Weybridge Computer Services

WCS.Tony

Uninstalling ZEMANA

Uninstalling ZEMANA
WCS.Tony - Tue Sep 12, 2017 @ 12:35PM
Comments: 0

A few months ago I tried out ZEMANA ANTIMALWARE. When I had finished playing with it I uninstalled and forgot all about it. Today I was doing a defrag when I noticed a file called ZAM_Guard.krnl.trace and, when I looked in C:\Windows, ZAM.krnl.trace as well. I thought the ZAM bit looked familiar and when I looked online I realised that they belong to Zemana Antimalware.

I was a bit surprised as usually I uninstall using IOBit or Ashampoo uninstallers and they are ususally pretty good. Then I realise that both those files have TODAY's date, I quickly check my installed apps, and no Zemana. So I run good old AUTORUNS and search for Zemana, sure enough I find the files there and I un-tick them and reboot.

Once rebooted I went back and deleted both the files and much to my surprise they were immediately recreated. The files just contain log files so nothing dangerous there, but what is putting them back? Zemana must still be running on my PC, but nothing in Autoruns, services or Task Manager.

A quick search with the brilliant Search Everything finds two more file in C:\Windows\System32\drivers\zam64.sys and zamguard64.sys. When I try to delete them I get a warning to say they are in use - So RUNNING on my PC?

I searched the registry and found some entries there for Zemana, but please be VERY careful if you use REGEDIT.

Instead of that I used and old trick, go back to C:\Windows\System32\drivers and RENAME both zam files by adding .WCS to the end of each file name after the .SYS. I just use .WCS (notice the DOT . ) as it reminds me that I changed them on customer's PCs - Weybridge Computer Services. After renaming both files close down everything and reboot Windows 10.

Obviously the registry entries that are loading these programs try and load zam64,sys which is no longer there as it is now call zam64.sys.WCS (and the same for zamguard64). So they cannot be loaded and running. Sure enough I was now able to delete the trace files and the programs - Zemana Antimalware is FINALLY dead on my PC.

THANK YOU ZEMANA!


Comments: 0

Post a Comment




powered by Doodlekit™ Free Website Builder