How To Remove the LiveState Windows Agent

Article:TECH109212  |  Created: 2005-01-13  |  Updated: 2014-02-14  |  Article URL http://www.symantec.com/docs/TECH109212
Article Type
Technical Solution


Subject

Issue



This document describes how to remove the LiveState Windows Agent.


Solution



The preferred method of removing the LiveState Windows Agent is the Datool.exe utility is as follows:

To use Datool.exe to remove the Windows Agent
At a command prompt, go to go to the c:\_integra\bin folder and type the following command:

    datool.exe -x



The Datool.exe command can also be executed remotely.
To remove the agent remotely, use the datool with the syntax:

datool -rx COMPUTERNAME:USERNAME:PASSWORD

You must have administrative privileges on the client computer.



To remove the Windows Agent manually

  1. On the Windows taskbar, click Start > Run.
  2. In the Open box, type the following text:

    cmd
  3. At the command prompt, stop the Desktop Agent Service by typing the following command:

    net stop wcontrol
    Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes

  4. On the Windows taskbar, click Start > Run.
  5. In the Open box, type regedit and press Enter.
  6. Go to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\CSD\CONTROL\2.0
  7. In the right pane, if the GinaDLL value is set, record its value for step 14, and then press Delete.
  8. Click Yes to confirm the deletion.
  9. Navigate to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  10. In the right pane, select the following subkey (this key may not exist for all versions):

    SMEShellNotify="c:\_integra\bin\shstart.exe"
  11. Press Delete.
  12. Click Yes to confirm the deletion.
  13. Click the following registry key to select it:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  14. In the right pane, double-click GinaDLL.
  15. If GinaDLL was set in step 7, replace the value data with the recorded value.
    Otherwise, type the following text:

    msgina.dll

    and then click OK.
  16. Go to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  17. In the right pane, double-click UserInit.
  18. Remove the information after the comma in the Value data box, leaving only the "userinit.exe" path, and then click OK.
  19. Delete the following registry keys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WControl
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smedrv
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smefs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WControl
  20. Go to the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
  21. In the right-hand pane, click EventMessageFile and then press Delete.
  22. Click Yes to confirm the deletion. Note that this value may not exist on all versions of Windows.
  23. In the right pane, double-click Sources.
  24. Remove "Wcontrol" from the value data box, and then click OK.
  25. Go to the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}
  26. In the right pane, double-click UpperFilters.
  27. In the Value data field, remove the "smedrv" entry, and then click OK.
    • Note: Other classes might be present, but you should remove only smedrv.
  28. Exit the Registry Editor.
  29. Restart the computer.
  30. After the computer restarts, delete the "c:\_integra" folder.
  31. Delete the following files:

    %SYSTEMROOT%\system32\drivers\smedrv.sys
    %SYSTEMROOT%\system32\drivers\smefs.sys


The LiveState Windows Agent has now been removed from the computer.



Legacy ID



2005071314283560


Article URL http://www.symantec.com/docs/TECH109212


Terms of use for this information are found in Legal Notices