Uninstall ZoneAlarm software (firewall and others)
Solved/Closed
gillesmerrer
Posted messages
71
Status
Membre
-
bazfile Posted messages 58442 Registration date Status Modérateur Last intervention -
bazfile Posted messages 58442 Registration date Status Modérateur Last intervention -
Hello,
On Windows 10, I wanted to test the ZoneAlarm firewall.
The installation of the ZoneAlarm firewall came with other programs.
I uninstalled it using Revo Uninstaller, ran a scan after the uninstallation, and then restarted the computer, but the ZoneAlarm programs were still there, running, even though they had disappeared from the list of programs in Revo Uninstaller.
Unable to delete the folders containing the programs, I searched the internet for a solution, and then I contacted ZoneAlarm's customer support via chat:
https://support.zonealarm.com/hc/en
They provided me with a download link for a ZoneAlarm program called CLEAN.exe that uninstalls all ZoneAlarm programs, which is as follows:
https://download.zonealarm.com/bin/free/support/download/CLEAN.exe
After that, you need to restart the computer.
With these instructions, you should be able to resolve this situation more quickly and with less hassle.
Please let me know on this forum if my message helped you.
Configuration: Windows / Chrome 96.0.4664.45
On Windows 10, I wanted to test the ZoneAlarm firewall.
The installation of the ZoneAlarm firewall came with other programs.
I uninstalled it using Revo Uninstaller, ran a scan after the uninstallation, and then restarted the computer, but the ZoneAlarm programs were still there, running, even though they had disappeared from the list of programs in Revo Uninstaller.
Unable to delete the folders containing the programs, I searched the internet for a solution, and then I contacted ZoneAlarm's customer support via chat:
https://support.zonealarm.com/hc/en
They provided me with a download link for a ZoneAlarm program called CLEAN.exe that uninstalls all ZoneAlarm programs, which is as follows:
https://download.zonealarm.com/bin/free/support/download/CLEAN.exe
After that, you need to restart the computer.
With these instructions, you should be able to resolve this situation more quickly and with less hassle.
Please let me know on this forum if my message helped you.
Configuration: Windows / Chrome 96.0.4664.45
4 réponses
Hi,
I think it's more complicated than that.
I made the mistake once (In over 10 years of not using Zone Alarm)
I had used a bootable WinPE or Linux CD to delete the files.
Then I believe I used Autoruns to remove the invalid entries (Only from Zone Alarm afterwards)
Start by trying to identify the services and drivers with Autoruns to delete the right files with a Linux Live CD.
I think it's more complicated than that.
I made the mistake once (In over 10 years of not using Zone Alarm)
I had used a bootable WinPE or Linux CD to delete the files.
Then I believe I used Autoruns to remove the invalid entries (Only from Zone Alarm afterwards)
Start by trying to identify the services and drivers with Autoruns to delete the right files with a Linux Live CD.
Following this procedure, the entire folder C:\Program Files (x86)\CheckPoint remains, and the ZAAR Update Service continues to function. It is located in C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla.
After stopping the ZAAR Update Service, when I try to delete C:\Program Files (x86)\CheckPoint, I get the message "You must have administrator rights to delete this folder."
Then I get the message "This action cannot be performed because the folder or one of the files is open in another program."
ZoneAlarm support wrote me the following procedure (I would have preferred it in French):
Veuillez suivre les étapes ci-dessous.
1. Appuyez sur la touche Windows + R pour ouvrir la commande exécuter.
2. Tapez msconfig dans la boîte Ouvrir puis sélectionnez OK.
3. Sélectionnez l'onglet Démarrer.
4. Sous Options de démarrage, cochez la case Démarrage sécurisé et sélectionnez Réseau.
5. Cliquez sur Appliquer et cliquez sur OK. Windows vous dira de redémarrer l'ordinateur en mode sans échec.
6. Allez dans le disque C: Program files (x86) et supprimez manuellement le dossier Checkpoint. N'oubliez pas d'exécuter l'outil de nettoyage après avoir supprimé le dossier.
7. Une fois terminé, redémarrez votre machine en mode normal. Appuyez sur la touche Windows + R.
8. Tapez msconfig dans la boîte Ouvrir puis sélectionnez OK.
9. Sous l'onglet Général, cliquez sur le bouton radio pour un démarrage normal.
10. Cliquez sur Appliquer et cliquez sur OK. Windows vous dira de redémarrer l'ordinateur en mode normal.
After stopping the ZAAR Update Service, when I try to delete C:\Program Files (x86)\CheckPoint, I get the message "You must have administrator rights to delete this folder."
Then I get the message "This action cannot be performed because the folder or one of the files is open in another program."
ZoneAlarm support wrote me the following procedure (I would have preferred it in French):
Veuillez suivre les étapes ci-dessous.
1. Appuyez sur la touche Windows + R pour ouvrir la commande exécuter.
2. Tapez msconfig dans la boîte Ouvrir puis sélectionnez OK.
3. Sélectionnez l'onglet Démarrer.
4. Sous Options de démarrage, cochez la case Démarrage sécurisé et sélectionnez Réseau.
5. Cliquez sur Appliquer et cliquez sur OK. Windows vous dira de redémarrer l'ordinateur en mode sans échec.
6. Allez dans le disque C: Program files (x86) et supprimez manuellement le dossier Checkpoint. N'oubliez pas d'exécuter l'outil de nettoyage après avoir supprimé le dossier.
7. Une fois terminé, redémarrez votre machine en mode normal. Appuyez sur la touche Windows + R.
8. Tapez msconfig dans la boîte Ouvrir puis sélectionnez OK.
9. Sous l'onglet Général, cliquez sur le bouton radio pour un démarrage normal.
10. Cliquez sur Appliquer et cliquez sur OK. Windows vous dira de redémarrer l'ordinateur en mode normal.
Hello,
Download FRST once downloaded save it on the desktop then right-click on FRST and choose Run as administrator you will see this:
Click on Scan
At the end of the scan, you will have two text files on the desktop FRST and Addition, .
Then send the FRST and ADDITION reports to CJOINT see THIS TUTORIAL then provide the two links generated by Cjoint in your response.
--
bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.
Download FRST once downloaded save it on the desktop then right-click on FRST and choose Run as administrator you will see this:
Click on Scan
Please wait for the messages indicating that the scan is complete
At the end of the scan, you will have two text files on the desktop FRST and Addition, .
Then send the FRST and ADDITION reports to CJOINT see THIS TUTORIAL then provide the two links generated by Cjoint in your response.
--
bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.
Thank you for your help.
The links are:
https://www.cjoint.com/c/KLjoXKy5t8N
https://www.cjoint.com/c/KLjoYcDLGJN
The links are:
https://www.cjoint.com/c/KLjoXKy5t8N
https://www.cjoint.com/c/KLjoYcDLGJN
Hello,
It's the anti-ransomware module from ZoneAlarm that's giving you trouble.
Procedure to follow in the order indicated:
1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script from the box below:
3- Once the script is copied click on Fix, FRST will automatically take the script from the clipboard.
Let the correction happen, once it's done you will be asked to restart your PC, do it as soon as you are prompted, see below.
Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.
It's the anti-ransomware module from ZoneAlarm that's giving you trouble.
Procedure to follow in the order indicated:
1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script from the box below:
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Google: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (File not found)
Edge Extension: (No name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKLM-x32\...\Chrome\Extension: [nofdpbenickbjghcdhapegiimmdinblo]
HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (File not found)
Task: {3209A73A-BF81-4736-8E8D-524D6DE1A696} - no file path
Task: {AB7096AC-860C-4D4C-B8BC-5FD30873E401} - no file path
S2 CPEFR; "C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe" [X]
S2 CpSbaCipolla; "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe" [X]
S2 CpSbaUpdater; "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe" [X]
S2 RemediationService; "C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe" [X]
S2 TESvc; "C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe" -s [X]
S2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [X]
C:\Program Files (x86)\CheckPoint
FW: ZoneAlarm Free Firewall Firewall (Enabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
C:\Users\Gilles MERRER\AppData\Local\Comodo
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> File not found
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> File not found
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> File not found
ContextMenuHandlers1: [PDFArchitect7_ManagerExt] -> {21989F59-B260-4302-90C3-E51740E03639} => -> File not found
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> File not found
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> File not found
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> File not found
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> File not found
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> File not found
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> File not found
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> File not found
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> File not found
ContextMenuHandlers1_S-1-5-21-1237909571-2784893155-2258675119-1001: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => -> File not found
ContextMenuHandlers4_S-1-5-21-1237909571-2784893155-2258675119-1001: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => -> File not found
ContextMenuHandlers5_S-1-5-21-1237909571-2784893155-2258675119-1001: [qingshellext] -> {67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => -> File not found
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:C31F31E6 [244]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [105]
