Pages

Loading

Tuesday, October 11, 2011

Uninstall Shadow Defender without Knowing the Password


When buying her computer, my friend asked a program be installed to secure the computer from the changes that are not desirable, and by a technician from the store, my friend's computer is secured with Shadow Defender (SD). SD itself is a security program similar to DeepFreeze, Returnil etc., where if there is something that is not desirable and possible changes that could harm the system, simply by doing a restart, the situation will return to normal. SD do the security by creating a virtual environment called Shadow Mode to redirect all the changes to its virtual. For more information about this application, you can visit the website Shadow Defender.


After a while, it was known that the computer she uses infected by viruses. Maybe at the time of SD first installation, the technician did not scan the system properly. On systems that have been contaminated, the SD instead used as "protection" for the viruses and other malicious programs when they're about to be removed. So to eliminate the viruses, of course I first have to disable SD...unfortunately my friend forgot the password that is used and the technician who installed the SD was not able to be contacted.
To be able to overcome these problems, I immediately asked "Professor Google"...and I have some answers said that the SD can be uninstalled by first doing the Process Kill to the SD application, do a reboot and the SD would automatically be in non-active state after the rebooting, at this point the SD can be easily uninstalled through the common Add/Remove Program in Control Panel. But as I predicted earlier, this method did not succeed at all, after the Process Kill and reboot, the SD is always in active state.
After failing with the above method, I did a little change by trying to uninstall immediately after the Process Kill...but I failed again, because the system was still in Shadow Mode, and the SD gives a warning that I can not uninstall in such condition.


Then I thought to try to uninstall in safe mode condition. After the restart and entering the safe mode, I noticed that SD was not active...ok...I hope this is a good sign. Then I go into Control Panel and uninstall through Add/Remove Program...again...it goes well...to complete the uninstall process, I edit the registry with Regedit. From within the Regedit window, I enter the keyword shadow defender and delete every key that was found, I also remove the startup entry that leads to calling the SD in Msconfig. OK...let try to restart. Apparently it works and I can disable and uninstall SD. After the SD is no longer active in the system, I can do the cleaning on my friend's computer, and all returned to normal. Ok...that's my share on uninstalling SD without knowing the application's password...hopefully can be useful...regards

10 comments:

  1. Foi util sim, obrigado!

    ReplyDelete
  2. Tak cobo sikik. Nek raiso, tak gunduli rambutmu yo!

    ReplyDelete
  3. i cant put it on safemode.. :( is the shadow defender blocking the safe mode in my computer?

    ReplyDelete
    Replies
    1. Me too! I cannot show the selection menu on startup in order to boot safe mode. I even cannot enter BIOS any more! What a crappy software!

      Delete
    2. One hint for you: If you run the 30-days-trial version then you can change the system time to the future date when this software won't run any longer. At this point, restart your computer (it's not in virtual mode anymore) and uninstall this crappy software.

      Delete
  4. Well, thx very much Author, I was also trying to remove it when i forgot the password, will try safe mode.

    ReplyDelete
  5. It's because by default, the developer set this program to be inactive in windows safe mode, so you can easily change password or even remove this program from windows safe mode in case of forgetting password.

    But, you can do some kind of registry tweak to make shadow mode active both in normal windows and windows safe mode...

    Go to registry editor (WIN+R and then type regedit)

    Go to
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\diskpt

    If your system is windows XP or newer, change DWORD Control value from 10000001 to 10000011, or

    If your system is older, change it into 10000010.

    Now, let's rock! But remember, turn shadow mode off first before you change the registry value...

    Lets try to remove it in windows safe mode.....

    ReplyDelete
  6. Thanks! Very effective

    ReplyDelete
  7. Thanks for the always useful information. This is great information to help garage type SEO people like me.
    Shadow Defender 1.4.0.665

    ReplyDelete