206546-microsoft-security-essentials_originalWe have encountered a variety of systems where a virus infection has corrupted Microsoft Security Essentials in a way that makes it impossible to remove or reinstall using normal methods. Unlike most AV vendors, Microsoft has not released a ‘Removal Tool’ that will remove every trace of the anti-virus, so most people have had to try and use a variety of manual methods. We recently wrote about a handy script that was able to remove MSE in a number of cases, but the owner took it offline (along with the rest of his very useful reference site) and it was lacking a few additional keys.

Based on experiences with a few infected machines worked on recently, I’ve updated the scripts and also have a few hints that may help you get MSE uninstalled so you can reinstall it (or just know you got rid of it all):

Here are some tips to using these scripts:

  1. Backup your registry!!!
  2. Save the script and rename it with a .bat extension before executing in an Admin level console window
  3. I’ve had the best luck running the script in ‘Safe Mode – Command Prompt’
  4. I’ve found the Vista/Win7 is plagued by Access Denied errors, even in an Admin console window. The registry keys seem locked. Your milage may vary.
  5. Internet Explorer may not allow you to save the file – it is flagged as a virus (since it has code to disable/remove MSE). You may have to Select All and paste it into a text file in Notepad to get it on the computer.
  6. I’ve also noticed that some virus infections manage to get some of the directories related to MSE corrupted to where you simply cannot delete them, even with this script. takeown & icacls have no effect. So the reinstallation of MSE will still fail. In cases like this I’ve had to boot into System Rescue CD and use ntfs-3g to mount the windows partition and remove them.

I hope this helps some of you looking to recover from a virus infection!