't say that. Please provide the names of the files AVG detected and are they still in quarantine?
     
  5. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,574
    Hi,

    Below is a registry file which you can import to turn off Software Restriction Policy. Just copy and paste the quoted contents into a a file with extension .reg

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
    "DefaultLevel"=dword:00040000
    "TransparentEnabled"=dword:00000002
    "PolicyScope"=dword:00000000
    "ExecutableTypes"=hex(7):57,00,53,00,43,00,00,00,56,00,42,00,00,00,55,00,52,00,\
      4c,00,00,00,53,00,48,00,53,00,00,00,53,00,43,00,52,00,00,00,52,00,45,00,47,\
      00,00,00,50,00,49,00,46,00,00,00,50,00,43,00,44,00,00,00,4f,00,43,00,58,00,\
      00,00,4d,00,53,00,54,00,00,00,4d,00,53,00,50,00,00,00,4d,00,53,00,49,00,00,\
      00,4d,00,53,00,43,00,00,00,4d,00,44,00,45,00,00,00,4d,00,44,00,42,00,00,00,\
      49,00,53,00,50,00,00,00,49,00,4e,00,53,00,00,00,49,00,4e,00,46,00,00,00,48,\
      00,54,00,41,00,00,00,48,00,4c,00,50,00,00,00,45,00,58,00,45,00,00,00,43,00,\
      52,00,54,00,00,00,43,00,50,00,4c,00,00,00,43,00,4f,00,4d,00,00,00,43,00,4d,\
      00,44,00,00,00,43,00,48,00,4d,00,00,00,42,00,41,00,54,00,00,00,42,00,41,00,\
      53,00,00,00,41,00,44,00,50,00,00,00,41,00,44,00,45,00,00,00
    "AuthenticodeEnabled"=dword:00000000
    
     
  6. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
    Your registry fix won't work because the board software inserts spaces. When posting registry fixes to import you need to close up the gaps and then use code tags to retain the fix intact.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
  9. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,574
    Hi Cookiegal,

    I edited the message and used Code tags instead of Quote tags. Will it now work?
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
    It should be fine now. The other alternative is to upload them as a .txt file attachment in Notepad, for future reference.
     
  11. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
    I have 5 screenshots but can you please suggest where to upload them? I used to have an Imageshack account but they now charge $$$ to upload anything.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,912
    Please upload them in a reply here as attachments:

    http://library.techguy.org/wiki/TSG_Posting_a_Screenshot
     
  13. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,574
    Hi Paladia,

    Did you manage to disable SRP with the registry entries I provided?
     
  14. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
    Alright here are the screenshots. My scheduled scan is running now and found 2 more copies of it had spread to my System Restore so who knows how many more places. And it was in the installer so maybe the "security" program was a virus all along!

    Report 1 shows that I tried to tell AVG to quarantine the thing while it was, apparently, already doing that, so the 3 "failures" to quarantine are nothing.

    The rest in second post.
     

    Attached Files:

  15. Palladia-Mors

    Palladia-Mors Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    270
    Here are the rest (so far...)

    If this virus wasn't already part of the "security" program I installed, then I don't know when it came in... I don't install or download strange things. AVG resident shield caught it when I went to WikiHow to look up how to shell pumpkin seeds, and then Googled the local YMCA to find their phone #. I don't know how it could install itself when the software policy prevents all installations no matter what.


    Lunarlander -- I have decided to wait before using that because I'm afraid I'll mess up some more but THANK YOU very much for writing that script.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1139788

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice