Monday, January 29, 2024

Uninstall Bitdefender with forgotten password remotely

Saw this on /r/bitdefender.

Especially if you are remotely administrating the PC, .

Create a folder on C Drive called "itfolder"

Download and ensure the latest BEST_REmoval_Tool.exe is in the folder.

Run the PS script. It will create a user and reboot into safe mode, then remove the password key entry from the registry, and then reboot again.

# Create Admin User

$adminUsername = "RunOnceAdmin"

$adminPassword = ConvertTo-SecureString -String "abcd123!@-CHANGEME" -AsPlainText -Force

$adminUser = New-LocalUser -Name $adminUsername -Password $adminPassword -AccountNeverExpires -UserMayNotChangePassword -Verbose

$AdminUSerAdminGRoup = Add-LocalGroupMember -Group Administrators -Member $adminUsername -Verbose

# Enable Auto Logon

$autoLogonUsername = "RunOnceAdmin"

$autoLogonPassword = "abcd123!@-CHANGEME"

$regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

$regValueName1 = "AutoAdminLogon"

$regValueName2 = "DefaultUserName"

$regValueName3 = "DefaultPassword"

Set-ItemProperty -Path $regPath -Name $regValueName1 -Value "1" -Verbose

Set-ItemProperty -Path $regPath -Name $regValueName2 -Value $autoLogonUsername -Verbose

Set-ItemProperty -Path $regPath -Name $regValueName3 -Value $autoLogonPassword -Verbose

# Output success message

Write-Host "Admin user '$adminUsername' has been created and auto logon enabled."

New-Item c:\itfolder\runoncescript.cmd -Force

$test=@"

REG add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Endpoint Security" /v Key /d "" /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f

bcdedit /deletevalue "{default}" safeboot

shutdown.exe /r /t 00

"@

Set-Content c:\itfolder\runoncescript.cmd -value $test

Set-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce" -Name '*RunOnceScript' -Value "c:\directit\runoncescript.cmd"

bcdedit /set "{current}" safeboot network

Start-Sleep -Seconds 10

shutdown.exe -r -t 0

Once it's come back online, run these two.

c:\itfolder\BEST_Uninstall_tool.exe /bdparams /bruteForce /noWait
net user RunOnceAdmin /delete

Job done!

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

DiskGenius and Hasleo Backup

DiskGenius is an all-in-one utility for disk partition management, OS migration and file recovery. https://www.diskgenius.com/ Hasleo offers...