Created
July 17, 2022 22:56
-
-
Save robbybarnes/f951436fb428f7284c94fe414484b94e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
: ' | |
###################################################### | |
Malwarebytes Uninstall Reinstall Tool for Mac | |
Clean utility for removing all Malwarebytes application software and files. | |
This script will remove all components of Malwarebytes and prompt to reinstall latest consumer version | |
created on 2019-June-11 by Aditya | |
updated on 2021-March-15 by Aditya | |
Copyright (c) 2021 Malwarebytes | |
https://support.malwarebytes.com | |
All rights reserved. | |
################################################# | |
' | |
set +e | |
#set -x | |
exec > ~/Documents/mwb_re-install_log.txt 2>&1 | |
runninglogUser=`logname` | |
runningUser=$(stat -f "%Su" /dev/console) | |
echo "==========================================" | |
echo " Malwarebytes Re-install Tool for Mac" | |
echo " Run from MB-Mac-uninstall-reinstall tool" | |
echo "------------------------------------------" | |
echo "script updated on 2021-March-15 by Aditya" | |
echo "" | |
echo "$(date +"Report created on %A, %B %d, %Y at %r %Z")" | |
echo "$(date -u +"%Y-%m-%d %r %Z")" | |
echo "" | |
macosver=$(sw_vers -productVersion) | |
echo "MacOS Version is : $macosver" | |
#MacOSVersion=$(sw_vers -productVersion | cut -d '.' -f 2) | |
kernel_ver=$(uname -r | cut -d '.' -f 1) | |
MacOSVersion=$((${kernel_ver} - 4 )) | |
echo "" | |
echo "runningUser > $runningUser" | |
echo "runninglogUser > $runninglogUser" | |
echo "" | |
if groups $(id -u "$runningUser") | grep -q -w admin; | |
then | |
echo "Running tool from user:> ("$runningUser") with UID: $(id -u "$runningUser") is admin: Yes" | |
else | |
echo "Running tool from user:> "$runningUser" with UID: $(id -u "$runningUser") is admin: No" | |
echo "" | |
fi | |
echo "" | |
echo "Users Logged: `w` " | |
echo "" | |
echo "===================================" | |
## ---------------------------------------- | |
## Variables | |
## ---------------------------------------- | |
MB_PRODUCT_IDENTIFIER="mbam" | |
MB_PRODUCT_IDENTIFIER__UPPERCASE="MBAM" | |
MB_PRODUCT_DOMAIN="com.malwarebytes.${MB_PRODUCT_IDENTIFIER}" | |
MB_PRODUCT_DOMAIN_SHORT="MB_${MB_PRODUCT_IDENTIFIER__UPPERCASE}" | |
APP_SRC="/Applications/Malwarebytes.app" | |
APP_SUPPORT_DIR="/Library/Application Support/Malwarebytes" | |
APP_SUPPORT_PRODUCT_DIR="${APP_SUPPORT_DIR}/${MB_PRODUCT_IDENTIFIER__UPPERCASE}" | |
APP_SRC_V1="/Applications/Malwarebytes Anti-Malware.app/" | |
APP_SRC_PH_V1="/Library/PrivilegedHelperTools/com.malwarebytes.HelperTool" | |
APP_SRC_PH_V1_OLD="/Library/PrivilegedHelperTools/com.malwarebytes.MBAMHelperTool" | |
# File name of our main UI application. | |
# Note that it has 'Malwarebytes' alias (shown in the Activity Monitor). | |
FRONTEND_APPLICATION_NAME="FrontendApplication" | |
FRONTEND_APPLICATION_ALIAS="Malwarebytes" | |
FRONTEND_LAUNCHER_NAME="Malwarebytes" | |
FRONTEND_LAUNCHER_ALIAS="${FRONTEND_LAUNCHER_NAME}" | |
#FRONTEND_APPLICATION_NAME_V1="FrontendApplication" | |
FRONTEND_APPLICATION_ALIAS_V1="Malwarebytes Anti-Malware" | |
FRONTEND_LAUNCHER_NAME_V1="Malwarebytes Anti-Malware" | |
FRONTEND_LAUNCHER_ALIAS_V1="${FRONTEND_LAUNCHER_NAME_V1}" | |
AGENT_PLIST_SRC="/Library/LaunchAgents/${MB_PRODUCT_DOMAIN}.frontend.agent.plist" | |
HELPERTOOL_V1="/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist" | |
