Helping people with computers... one answer at a time.

Used machines often bring with them issues like password-protected installations. Unfortunately, that's not the only thing that they might bring.

I purchased a used machine from a neighbor who had bought it from his workplace. He is no longer in the neighborhood, so I can't ask him about this. The program, Trend Micro, is the virus-scan program that was on the machine when I bought it. I'd prefer to use AVG but when I try to install AVG, it tells me that there's a conflict with another virus scanner and that I must delete that one before installing AVG. So, I went to Add/Remove programs and clicked on 'Remove'. It came up with a dialog box, requesting that I enter a password in order to uninstall the program. And that's where the problem lies. I don't have the password nor do I know how to get in touch with the guy who sold the machine to me. How in the world can I get rid of Trend Micro? I don't know if it's actually scanning my machine, if it's up to date, or how to use it. Any suggestions?

I do have a suggestion and I can tell you right now that you're not going to like it.

And because I know that there's a really good chance that you won't want to follow my suggestion, I'll throw out a few other ideas as well.

Reformat the Machine

This isn't about removing Trend Micro - they're reputable folk with a reasonable product.

"... a second-hand computer is like a box of chocolates: you never know what you're gonna get."

This is about your safety.

This is about what else is on the machine.

The problem is that when you get a second-hand computer, you don't know what else is on the machine.

For all you know, it's infested with malware (perhaps the Trend Micro's a fake).

For all you know, there's illegal content hidden in unexplored corners of the machine.

For all you know, your neighbor was a corporate or government spy and hidden on the machine are our nation's nuclear launch codes or the data to build some kind of bio-weapon.

OK, that last one might be a tad far-fetched in the details (I watch too many movies), but the fact is that you don't know what your former neighbor was keeping on his machine, or just how internet-savvy and safety-conscious he was.

To mangle Forrest Gump a little, a second-hand computer is like a box of chocolates: you never know what you're gonna get.

There's only one way to know what you have: erase the hard disk(s) completely (I recommend DBAN) and install the operating system and all applications from scratch.

I told you that you won't like it, but it's the only safe way to be sure.

Uninstall

As I said earlier, Trend Micro is a reasonable product and I'd even consider suggesting that you leave it on the machine.

If you had the password, that is.

So, the only option is to try to remove it.

As you've seen, the uninstall process is password-protected. That's actually not an unreasonable security measure, but it definitely gets in the way of your very legitimate needs.

Here's what I would try in the order that I would try it:

  • Revo Uninstaller. The first thing that it does is it attempts to run the uninstall that you've already attempted, but after that, it performs some more aggressive scans of your system and registry to try and remove leftovers. Because everything will be left over, it may have some success. It also wouldn't surprise me if you needed to try it more than once, with reboots in between.

  • In the Program Files folder (or Program Files (x86) folder), delete the Trend Micro folder or at least as much of its contents as you can. (If you're running Windows Vista or Windows 7, you'll need to do this by running as Administrator, not just logged in as an administrator.) I expect that many of the files will be in use, but perhaps on the next reboot, enough of these will be gone so as to cause a program failure and you can repeat this step. It may also be helpful to first right-click on My Computer, click on Manage, expand Services and Applications, click on Services and look for services related to Trend Micro. Then, you can right-click and stop any of them that you find.

  • Reboot using a Linux live CD (Ubuntu in the "try it out" mode will do) and delete the Trend Micro Program Files folder on your hard disk. This should work. You may need to clean up some auto-start settings after you reboot back into Windows. Perhaps Revo can clean this up and more for you.

As you can see, it gets kind of ugly. But it should be possible. (You might also check the comments below for additional reader suggestions - I may have overlooked some alternatives.)

And then, yes, as soon as this is gone, make sure that you scan the heck out of that machine with AVG, with anti-spyware tools, MalwareBytes and whatever else that you might want to use to raise your level of confidence that the machine is safe.

As you might guess, my level of confidence remains low.

Article C4756 - March 3, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
Alex
March 3, 2011 6:16 PM

Just reformat! Getting a used machine from a neighbor is more like getting a wife from a house of "ill repute"; you just have no idea what is going on inside. Your neighbor may have been going to some illegal p0rn sites. Wipe it out!!!! Start over. If he didn't give you the Windows recovery disk (should have, or there is a recovery sector), just go get Ubuntu, and go from there. It does almost everything Windows does, and is more like a Mac.

A
March 3, 2011 7:19 PM

change 'allow uninstall' key from 0 to 1 in HKEY_LOCAL_MACHINE \SOFTWARE\TrendMicro\misc (assuming 32bit windows)

Now it won't ask you for a password when you uninstall. Trend Micro has one of the worst detection rate compared to AVG, Symmantec, Security essentials or NOD32. I don't blame you for wanting to get rid of it.

Ken B
March 8, 2011 6:48 AM

One thing you might want to do before the wipe and reinstall (which I whole-heartedly agree with) is to run Belarc Advisor. It will give you a list of virtually all "legitimate" programs which are installed, along with their serial number and/or installation key. With this information, you may be able to legally reinstall these programs after the wipe. (Some programs may have been licensed to the company it previously belonged to.)

David Usher
March 8, 2011 8:46 AM

get Piriform CCleaner. Use uninstall!!!

realist
March 8, 2011 8:59 AM

First thing you should do with ANY PC (whether new or secondhand) is reformat the hard disc(s) and install the operating system and any applications yourself.

Rick S
March 8, 2011 10:38 AM

First thing I must tell you is I'm NOT an expert but I fix used computers and give them to kids and poor people for a hobby.

One trick I have used is rename it then windows will delete it. If it allows you to rename it should work.

Or download a small Linux operating system from Distrowatch. Linux Slax fits on a CD and it's live. Pop it into your disc drive and shut it down. Then start your computer it will boot from the disc then allow you to look around your hard drive. It will delete anything you want. Caution, If you don't know what it is don't delete it. There is a bonus here. If your computer craps out you can boot from the CD and go online. You can even boot and go online without a hard drive in your machine. You must have enough ram to hold Slax and it won't save anything running in that mode. Don't install it or that's going to be your new OS like it or not.

If windows drives you around the bend, Burn Linux Mint or Mepis to a disc or over a thousand others some work well others don't unless you are a geek. They are all free and you don't need Virus protection. Some don't have a firewall but you can get one from their repository.

No virus updates or anything, Just push start and use it. If you use dial up on a laptop you may have to get a USB external modem. If you are fooling around with used computers I assume money is in short supply that's why such a long comment. I like to help.

Bill Trail - President - Penny Systems, Inc. Macon, GA
March 8, 2011 12:35 PM

Leo has replied directly to me before and REALLY helped me when I was in a bind. Thank you again, Leo.

As to the question at hand, uninstalling an errant program... I agree that MOST pc's that change hands do not come with the original Windows operating system. So over the years I've developed a strategy for cleaning 2nd hand computers.

It's like peeling an onion. You really don't KNOW what comes next - but usually it's more onion. So consider the following list (or layers) of steps.

First, download all of the following FREE programs from their respective (safe) web sites:

1. RKill from BleepingComputer.com

2. ComboFix from BleepingComputer.com

3. MalwareBytes (dot com) - get the free one

4. SuperAntiSpyware (dot com) - get the free one

5. Revo Uninstaller (dot com) - get the free one by left clicking on the "Download" link near the top of the first page - scroll waaay down until you finally see the baby blue link to download the free version.

6. cCleaner (dot com) - get the free one and get it directly from Periform

7. Glary Utilities (dot com) - get the free one - it bounces you around in amoungst a couple of web sites so be careful - take your time - be certain you're only downloading GlaryUtilities and not something else.

8. Defraggler (dot com), another neat app, and be sure to also download it directly from the author's web site, Periform (same as cCleaner)

Now you have MY professional virus cleaner's tool kit. Now to actually put these to work:

1. Run Rkill. Wait for it. It'll eventually pop up a text log file (using either Wordpad or Notepad) to tell you what "running processes" it "killed" - in other words, it can STOP most hidden bad guys that may be running FROM running in the background and in secret.

Do NOT reboot.

Now (2nd) run ComboFix. It'll probably ask for permission to UPDATE itself - it's only good for 10 minutes after you download it from Bleeping Computer. It's your choice - but I like to disconnect the cable that goes to the Internet and use the one I downloaded 25 minutes ago.

So that's step 3... physically disconnect from your Internet connection and/or any local area network you may be connected to if you have more than one computer. If you're using WIRELESS then TURN OFF THE WIRELESS ROUTER. Just pull the power cable on that puppy so the virus can't jump right back ON as soon as you boot it OFF.

ComboFix sometimes takes a loooooong time to run (it'll go through 50 "stages") so please don't get impatient with it. Depending on what it finds it may very well need to reboot your computer - and I've seen it need to reboot two times and, once, it did it a third time. There are lots of folks who'll tell you to look out for ComboFix - and, yes, it is a little like bringing a battle ship to a fist fight... but MAN it works great for me here in my Macon, GA shop. I've only had it create a problem for me one time (once too many if it's you it happens to - I know)... but I had the original Windows CD in that case and was able to quickly recover. I've probably run ComboFix on 300 - maybe 350 pc's and laptops? And only one ended up refusing to reboot. Not bad. And the REST? Well, it's a Godsend as far as I'm concerned. I use it almost religiously EVERY DAY here in the shop... and it would be unfair not to state that it is easily part of the backbone of my computer virus removal business. And it's free. You'll also know it's finally finished once you see the text file (sort'a like Rkill) except it's always much longer and much more detailed. I delete this because I'm not capable of understanding it.

Okay. So let's assume there WERE viruses or malware discovered by Rkill or ComboFix. They're not "all" gone - not yet. They're CRIPPLED but not gone. Now you gotta use MalwareBytes and SuperAntiSpyware to finish them off.

So now install both MWB and SAS... but REMEMBER: These are FREE "on demand" anti-virus programs and they are NO BETTER than the LAST TIME YOU UPDATED THEM. Viruses have a VERY short half life - maybe a week to a month for most? They vanish - even BAD antivirus companies finally figure 'em out and prosecute them out of existance. (You never heard of anybody getting an old computer virus. Practically speaking, that's a complete oxymoron... there's no such thing as an old virus.) So UPDATE UPDATE UPDATE before you use MLB and SAS. They're absolutely fabulous tools but they're virtually worthless if you don't update them... Oh, and by the way, they each make free updates available to the public about six times EVERY DAY... because there are that many new viruses and threats and infections appearing around the world every day. So always UPDATE right before you actually scan.

I work on up to a dozen PC's/laptops at the time here in my shop and have absolutely no qualms about running MWB and SAS together at the same time - even though some will say not to do it. But I've never had a problem - many hundreds of computer virus cleaning jobs - not one problem. It does slow down a pc or laptop significantly but hey - I'm only one guy - I can't be sitting there like a mother hen with each seperate PC... I crank 'em all up, run these 8 or ten steps pretty much in unison on all of 'em, and BINGO... that's the end of most viruses and malware.

Couple other "tips and tricks".... Go into Internet Explorer, click on Tools > Internet Options > Connections tab. Then, in the lower right hand corner of this dialog box, click on the Lan Settings button. Get rid of any check marks on any of the 3 or 4 available boxes. Lots of viruses like to hijack your browser and force it to "run through" their site or server... that's how they do it. If those check marks are there, that means that they pretty much control every thing you do while you're on the Internet - they may even be watching you while you work.

So Rkill, ComboFix, MWB, SAS, and Leo and others have already mentioned using Revo Uninstaller to REALLY take out programs you don't want. But - be extremely careful. If you don't know what something is, leave it alone. Do your due diligence and research the item on Google & make sure you know what you're removing. You can EASILY cripple and ruin a computer by removing the wrong thing.

Last but not least I like to run Defraggler just to defragment all the hundreds of thousands of pieces of individual files. It actually can make a computer run more efficiently - which translates into "FASTER" for me and you. There's even a school of thought that says that a hard drive mechanism will survive longer if it isn't being constantly tossed around back and forth when it gets or puts information to the surface of the drive. Not so sure about that one - but it does sound good, doesn't it.

Bill Trail
President and CEO
Penny Computer Systems, Inc
Macon, GA
www.pennyfinance.com
BillTrail@Gmail.com

Wow. Thanks for that extensive write up. I might quibble with a detail or two, but if you absolutely can't reformat and reinstall this is a good process.
Leo
08-Mar-2011

Bill Trail - President - Penny Systems, Inc. Macon, GA
March 8, 2011 12:47 PM

oops - forgot about cCleaner and Glary Utilities. These have also been terrific tools for me here in my shop but Leo and others caution against these - for good reason. They change your valuable "registry" files.

But I've never had a problem with either one. I know how to go into both before I run 'em and set them on their highest most in-depth settings and let them run. They're sort'a like Upstairs and Downstairs maids.... one specializes in bedrooms upstairs and the other one knows all about cleaning up the kitchen and den.

I usually run them just before I run Defraggler - because they get rid of TONS of old garbage and I sure don't want to waste an extra hour of Defraggler time rearranging junk files.

