Soulbound

Moderator
Verified
Content Creator
Staff member
I don't know how many of former COMODO users are affected but across my 4 different VM setups, after installing COMODO and uninstalling (variations between CIS, CF only etc), despite using the COMODO removal tool and 2 reboots later, I noticed that Event Viewer had a COMODO Entry.


Now to remove that you would think: I just go into %SystemRoot%\System32\Winevt\Logs\ take ownership and delete the COMODO file.

This sadly will not work since it will tell you the file is opened on Event Viewer and even if you use an unlocking software to unlock the folder/file, it will not work.


Here is how you should do it:

Launch Registry Editor and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\LogToDelete

Delete the COMODO Entry

Launch MSCONFIG and set to boot on Safe Mode

Reboot

Once in Safe Mode, %SystemRoot%\System32\Winevt\Logs\ (in my example its C:\Windows\System32\winevt\Logs) and then delete the COMODO files.

Once done, launch MSCONFIG again and untick the option to boot into Safe Mode



Process complete.

If you have installed COMODO in the past and no longer use it, check if you have such entry in Event Viewer and if so, the above guide will help remove such entry.
Same process works for other entries of specific softwares previously installed, such as TECHSMITH Snagit


PS: I also tested removing COMODO with several uninstaller software and truth to be told HiBit Uninstaller removed the most remnants of COMODO but none removed Event Viewer entry.
 

show-Zi

Level 25
Verified
I also had a hard time. When everything went well, there was a feeling of exhilaration and accomplishment.
The registry seems like the birthplace of zombies.
 

Soulbound

Moderator
Verified
Content Creator
Staff member
I also had a hard time. When everything went well, there was a feeling of exhilaration and accomplishment.
The registry seems like the birthplace of zombies.
Yep those were the two entries I had. Doing the steps I outlined removed it completely and there is no traces left of comodo.
 
Top