HELPERTOOL_V1_OLD="/Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist" | |
RTP_DAEMON_JOB_NAME="${MB_PRODUCT_DOMAIN}.rtprotection.daemon" | |
RTP_DAEMON_PLIST_SRC="/Library/LaunchDaemons/${RTP_DAEMON_JOB_NAME}.plist" | |
SK_DAEMON_JOB_NAME="${MB_PRODUCT_DOMAIN}.settings.daemon" | |
SK_DAEMON_PLIST_SRC="/Library/LaunchDaemons/${SK_DAEMON_JOB_NAME}.plist" | |
RTP_KEXT_ID="${MB_PRODUCT_DOMAIN}.rtprotection" | |
RTP_KEXT_SRC="/Library/Extensions/${MB_PRODUCT_DOMAIN_SHORT}_Protection.kext" | |
RTP_KEXT_LEGACY_SRC="/Library/Extensions/${RTP_KEXT_ID}.kext" | |
TRUE=0 | |
FALSE=1 | |
GUEST_UID=201 | |
LAST_SYSTEM_RESERVED_UID=499 | |
## ---------------------------------------- | |
## Helper Functions | |
## ---------------------------------------- | |
# - Parameters: | |
# - $1: major version. | |
# - $2: minor version. | |
is_available_function() | |
{ | |
local CURRENT_OSX_VERSION_MAJOR=$(sw_vers -productVersion | awk -F '.' '{print $1}') | |
local CURRENT_OSX_VERSION_MINOR=$(sw_vers -productVersion | awk -F '.' '{print $2}') | |
if [ ${CURRENT_OSX_VERSION_MAJOR} -eq $1 ]; then | |
if [ ${CURRENT_OSX_VERSION_MINOR} -ge $2 ]; then | |
return ${TRUE} | |
fi | |
else | |
if [ ${CURRENT_OSX_VERSION_MAJOR} -gt $1 ]; then | |
return ${TRUE} | |
fi | |
fi | |
return ${FALSE} | |
} | |
killall_frontends_function() | |
{ | |
echo "Killing '${FRONTEND_APPLICATION_NAME}' main UI if it's running..." | |
killall "${FRONTEND_APPLICATION_NAME}" | |
echo "Killing '${FRONTEND_LAUNCHER_NAME}' launcher if it's running..." | |
killall "${FRONTEND_LAUNCHER_NAME}" | |
echo "Killing '${FRONTEND_APPLICATION_NAME_V1}' V1 main UI if it's running..." | |
killall "${FRONTEND_APPLICATION_NAME_V1}" | |
echo "Killing '${FRONTEND_LAUNCHER_NAME_V1}' V1 launcher if it's running..." | |
killall "${FRONTEND_LAUNCHER_NAME_V1}" | |
echo "" | |
} | |
stop_agents_daemons_and_driver_function() | |
{ | |
# Agents | |
echo "Agent unload for All active users from '${AGENT_PLIST_SRC}'..." | |
if [ -f "${AGENT_PLIST_SRC}" ]; then | |
# Starting from 10.11 we should use new API to load agent | |
if is_available_function 10 11; then | |
echo " Using new launchctl interface:" | |
for uid in $(ps -axo uid,args | grep -i "[l]oginwindow.app" | awk '{print $1}'); do | |
uid=$(echo $uid | cut -d, -f1) | |
if [[ $uid -gt ${LAST_SYSTEM_RESERVED_UID} || $uid -eq ${GUEST_UID} ]]; then | |
echo " UID: $uid" | |
launchctl bootout gui/"$uid" "${AGENT_PLIST_SRC}" | |
fi | |
done | |
else | |
echo " Using legacy launchctl interface:" | |
for pid_uid in $(ps -axo pid,uid,args | grep -i "[l]oginwindow.app" | awk '{print $1 "," $2}'); do | |
pid=$(echo $pid_uid | cut -d, -f1) | |
uid=$(echo $pid_uid | cut -d, -f2) | |
if [[ $uid -gt ${LAST_SYSTEM_RESERVED_UID} || $uid -eq ${GUEST_UID} ]]; then | |
echo " PID: $pid; UID: $uid" | |
launchctl bsexec "$pid" chroot -u "$uid" / launchctl unload "${AGENT_PLIST_SRC}" | |
fi | |
done | |
fi | |
echo "Agent unloading has been finished." | |
else | |
echo "Agent is not loaded." | |
fi | |
# RTP Daemon | |
echo "Stopping '${RTP_DAEMON_JOB_NAME}' RTP daemon..." | |
launchctl unload "${RTP_DAEMON_PLIST_SRC}" | |
#V1 helper tool unload | |
echo "Stopping '${HELPERTOOL_V1}' V1 Anti-Malware..." | |
launchctl unload "${HELPERTOOL_V1}" | |
echo "Stopping '${HELPERTOOL_V1_OLD}' OLD MABMHelper V1 Anti-Malware..." | |
launchctl unload "${HELPERTOOL_V1_OLD}" | |
