Solved Safe Removal of Acronis True Image Drivers

Steve C

Member
Power User
Messages
275
Location
UK
I installed the trial version of ATI 2013 a while ago then uninstalled it from my Windows 8.1 PC. I thought nothing more of ATI until this week when I was reviewing the drivers on my PC using Autoruns. This showed that the Acronis driver driver vsflt53.sys is still loading on boot despite uninstalling True Image - see the entry below from Autoruns:

vidsflt53
Acronis Virtual Disk Storage Filter
c:\windows\system32\drivers\vsflt53.sys 12/04/2011 11:31

The Acronis vsflt53.sys driver runs at boot and is associated with all disc drives on the PC!!!

I then discovered following a Google search that there are severe pitfalls if the driver is not removed correctly - see the following useful posts:

Error | Wilders Security Forums...
https://forum.acronis.com/forum/27907

I understand the following procedure to edit Registry keys needs to be followed to remove the Acronis driver:

To avoid "blue screen" death traps, any cleanup MUST be done in the following order:
1) Removal of any residual Acronis device class UpperFilters and LowerFilters entries;
2) Removal of any residual Acronis "required for boot" (start=0x00000000) filter services;
3) Removal (optional) of any residual Acronis filter service drivers files.

The first step is the most critical for restoring normal OS control of storage devices. You'll find the relevant UpperFilters and LowerFilters entries under the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

Do NOT remove any of the driver files until you have cleaned up BOTH the DiskDrive and Volume device class filters entries (step 1)AND the Acronis filter services entries that use those drivers (step 2).

My problem is that I also have Acronis driver entries in the following keys for ControlSet001:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vidsflt53

I have several questions:

1. Should I also remove the Acronis driver entries in the ControlSet001 keys above?
2. Does the presence of the offending driver vsflt53.sys affect my PC's performance?
3. Are there any other issues to consider before attempting to remove the remaining Acronis driver?
 
Thanks - I was thinking of using the Acronis cleanup utility with a manual check of the registry keys stated, but how trustworthy is their software given the rubbish left on my PC?

It seem seems the entries in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ replicate those in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ so I only need to edit the latter entries - see What's the difference among these keys ? | PC Review
 
It can be a pain cleaning leftovers from programs. Maybe someone with more experience with Acronis will chime in soon. Back up your important data before making any changes to the registry.
 
When I discontinued using Acronis True Image (paid version), I uninstalled it and also ran the available Acronis cleanup utility. As it turned out there were still many entries that remained in the Registry. I did a manual edit (backed up the Registry first) and removed anything associated with Acronis.

Whether you want to go that far? up to you.

(I now use Macrium Reflect).
 
I've now removed the offending Acronis driver vsflt53.sys manually by the procedure below, and my PC is working fine. Be sure to edit the registry in the exact sequence stated.


  • Go to Administrator account
  • Turn off Anti-Virus & network
  • Backup Registry
  • Create a restore point
  • Check and remove the following Registry entries using REGEDIT:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} -> UpperFilters and LowerFilters Lower filter for vsflt53 deleted

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> UpperFilters and LowerFilters Checked and left alone since no entry for vsflt53

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vidsflt53 Entire key deleted


  • Closed REGEDIT then reopened to check the details again and also check that vsflt53 entries were removed from the ControlSet001 settings (which should replicate the CurrentControlSet settings).
  • Checked drivers using Autoruns and disk details in Device Manager to check there were no entries for the vsflt53 driver.
  • Restarted as Administrator and checked details in above bullet point
  • Considered deleting the following driver files from SYSTEM32, but left them for the time being:
· vsflt53.sys – present
· vididr.sys – present
· timntr.sys – present
· snapman.sys - not present
· afcdp.sys - not present
· fltsrv.sys - not present
· tdrpm273.sys - not present
· snapman.sys - not present
· tdrpman.sys - not present
· timounter.sys - not present


  • Considered deleting Seagate Secure Zone entry in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C539A15B-3AF9-4C92-B771-50CB78F5C751} but left for time being
  • Searched for Acronis & Seagate in Registry. Found only a few items but left them for the time being.
 
Back
Top