- Jan 14, 2015
- 1,761
I don't know how many of former COMODO users are affected but across my 4 different VM setups, after installing COMODO and uninstalling (variations between CIS, CF only etc), despite using the COMODO removal tool and 2 reboots later, I noticed that Event Viewer had a COMODO Entry.
Now to remove that you would think: I just go into %SystemRoot%\System32\Winevt\Logs\ take ownership and delete the COMODO file.
This sadly will not work since it will tell you the file is opened on Event Viewer and even if you use an unlocking software to unlock the folder/file, it will not work.
Here is how you should do it:
Launch Registry Editor and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\LogToDelete
Delete the COMODO Entry
Launch MSCONFIG and set to boot on Safe Mode
Reboot
Once in Safe Mode, %SystemRoot%\System32\Winevt\Logs\ (in my example its C:\Windows\System32\winevt\Logs) and then delete the COMODO files.
Once done, launch MSCONFIG again and untick the option to boot into Safe Mode
Process complete.
If you have installed COMODO in the past and no longer use it, check if you have such entry in Event Viewer and if so, the above guide will help remove such entry.
Same process works for other entries of specific softwares previously installed, such as TECHSMITH Snagit
PS: I also tested removing COMODO with several uninstaller software and truth to be told HiBit Uninstaller removed the most remnants of COMODO but none removed Event Viewer entry.
Now to remove that you would think: I just go into %SystemRoot%\System32\Winevt\Logs\ take ownership and delete the COMODO file.
This sadly will not work since it will tell you the file is opened on Event Viewer and even if you use an unlocking software to unlock the folder/file, it will not work.
Here is how you should do it:
Launch Registry Editor and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\LogToDelete
Delete the COMODO Entry
Launch MSCONFIG and set to boot on Safe Mode
Reboot
Once in Safe Mode, %SystemRoot%\System32\Winevt\Logs\ (in my example its C:\Windows\System32\winevt\Logs) and then delete the COMODO files.
Once done, launch MSCONFIG again and untick the option to boot into Safe Mode
Process complete.
If you have installed COMODO in the past and no longer use it, check if you have such entry in Event Viewer and if so, the above guide will help remove such entry.
Same process works for other entries of specific softwares previously installed, such as TECHSMITH Snagit
PS: I also tested removing COMODO with several uninstaller software and truth to be told HiBit Uninstaller removed the most remnants of COMODO but none removed Event Viewer entry.