Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 8891 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage reinstall fails with COM error

Awalsh

Hi,

I've been tasked with fixing a Puremessage install on a Windows Small Business 2008 Server, it appears that after a recent security breach an attacker managed to uninstall both the main Sophos Anti-Virus suite and the Puremessage software (basically by deleting their folders in C:\Program Files, or at least that is how it seems).

Reinstalling Sophos Anti-Virus worked perfectly first time and is now up and running again. When attempting to install Puremessage for Exchange on this server, shortly after the installation startup begins (during the InstallShield setup part) I receive the following message:

"Setup encountered an error while gathering system information. Error Details: rk.Open(0x80000002, SOFTWARE\Sophos\MMEx\ZEUS, KEY_READ), dwError=2"

Where ZEUS is the hostname of the server.

The uninstaller is not available in Add/Remove programmes and I cannot find the above registry key either (or even \SOFTWARE\Sophos).

Has anyone come across something like this before? I am trying to avoid reinstalling everything on this server after the security breach, where possible.

Thanks,

Andrew

:14721


This thread was automatically locked due to age.
  • 0

    Hello Andrew,

    I am trying to avoid reinstalling everything on this server after the security breach

    first of all, words like appears and how it seems suggest that the exact extent and intent (forgive the pun) of the attack are not known. It'd be strange if all that has been aimed for was the removal of SAV and PureMessage. I'd not try to fix a compromised installation without absolute understanding of the foregone events and their details. Very likely there will be some undetected changes whose side effects will surface rather sooner than later. So - I'd consider rebuilding the server from scratch.

    As for the registry error: this key is a "legacy" key from version 2.x and usually removed during an upgrade to 3.x. That the installer expects it to exist and refuses to continue indicates IMO that it got somehow confused (I have neither SBS 2008 nor PureMessage so this is just a guess - and I must admit that I'm also a little bit confused as to my knowledge SBS 2008 is 64bit and MMEx was 32 and thus the key can't exist anyway).

    Christian

    :14739
  • 0

    I have had this issue before, and when I called into technical support, they told me to remove these registry keys.

    HKEY_CLASSES_ROOT\Installer\Features\2A47A649E29DEC043B5C6C71E46C82D7

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Un-install\{946A74A2-D92E-40CE-B3C5-C6174EC6287D}
    HKCR\Installer\Products\2A47A649E29DEC043B5C6C71E46C82D7
    HKLM\Software\Classes\Products\2A47A649E29DEC043B5C6C71E46C82D

    It worked for me. Use at your own descretion and be sure to back up your reg keys before making any changes.

    :14945
Unfiltered HTML