removing Softex OmniPass

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by computer_idiot, Oct 7, 2005.

  1. computer_idiot

    computer_idiot Private E-2

    Off of my computer. Does anyone in here know how? I can't seem to get rid of it. It will not uninstall in add/remove programs. It keeps saying some files are corrupt. Of course I tried to contact them and no response at all. Thank-you ahead of time for your help.
     
    computer_idiot, Oct 7, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 7, 2005
    #2
  3. computer_idiot

    computer_idiot Private E-2

    It wasn't listed in the remove menu on that download.
     
    computer_idiot, Oct 7, 2005
    #3
  4. computer_idiot

    computer_idiot Private E-2

    Also why are some of my folders' writing in blue instead of black? Never noticed the blue until recently.
     
    computer_idiot, Oct 7, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixSOP.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixSOP.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

    If the above does not remove it from Add/Remove programs, run regedit and navigate to the below key and tell me how Softex OmniPass is worded (word for word with any spacing).

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
     
    chaslang, Oct 7, 2005
    #5
  6. computer_idiot

    computer_idiot Private E-2

    wouldn't let me import into registry. Did the second thing and it is not in the registry. But it is in add/remove programs as OmniPass. also 3 files in a softex folder with these names that won't delete:OPComm.dll OPFScure.dll OPShellE.dll
     
    computer_idiot, Oct 8, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If it is in Add/Remove programs, it must be in the registry.

    Download the Registry Search Tool from here:

    http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

    Unzip to your Desktop and double click on regsrch.vbs
    (if you have script protection, please allow this to run)

    In the dialog that opens enter the following:

    OmniPass

    Press 'OK'

    The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread.
     
    chaslang, Oct 8, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you the Administrator of this PC? And are you currently logged in with Administrator priviledges?

    When you tried to add that patch to the registry, exactly what happen and what was the exact error message?
     
    chaslang, Oct 8, 2005
    #8
  9. computer_idiot

    computer_idiot Private E-2

    Yes I am the administrator. When I opened this link up it says "Cannot import C:\Documents and Settings\ Owner\Desktop\fixSop.reg: The specified file is not a registry script. You can only import binary registery files from within the registry editor.
     
    computer_idiot, Oct 8, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like it was not saved properly. Take a look at the file using notepad or wordpad and verify is is exactly as I posted. Or try doing the whole procedure again. There is nothing wrong with it. In fact I just did all the steps I gave you and it added it in just fine. If you have the "Quote:" at the top, it will not work.

    What about what I asked in message # 7?
     
    chaslang, Oct 8, 2005
    #10
  11. computer_idiot

    computer_idiot Private E-2

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "OmniPass" 10/8/2005 9:06:37 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}]
    @="OmniPass Shell Extension"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}\InProcServer32]
    @="C:\\Program Files\\Softex\\OmniPass\\opshelle.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPFFile]
    @="OmniPass Encrypted File"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPFFile\DefaultIcon]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe,0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPFFile\shell\open\command]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe %1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPIFile]
    @="OmniPass Import-Export User File"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPIFile\DefaultIcon]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe,1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\scureapp.EXE]
    "Path"="C:\\Program Files\\Softex\\OmniPass"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\scureapp.EXE]
    @="C:\\Program Files\\Softex\\OmniPass\\scureapp.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"="OmniPass Shell Extension"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}]
    "DisplayName"="OmniPass"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OMNISERV\0000]
    "DeviceDesc"="Softex OmniPass Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\omniserv]
    "DisplayName"="Softex OmniPass Service"

    [HKEY_USERS\S-1-5-21-1118075512-4142523133-258119196-1003\AppEvents\Schemes\Apps\scureapp]
    @="OmniPass"

    [HKEY_USERS\S-1-5-21-1118075512-4142523133-258119196-1003\Software\Yahoo\Browser\Typed Urls]
    "url3"="http://www.omnipass.com/"
     
    computer_idiot, Oct 8, 2005
    #11
  12. computer_idiot

    computer_idiot Private E-2

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "Softex" 10/8/2005 9:10:28 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}\InProcServer32]
    @="C:\\Program Files\\Softex\\OmniPass\\opshelle.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPFFile\DefaultIcon]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe,0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPFFile\shell\open\command]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe %1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OPIFile\DefaultIcon]
    @="C:\\Program Files\\Softex\\OmniPass\\opshella.exe,1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\scureapp.EXE]
    "Path"="C:\\Program Files\\Softex\\OmniPass"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\scureapp.EXE]
    @="C:\\Program Files\\Softex\\OmniPass\\scureapp.EXE"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_OMNISERV\0000]
    "DeviceDesc"="Softex OmniPass Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\omniserv]
    "DisplayName"="Softex OmniPass Service"

    [HKEY_USERS\S-1-5-21-1118075512-4142523133-258119196-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PC Security and Backup\Softex]
     
    computer_idiot, Oct 8, 2005
    #12
  13. computer_idiot

    computer_idiot Private E-2

    Do I need to delete these entries in my registry?
     
    computer_idiot, Oct 8, 2005
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This really seems to still be completely installed and also note that this is not a malware issue.

    Who is the current and original owner of this PC? Software like this is typically password protected and you normally need to enter a password to uninstall and maybe even boot the PC.

    Who installed the software on this PC?
    Another alternative would be to reinstall, and then uninstall.

    Deleting these registry keys may or may not work? If you plan on doing that, you should first use a tool like below to make a backup of your registry.

    Erunt
     
    chaslang, Oct 8, 2005
    #14
  15. computer_idiot

    computer_idiot Private E-2

    Everytime I open up regedit it closes back up. It only stays open for a few seconds.
     
    computer_idiot, Oct 8, 2005
    #15
  16. computer_idiot

    computer_idiot Private E-2

    I am the owner of the pc I always have signed in as the owner never the administrator so really have no clue what that password would be to sign in as the administrator.............I am thinking my son maybe not realizing clicked to install this. I did try to reinstall and it came up with the same msg: "some files are corrupt........"
     
    computer_idiot, Oct 8, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! I had to ask! We have had many cases where someone is using a PC the bought from someone else or it used to belong to a company that they had worked for. And left over software like this can be a problem since you would not know the passwords.

    Try logging on as Administrator! The default admin password is nothing (I don't mean the word nothing, I mean that there is no password.) So just hit the enter key. If the admin account has a password, you better check with your son if he added one. After logging in as admin, try to uninstall. If you cannot, you may need to do registy edits, but back it up first.
     
    chaslang, Oct 8, 2005
    #17
  18. computer_idiot

    computer_idiot Private E-2

    I can't log in as the administrator................I must have set a password but can't remember it. And my regedit will not stay open? It stays open for 3 seconds and closes.............any ideas?
     
    computer_idiot, Oct 8, 2005
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Perhaps we need to check your system for malware problems first.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Oct 8, 2005
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also, if you know how to use regedit, navigate to the below registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

    And tell me if you see anything listed under it like DisableRegistryTools
    If so, what value is in the key.

    Now repeat and look under the below registry key:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
     
    chaslang, Oct 8, 2005
    #20
  21. computer_idiot

    computer_idiot Private E-2

    Yeah...................it's gone. Thank-you so much.
     
    computer_idiot, Oct 9, 2005
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    So was it that registry editing was disabled and that was your problem.
     
    chaslang, Oct 9, 2005
    #22

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds