Manually removing Sophos puremessage when it will not uninstall

Here are the steps:

1. Stop Internet Information Services:
Stop the Simple Mail Transfer Protocol (SMTP) service (this will prevent mail from being allowed through while PureMessage is offline)
Stop the Microsoft Exchange Information Store service
Stop the Microsoft Exchange MTA Stacks service

2. Stop and disable the PureMessage related services:
Sophos PureMessage
Sophos PureMessage Running Object Table (ROT)
Sophos PureMessage Scanner
Sophos PureMessage Web Agent

3a. Open command prompt and browse to C:\Program Files\Sophos\PureMessage\bin\ and unregister the PureMessage services with the following four commands:
mmrot.exe /unregserver
savexsrvc.exe /unregserver
mmrot2.exe /unregserver
pmscanner.exe /unregserver
savexwebagent.exe /unregserver

3b. If any of the services failed to be unregistered manual deletion of the following keys is required:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MMRot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PMScanner
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SavexSrvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SavexWebAgent

4. Delete the PureMessage folder. C:\Program Files\Sophos\PureMessage.
WARNING: To preserve the items that are currently quarantined: delete all files and folders beneath the PureMessage folder apart from C:\Program Files\Sophos\PureMessage\Quarantine. If an error occurs while attempting to delete any file/folder renaming it may be possible instead. NOTE: A reboot will be required to release the file/ folder and allow it to be deleted.

5. Open the registry editor and delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\MMEx
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\AutoUpdate\Products\{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D}

6. Drop the PureMessage related databases – the actual database files will be deleted too. Open a command prompt and enter the four commands below:
osql -E -S .\sophos -Q “drop database savexcnfg”
osql -E -S .\sophos -Q “drop database savexdir”
osql -E -S .\sophos -Q “drop database savexquar”
osql -E -S .\sophos -Q “drop database savexrprt”

7. Unregister the PureMessage event sinks:
Download the following utility from http://www.sophos.com/tools/PMWXTools/Support_Tools_PMEx_30.zipExtract the contents. The utility is within the following folder:-
\smtpdumper Click start, run, cmd, type the following (the location may differ depending on your machine configuration): c:\smtpdumper Under C:\smtpdumper, type each line below, followed by the enter key
cscript smtpreg.vbs /remove 1 OnArrival SavexTransport
cscript smtpreg.vbs /remove 1 OnPostCategorize SavexTransport
cscript smtpreg.vbs /remove 1 OnInboundCommand “SavexTransport HELO”
cscript smtpreg.vbs /remove 1 OnInboundCommand “SavexTransport EHLO”

8. Download, save and install the Microsoft Windows Installer CleanUp Utility:
http://download.softpedia.com/dl/94d28debdfeba9e621462ece10b9f7d4/4c919fbe/100018442/software/security/msicuu2.exe

9. open a command prompt and run below :
– cd “C:\Program Files\Windows Installer Clean Up\”
– msizap.exe tw {946A74A2-D92E-40CE-B3C5-C6174EC6287D}

10. Open the Internet Information Services (IIS) Manager. Locate the “Quarantine Digest” website. Right-click on it and select Delete.

11. Open C:\Windows\Tasks and delete any Sophos-PureMessage-* tasks.

There should be no traces of PureMessage now.

Leave a Reply