Solved Safe Removal of Acronis True Image Drivers

Steve C

Member
Power User
Messages
275
Location
UK
I installed the trial version of ATI 2013 a while ago then uninstalled it from my Windows 8.1 PC. I thought nothing more of ATI until this week when I was reviewing the drivers on my PC using Autoruns. This showed that the Acronis driver driver vsflt53.sys is still loading on boot despite uninstalling True Image - see the entry below from Autoruns:

vidsflt53
Acronis Virtual Disk Storage Filter
c:\windows\system32\drivers\vsflt53.sys 12/04/2011 11:31

The Acronis vsflt53.sys driver runs at boot and is associated with all disc drives on the PC!!!

I then discovered following a Google search that there are severe pitfalls if the driver is not removed correctly - see the following useful posts:

Error | Wilders Security Forums...
https://forum.acronis.com/forum/27907

I understand the following procedure to edit Registry keys needs to be followed to remove the Acronis driver:

To avoid "blue screen" death traps, any cleanup MUST be done in the following order:
1) Removal of any residual Acronis device class UpperFilters and LowerFilters entries;
2) Removal of any residual Acronis "required for boot" (start=0x00000000) filter services;
3) Removal (optional) of any residual Acronis filter service drivers files.

The first step is the most critical for restoring normal OS control of storage devices. You'll find the relevant UpperFilters and LowerFilters entries under the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

Do NOT remove any of the driver files until you have cleaned up BOTH the DiskDrive and Volume device class filters entries (step 1)AND the Acronis filter services entries that use those drivers (step 2).

My problem is that I also have Acronis driver entries in the following keys for ControlSet001:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vidsflt53

I have several questions:

1. Should I also remove the Acronis driver entries in the ControlSet001 keys above?
2. Does the presence of the offending driver vsflt53.sys affect my PC's performance?
3. Are there any other issues to consider before attempting to remove the remaining Acronis drivers?
 
I've now removed the offending Acronis driver vsflt53.sys manually by the procedure below, and my PC is working fine. Be sure to edit the registry in the exact sequence stated.


  • Go to Administrator account
  • Turn off Anti-Virus & network
  • Backup Registry
  • Create a restore point
  • Check and remove the following Registry entries using REGEDIT:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} -> UpperFilters and LowerFilters Lower filter for vsflt53 deleted
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> UpperFilters and LowerFilters Checked and left alone since no entry for vsflt53
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vidsflt53 Entire key deleted



  • Closed REGEDIT then reopened to check the details again and also check that vsflt53 entries were removed from the ControlSet001 settings (which should replicate the CurrentControlSet settings).
  • Checked drivers using Autoruns and disk details in Device Manager to check there were no entries for the vsflt53 driver.
  • Restarted as Administrator and checked details in above bullet point
  • Considered deleting the following driver files from SYSTEM32, but left them for the time being:
· vsflt53.sys – present
· vididr.sys – present
· timntr.sys – present
· snapman.sys - not present​
· afcdp.sys - not present​
· fltsrv.sys - not present​
· tdrpm273.sys - not present​
· snapman.sys - not present​
· tdrpman.sys - not present​
· timounter.sys - not present​


  • Considered deleting Seagate Secure Zone entry in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C539A15B-3AF9-4C92-B771-50CB78F5C751} but left for time being
  • Searched for Acronis & Seagate in Registry. Found only a few items but left them for the time being.
 
Back
Top