Also, another trick, do all the homework necessary on your version of Windows to figure out 1) how to turn off System Restore 2) how to turn off Hybernation 3) how to delete or really minimize your Pagefile.sys. Do these steps AFTER running Rkill, ComboFix, MWB, and SAS. You certainly don't want restore points that might take you "back in time" to a time when the computer was still infected - not after all THIS... Now, run Defraggler. Once Defraggler is finished, turn those three things BACK on.... System Restore, Hybernation, and reset or allow Windows to default the Pagefile.sys for you.

Bill Trail in Macon, Georgia

Frank
March 8, 2011 1:10 PM

I just took Trend Micro Internet Pro off of 4 Pcs and went to AVG. The first thing I did was go to the controll panel add or remove programs. Removed Trend reboot pcs. Ran CClearner rebooted pcs. Then install AVG no problems. My Pc's had XP-Pro, Win7 Pro and XP Home. CCleaner does change the resgistry, but it has never failed me! I am Systems/Network Integrator. I install CCleaner & Malwarebytes on every pc I work on. If you do not know what you are doing DON'T mess with the Registry!

Bummper
March 8, 2011 2:40 PM

Download the Trend Micro Diagnostic Toolkit. Last Tab is: "Uninstall", Choose "Uninstall software". Reboot at the prompt. You're done.

http://esupport.trendmicro.com/1/How-do-I-remove-old-or-new-versions-of-Trend-Micro-products-in-my-comp.aspx

Lack of a password should not be a problem, but you can also resolve that here:

http://community.trendmicro.com/t5/Home-and-Home-Office-Forum/Password-How-to-reset-or-remove/td-p/8639

Cheers.

Dave
March 8, 2011 3:45 PM

I agree with 'Frank' about CCleaner, I do PC repair for a living and CCleaner has never failed me either (nor Malwarebytes for that matter)! You can use CCleaner's uninstall feature, it's much more efficient than Window's uninstaller. \

But I personally would follow Leo's suggestion first about reformatting your drive, or better yet buying a new one. Recently I was doing a 'data recovery' job for one of my regular customer's laptops. When doing recovery, you generally can't "see" photo's, files, etc. during the recovery process. You only see the file or photo's filename and if it's recoverable. It turned out when I was finished and we were reviewing everything I found that many were porn photos.

Not surprisingly, they weren't from him but from the previous owner! These just as easily could have been child porn or something else illegal. Always wipe (over-write) the drive as well if you are going to re-use one. CCleaner also has this feature.

And for anyone thinking of acuiring a used computer (or if you've had one stolen), I strongly suggest visiting Stolen Computer Registry @ www.stolencomputers.org.

Bruce Ogden
March 8, 2011 7:11 PM

Some time ago I wrote a tutorial on Vista Forums showing several ways to achieve a thorough uninstall (this also applies to Win 7) . Some applications, including many antivirus programs, can only be completely uninstalled by additionally using proprietary uninstall programs (i.e. McAfee and others have ancillary programs that remove remnants of the program after doing the routine Add/Remove uninstall).

Where the usual Add/Remove uninstall fails to completely uninstall a program and no proprietary ancillary uninstaller is available, a manual uninstall can be performed; the procedure for doing this is outlined in the tutorial.

My favorite uninstall application is Smarty Uninstaller by WinnerTweak Software. After running the usual uninstall process connected with the program you're trying to uninstall, Smarty UI digs deep into your file system and registry to remove all traces of the program. Smarty UI is free to try and inexpensive to buy considering the excellent job it does.

Unless the existing program is cleanly uninstalled and remnants and left-over debris is removed, updated programs or different programs that perform similar functions (i.e. antivirus programs) often cannot be installed properly.

http://www.vistax64.com/tutorials/87249-unable-install-latest-version-program-vista.html

Peter Nixon
March 9, 2011 10:44 AM

IF you decide to trust the machine, and that's a big if, you can disable it using msconfig - uncheck the boxes in "startup" and "services" - I've used this occasionally to run an alternative A/V without removing the first one.

Mark Magill
March 12, 2011 7:43 PM

Having spent the last couple decades or so repairing computers, I have to agree with the wipe-the-drive or replace it sentiment. After all, on a used system you never really know what all is on it, how old it is, and how close to failure its hard drive might be. As cheap as they are, a new hard drive brings a lot of peace of mind and is not a bad idea unless one just can not possibly afford one.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.