BHO: No name -> {2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0} -> File not found
Toolbar: HKLM - No name - {61E612A7-2382-4570-8D3F-42BC136DDAD7} - File not found
FirewallRules: [{57E1E255-3662-4DED-9387-639ADBF754AD}] => (Allow) C:\Users\Gilles MERRER\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe => File not found
FirewallRules: [{41CBC66A-151E-44CC-9163-8D6492664C77}] => (Allow) C:\Users\Gilles MERRER\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe => File not found
FirewallRules: [{6F8321B0-BC07-4807-A886-D626A8D9B520}] => (Allow) C:\Users\Gilles MERRER\AppData\Roaming\DRPSu\Alice\cloud.exe => File not found
FirewallRules: [{C81F006A-29CF-4162-A159-B39278DE0B33}] => (Allow) C:\Users\Gilles MERRER\AppData\Local\Programs\Opera\62.0.3331.66\opera.exe => File not found
FirewallRules: [{E99EA177-E038-48B0-ACD2-BA8E385D4798}] => (Allow) C:\Users\Gilles MERRER\AppData\Local\Temp\DriverPack-20190726183820\tools\aria2c.exe => File not found
FirewallRules: [TCP Query User{7A50463B-86F9-4C00-992D-D9708A15162D}C:\users\gilles merrer\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\gilles merrer\appdata\local\programs\opera\75.0.3969.243\opera.exe => File not found
FirewallRules: [UDP Query User{D22EEF25-023B-4A98-A864-70C622FDA30F}C:\users\gilles merrer\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\gilles merrer\appdata\local\programs\opera\75.0.3969.243\opera.exe => File not found
FirewallRules: [TCP Query User{F72A2CF7-96CF-4518-AE44-0CF2388C84C2}C:\users\gilles merrer\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Allow) C:\users\gilles merrer\appdata\local\programs\opera\76.0.4017.107\opera.exe => File not found
FirewallRules: [UDP Query User{99FA05CD-75E0-4DF0-83DA-B87D0C4906D9}C:\users\gilles merrer\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Allow) C:\users\gilles merrer\appdata\local\programs\opera\76.0.4017.107\opera.exe => File not found
EmptyTemp:
End::
3- Once the script is copied click on Fix, FRST will automatically take the script from the clipboard.
Let the correction happen, once it's done you will be asked to restart your PC, do it as soon as you are prompted, see below.
Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.
5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
FOR INFORMATION:
Your version of Windows 10 is not up to date, to check this go to this page click on Update now, this will start the download of the Microsoft tool, you just need to open it and it will allow you to update Windows 10 to the latest version and will tell you if it's compatible with your PC, be careful this update takes some time, if you have a laptop plug it into the power supply, as it would be a shame to run out of battery before the update is finished.
ZoneAlarm sent me the following message to resolve the issue, but since it has already been resolved thanks to the exchanges in this forum, I did not test the proposed solution:
Veuillez installer la dernière version du pare-feu gratuit. Cela vient avec un programme de désinstallation mis à jour.
- https://download.zonealarm.com/bin/free/1001_za/zaSetupWeb_158_181_18901.exe
Lorsque vous avez installé le pare-feu gratuit, redémarrez le PC, puis désinstallez-le en utilisant Revo Uninstaller :
1. Installez Revo Uninstaller sur votre PC : https://www.revouninstaller.com/start-freeware-download/
2. Ouvrez Revo Uninstaller, recherchez ZoneAlarm et cliquez sur désinstaller.
3. Une fenêtre de désinstallation s'affichera pour supprimer ZA. Après que ZA a été supprimé, retournez à Revo et cliquez sur Avancé.
4. Cliquez sur Scanner.
5. Sélectionnez tous les fichiers résiduels trouvés et cliquez sur Supprimer. Cliquez sur Oui lorsque vous y êtes invité.
6. Cliquez sur Suivant et supprimez tous les fichiers et dossiers résiduels.
7. Cliquez sur Terminer et redémarrez votre ordinateur.
8. Après le redémarrage, exécutez l'outil de nettoyage et assurez-vous que la barre de progression atteigne 100 %.
Si vous avez besoin d'aide immédiate, veuillez discuter en direct avec nous sur https://support.zonealarm.com
Veuillez installer la dernière version du pare-feu gratuit. Cela vient avec un programme de désinstallation mis à jour.
- https://download.zonealarm.com/bin/free/1001_za/zaSetupWeb_158_181_18901.exe
Lorsque vous avez installé le pare-feu gratuit, redémarrez le PC, puis désinstallez-le en utilisant Revo Uninstaller :
1. Installez Revo Uninstaller sur votre PC : https://www.revouninstaller.com/start-freeware-download/
2. Ouvrez Revo Uninstaller, recherchez ZoneAlarm et cliquez sur désinstaller.
3. Une fenêtre de désinstallation s'affichera pour supprimer ZA. Après que ZA a été supprimé, retournez à Revo et cliquez sur Avancé.
4. Cliquez sur Scanner.
5. Sélectionnez tous les fichiers résiduels trouvés et cliquez sur Supprimer. Cliquez sur Oui lorsque vous y êtes invité.
6. Cliquez sur Suivant et supprimez tous les fichiers et dossiers résiduels.
7. Cliquez sur Terminer et redémarrez votre ordinateur.
8. Après le redémarrage, exécutez l'outil de nettoyage et assurez-vous que la barre de progression atteigne 100 %.
Si vous avez besoin d'aide immédiate, veuillez discuter en direct avec nous sur https://support.zonealarm.com