Anti-Virus Annulment

Spear those dead, useless registry keys and values with Reg.exe after a Norton Antivirus failure.

Bill: Occasionally, Norton Antivirus will get corrupted and we have to uninstall it. It usually fails to uninstall, so we have to spend 30-40 minutes (per computer) running through the registry searching and deleting entries, per Symantec Doc ID 2002081213583048.

Can we script this procedure somehow? If so, how hard would it be?

Mike: The Symantec document you refer to specifies the Registry keys that must be deleted to remove the Norton Antivirus entries. Armed with this detailed information, automating the changes is not too difficult.

In the Windows 2000 Support Tools is a command-line utility, Reg.exe, that simplifies adding, changing, or removing keys and values from the Registry of a local or remote machine as long as you have sufficient admin privileges. (Windows XP and Windows Server 2003 include Reg.exe in the standard OS installation.)

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

The syntax for using Reg to remove one of the keys in the Symantec document is:

reg delete hklm\System\

The /f switch forces the deletion to proceed without a yes/no prompt; all subkeys and values are deleted as well.

If you want to perform this operation across the network, all you need to do is preface the key name with the UNC name of the desktop:

reg delete \\xp-pro1\hklm\
Services\NAVENG /f

You can create a batch file with a series of Reg commands to clean out all the Registry entries in the Symantec document. Replace the computer name with a %1 placeholder in each Reg entry so you can specify the target machine on the command line of the batch file:

reg delete \\%1\hklm\System\CurrentControlSet\Services\

If you're not fortunate enough to have a document that lists the Registry entries, you can use a tool call Regmon from Sysinternal ( to identify the Registry entries added during installation and initial configuration. Using Regmon effectively takes a little practice; it gives you more information than you need unless you set the filters correctly.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.