# RTP KEXT | |
echo "Unloading '${RTP_KEXT_ID}' FSO driver..." | |
kextunload -b "${RTP_KEXT_ID}" | |
# SK Daemon | |
echo "Stopping '${SK_DAEMON_JOB_NAME}' SK daemon..." | |
launchctl unload "${SK_DAEMON_PLIST_SRC}" | |
} | |
forget_product_package_function() | |
{ | |
if pkgutil --packages | grep -q "malwarebytes"; then | |
pkgutil --forget com.malwarebytes.mbam.uninstaller || true | |
pkgutil --forget com.malwarebytes.mbam.installer || true | |
pkgutil --forget com.malwarebytes.pkg.EndpointAgent || true | |
pkgutil --forget com.malwarebytes.ncep.installer || true | |
pkgutil --forget com.malwarebytes.ncep.uninstaller || true | |
fi | |
} | |
remove_product_business_useragent_function() | |
{ | |
cmdremoveEP="/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon.app/Contents/MacOS/EndpointAgentDaemon" | |
if [ -f "$cmdremoveEP" ]; then | |
echo "Business version removal started" | |
echo "" | |
eval "'$cmdremoveEP' -uninstall" | |
echo "Business version is removed" | |
echo "" | |
else | |
echo "" | |
echo "Malwarebytes Business version EP is not installed." | |
echo "" | |
return | |
fi | |
} | |
# remove NCEP SDK | |
removeNCEP() | |
{ | |
cmdremovencep="/Library/Application Support/Malwarebytes/NCEP/Engine.bundle/Contents/Resources/Remove_Malwarebytes.pkg" | |
if [ -f "$cmdremovencep" ]; then | |
echo "" | |
echo "Removing NCEP SDK..." | |
echo "" | |
eval "installer -pkg '$cmdremovencep' -target /" | |
else | |
echo "" | |
echo "Malwarebytes NCEP SDK is not installed." | |
echo "" | |
fi | |
} | |
# remove Consumer version via removal_pkg | |
removeMBAM() | |
{ | |
cmdremovembam="/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/Resources/Remove_Malwarebytes.pkg" | |
if [ -f "$cmdremovembam" ]; then | |
echo "Removing consumer version..." | |
eval "installer -pkg '$cmdremovembam' -target /" | |
else | |
echo "" | |
echo "Malwarebytes consumer version is not installed or pkg is not present." | |
echo "" | |
fi | |
} | |
remove_product_files_function() | |
{ | |
echo "Removing files...started" | |
removeNCEP || true | |
remove_product_business_useragent_function || true | |
removeMBAM || true | |
##will check and remove files manually | |
remove_folder_function "${APP_SRC}" | |
#remove_folder_function "${APP_SUPPORT_PRODUCT_DIR}" | |
remove_folder_function "${RTP_KEXT_SRC}" | |
remove_folder_function "${RTP_KEXT_LEGACY_SRC}" | |
remove_file_function "${AGENT_PLIST_SRC}" | |
remove_file_function "${RTP_DAEMON_PLIST_SRC}" | |
remove_file_function "${SK_DAEMON_PLIST_SRC}" | |
find /tmp/ -type f -name "com.malwarebytes.*" | while read path; do | |
remove_file_function "$path"; | |
done | |
# parse all user folders and remove: /Users/xxxx/Library/Application Support/Malwarebytes | |
for userFolderPath in /Users/*; do | |
echo "" | |
echo "Removing user's folder for: $userFolderPath" | |
rm -rf "$userFolderPath/Library/Application Support/com.malwarebytes.*" | |
rm -rf "$userFolderPath/Library/Application Support/Malwarebytes" | |
rm -f "$userFolderPath/Library/Preferences/com.malwarebytes.*" | |
echo "removed files from home folder: $userFolderPath" | |
echo "" | |
done | |
rm -f "${HELPERTOOL_V1}" | |
rm -f "${HELPERTOOL_V1_OLD}" | |
rm -rf "${APP_SRC_V1}" | |
rm -f "${APP_SRC_PH_V1}" | |
rm -f "${APP_SRC_PH_V1_OLD}" | |
# remove NCEP system LaunchDaemon plist files | |
rm -f "/Library/LaunchDaemons/com.malwarebytes.ncep.rtprotection.daemon.plist" | |
