Spear those dead, useless registry keys and values with Reg.exe after a Norton Antivirus failure.
- By Bill Boswell
Occasionally, Norton Antivirus will get
corrupted and we have to uninstall it. It usually fails to uninstall,
so we have to spend 30-40 minutes (per computer) running through the registry
searching and deleting entries, per Symantec
Doc ID 2002081213583048
Can we script this procedure somehow? If so, how hard would it be?
Mike: The Symantec document you refer to specifies the
Registry keys that must be deleted to remove the Norton Antivirus entries.
Armed with this detailed information, automating the changes is not too
In the Windows 2000 Support Tools is a command-line utility, Reg.exe,
that simplifies adding, changing, or removing keys and values from the
Registry of a local or remote machine as long as you have sufficient admin
privileges. (Windows XP and Windows Server 2003 include Reg.exe in the
standard OS installation.)
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:email@example.com;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
The syntax for using Reg to remove one of the keys in the Symantec document
reg delete hklm\System\
The /f switch forces the deletion to proceed without a yes/no prompt;
all subkeys and values are deleted as well.
If you want to perform this operation across the network, all you need
to do is preface the key name with the UNC name of the desktop:
reg delete \\xp-pro1\hklm\
You can create a batch file with a series of Reg commands to clean out
all the Registry entries in the Symantec document. Replace the computer
name with a %1 placeholder in each Reg entry so you can specify the target
machine on the command line of the batch file:
reg delete \\%1\hklm\System\CurrentControlSet\Services\
If you're not fortunate enough to have a document that lists the Registry
entries, you can use a tool call Regmon from Sysinternal (http://www.sysinternals.com)
to identify the Registry entries added during installation and initial
configuration. Using Regmon effectively takes a little practice; it gives
you more information than you need unless you set the filters correctly.
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.