rm -f "/Library/LaunchDaemons/com.malwarebytes.ncep.settings.daemon.plist" | |
# Remove MBBR CLI | |
echo "" | |
echo "Removing Malwarebytes MBBR" | |
rm -rf "/Applications/Malwarebytes Breach Remediation.app" | |
rm -rf "/usr/local/bin/mbbr" | |
rm -rf "/usr/local/bin/mbbr-data" | |
rm -rf "/usr/local/bin/mbbr-logs" | |
##removing adwaremedic file oldest version | |
rm -rf ~/Library/Application\ Support/com.thesafemac.adwaremedic/ | |
rm -rf /Applications/AdwareMedic.app | |
rm -rf /Applications/Malwarebytes\ Anti-Malware* | |
echo "Removing files...end" | |
echo "" | |
forget_product_package_function | |
# Removing DIR even its not empty | |
rm -rf "${APP_SUPPORT_DIR}" || true | |
echo "" | |
### using python lib from Kyle github, which is most helpful to remove dock items | |
##Copyright 2008 Kyle Crawford | |
##https://github.com/kcrawford/dockutil/blob/master/scripts/dockutil | |
echo ">>>Running dockutil python script to remove mwb icon from dock" | |
echo "" | |
scriptDir=$(cd "$(dirname "$0")"; pwd -P) | |
"$scriptDir"/dockutil -v --remove 'Malwarebytes Anti-Malware' --allhomes; "$scriptDir"/dockutil -v --remove 'Malwarebytes' --allhomes 2>&1 | |
echo "" | |
echo ">>>end of uninstall scripts" | |
echo "" | |
} | |
# Changes the owner of the file to the needed one and deletes it. | |
remove_file_function() | |
{ | |
# Below we append '|| true' to NOT fail whole script in case of rm/chmod/chown failure which is ok. | |
chown 0:0 "$1" || true | |
chmod 755 "$1" || true | |
rm -f "$1" || true | |
} | |
# Changes the owner of the folder to the needed one and deletes it. | |
remove_folder_function() | |
{ | |
# Below we append '|| true' to NOT fail whole script in case of rm/chmod/chown failure which is ok. | |
chown -R 0:0 "$1" || true | |
chmod -R 755 "$1" || true | |
rm -rf "$1" || true | |
} | |
##function to install mbw 3.x/4.x | |
install_mwb4_latest() | |
{ | |
echo "" | |
echo ">>>downloading installer 4.x.xx to tmp" | |
echo "" | |
curl -L -o '/tmp/Malwarebytes-Mac-4.x.xx.pkg' https://downloads.malwarebytes.com/file/mb-mac | |
echo "" | |
echo ">>>running installer 4.x.xx with Current user: $(whoami) ($(id -u)) on macOS '$macosver' " | |
echo "" | |
if [ -e /tmp/Malwarebytes-Mac-4.x.xx.pkg ]; then | |
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-4.x.xx.pkg -target / | |
sleep 2 | |
open /Applications/Malwarebytes.app/ | |
sleep 2 | |
rm -rf /tmp/Malwarebytes-Mac-4.x.xx.pkg | |
else | |
echo ">>>could not find the installer file. Exiting" | |
echo "" | |
fi | |
} | |
install_mwb3_Yosemite() | |
{ | |
echo "" | |
echo ">>>downloading installer 3.9.3x legacy for Yosemite to tmp" | |
echo "" | |
curl -L -o '/tmp/Malwarebytes-Mac-3.9.3x.xx.pkg' https://downloads.malwarebytes.com/file/mb3-mac-legacy | |
echo "" | |
echo ">>>running installer 3.9.3x with Current user: $(whoami) ($(id -u)) on macOS '$macosver' " | |
echo "" | |
if [ -e /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg ]; then | |
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg -target / | |
sleep 2 | |
open /Applications/Malwarebytes.app/ | |
sleep 2 | |
rm -rf /tmp/Malwarebytes-Mac-3.9.3x.xx.pkg | |
else | |
echo ">>>could not find the installer file. Exiting" | |
echo "" | |
fi | |
} | |
install_mb4_EICaptain() | |
{ | |
echo "" | |
echo ">>>downloading installer 4.6.x legacy for EI Captain to tmp" | |
echo "" | |
curl -L -o '/tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg' https://downloads.malwarebytes.com/file/mb-mac-4-16-12 | |
echo "" | |
echo ">>>running installer Malwarebytes-Mac-4.6.12.EICaptain.pkg with Current user: $(whoami) ($(id -u)) on macOS '$macosver' " | |
echo "" | |
if [ -e /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg ]; then | |
/usr/sbin/installer -pkg /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg -target / | |
sleep 2 | |
open /Applications/Malwarebytes.app/ | |
sleep 2 | |
rm -rf /tmp/Malwarebytes-Mac-4.6.12.EICaptain.pkg | |
else | |
echo ">>>could not find the installer file. Exiting" | |
echo "" | |
fi | |
} | |
install_Mbam() | |
{ | |
if [[ "$MacOSVersion" == "10" ]]; then | |
install_mwb3_Yosemite | |
elif [[ "$MacOSVersion" == "11" ]]; then | |
install_mb4_EICaptain | |
elif [[ "$MacOSVersion" =~ (12|13|14|15|16) ]]; then ## 16 means Big Sur | |
install_mwb4_latest | |
else | |
echo "could not find correct macOS Version" | |
fi | |
} | |
checkInternet() | |
{ | |
curl -Is http://www.google.com | head -1 | grep 200 | |
if [[ $? -eq 0 ]]; then | |
#echo "Internet available" | |
return 0 | |
else | |
#echo "No internet" | |
return 1 | |
fi | |
} | |
## ---------------------------------------- | |
## Main | |
## ---------------------------------------- | |
echo "Current user: $(whoami) ($(id -u)) on macOS '$macosver' " | |
echo "" | |
####eject disk mounted | |
echo "eject mounted disk for Malwarebytes Anti-Malware" | |
diskutil unmount /Volumes/Malwarebytes\ Anti-Malware | |
echo "" | |
killall_frontends_function || true | |
stop_agents_daemons_and_driver_function || true | |
remove_product_files_function | |
sleep 1 | |
##run install function | |
userinput() | |
{ | |
osascript <<EOT | |
tell app "System Events" | |
launch | |
delay 1 | |
display dialog "Uninstall Completed. Would you like to install Consumer/Home Version of Malwarebytes for Mac?" buttons {"Yes", "No"} default button 2 with title "Install Malwarebytes" | |
--return -- Suppress result | |
end tell | |
EOT | |
} | |
button=`userinput` | |
echo "user input is: $button" | |
if [[ "$button" = "button returned:Yes" ]]; then | |
echo "user opted YES to install" | |
echo "checking internet" | |
if checkInternet 0; then | |
install_Mbam | |
sleep 2 | |
echo "" | |
osascript <<EOT | |
tell app "System Events" | |
launch | |
delay 1 | |
display dialog "Malwarebytes installation completed successfully." buttons {"OK"} with title "Uninstall & Reinstall Malwarebytes" | |
end tell | |
EOT | |
echo ">>>end of scripts" | |
else | |
echo "" | |
echo "No internet available" | |
echo "Script could not download installer due to Internet issue. Check your internet." | |
osascript <<EOT | |
tell app "System Events" | |
display dialog "Script could not download installer due to Internet issue." buttons {"OK"} with title "Uninstall & Reinstall Malwarebytes" | |
end tell | |
EOT | |
fi | |
else | |
echo "" | |
echo "user opted NO to install" | |
echo "Malwarebytes Uninstall process completed. Please restart computer." | |
osascript <<EOT | |
tell app "System Events" | |
display dialog "Malwarebytes Uninstall process completed. Please save your work and restart computer." buttons {"OK"} with title "Uninstall & Reinstall Malwarebytes" | |
end tell | |
EOT | |
fi | |
###end of script |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment