24/7/365 TECHNICAL HELPDESK
NETWORK OPERATIONS CENTRE
DIRECT I.T. SUPPORT
SOC-AS-A-SERVICE
DON'T SEE THE SERVICE FOR YOU?
Get In Touch

Latest News

Visit Our Blog
28 Nov 2017

How to uninstall a VPN the correct way

Share:
b2ap3_thumbnail_vpn_20171128-090247_1.jpg

b2ap3_thumbnail_vpn_20171128-090247_1.jpg

Fully remove a VPN and clean up afterwards on your Windows PC

Most VPN providers make big claims about their ‘no logging’ policy, and how they don’t maintain the slightest trace of anything you do online.

What these companies don’t always explain is that VPNs (including free VPNs) can keep detailed logs on your PC, often including account details, session connect and disconnect times, and the names of any servers you’ve accessed.

Often there’s no automated way to remove this information. Even uninstalling the VPN will usually leave at least some traces behind, and there are plenty more clues to your activities in Windows’ various network histories. Most could remain on your system for years.

Whether this is any kind of privacy risk depends on your situation. If others have access to your PC, or maybe you’re running a VPN on a work computer, maybe; if it’s your own system, probably not.

Whatever your circumstances, it’s interesting to see what a PC might hold regarding your VPN history. Deleting ancient network remnants brings benefits of its own, too, freeing up resources, simplifying your network settings and maybe reducing the chance of problems occurring with other networking software.

Bear in mind that there are risks involved with this kind of low-level clean-up. Accidentally deleting something important could cripple your PC. Be very careful, and don’t wipe anything unless your system is fully backed up, and you’ve got the tools and experience to recover the computer if anything goes wrong.

So, let’s look in detail at how to go about uninstalling your VPN software and subsequently cleaning up after that process. Note that you don’t have to follow all these steps, at least beyond the first and primary uninstallation process. You can be as thorough – or not – as you like.

And if you’re not confident with some of the more involved elements – like editing the Registry – then it’s probably best to skip these steps. Furthermore, some of the latter steps will only really apply to those who are extremely privacy-conscious, as you’ll see when you read through.

Uninstall VPN clients

The first step in removing a VPN is to clear away its client.

Start by finding where the program files are stored on your hard drive. Open a client window, press Ctrl+Shift+Esc to launch Task Manager, right-click the app name and select Open File Location. Make a note of the folder name – you’ll need it later.

Close the client completely (don’t just minimize it), then try to uninstall it from the regular Control Panel applet (Control Panel > Programs and Features > Uninstall a Program).

The installed programs list might also include a TAP driver (a virtual network adapter) for your VPN provider. If the list is sorted alphabetically, scroll to the T’s and look for items beginning ‘TAP-‘ (our test system included TAP-NordVPN and TAP-ProtonVPN). Remove these by right-clicking and selecting Uninstall.

If you don’t find anything, search your system for the VPN name and look for an Uninstall shortcut.

Once you’ve run the regular uninstaller and removed any associated TAP files, reboot your PC to make sure Windows is able to delete locked program files.

Remove local logs

Uninstalling a VPN won’t necessarily remove all of its files. There are often plenty of leftovers, ranging from stray DLLs to detailed logs of all your recent VPN connections.

Open the client folder you noted in the previous step, if it still exists, and search your system for folders with similar names. Investigate these to see what’s left, and whether the folders can safely be deleted.

You could also manually browse for files in the most likely locations: \Program Files, \Program Files (x86), \ProgramData, \Users\<username>\AppData\Local, \Users\<username>\AppData\Roaming.

If you don’t see the ProgramData or AppData folders, launch Control Panel, go to File Explorer Options and make sure ‘Show hidden files, folders and drives’ is selected.

Depending on your setup, you might have a separate installation of OpenVPN, the open source client used by many pieces of VPN software to manage their connections.  Look for a \Users\[Username]\OpenVPN\Log folder and delete any log files you don’t need. Which can be all of them, if you like – the files are just for troubleshooting, and it’s safe to remove them.

Registry references

Windows VPN clients often store at least some of their settings in the Windows Registry. At least some of these may survive the uninstaller, and they can sometimes give away details of your account or connection history.

Another quick warning here: always be very careful when editing the Registry.

To begin, launch REGEDIT and browse to HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER\SOFTWARE. Scroll through each set of keys, looking for anything relating to VPNs that you have uninstalled.

Typically you won’t find very much. Our test system had leftover keys relating to ExpressVPN, IPVanish, IVPN, ProtonVPN, SecureVPN and VyprVPN (Golden Frog), but these were all either empty or contained nothing of interest.

Others may be more significant. NordVPN had some IP addresses, Windscribe left all our settings and the last external IP address, and FrootVPN and Anonine left data including our usernames and encrypted password.

Whatever you find, if you’re sure it’s no longer necessary then you can remove it by right-clicking the key in the left-hand pane and selecting Delete. As we already mentioned, when editing the Registry, be cautious – accidentally deleting the wrong item could cause all kinds of problems.

Network adapters

Windows VPN clients work by setting up virtual network adapters for your other applications to use. These are often left behind when you uninstall a VPN, unfortunately, cluttering your network settings and occasionally conflicting with other software.

Launch Device Manager (press Win+R, type devmgmt.msc and press Enter) and click the arrow to the left of ‘Network adapters’ to display everything installed on your system.

VPN-related adapters usually include TAP in the name (a virtual network adapter standard) and the service name, which makes them easy to spot. Our test system had ‘ibVPN Tap Adapter’, ‘SwitchVPN Tap Adapter’ and ‘TAP-NordVPN Windows Adapter V9’, for instance.

Our system also had the more vaguely named ‘VPN Client Adapter – VPN’. If you’re not sure where a network adapter has come from, double-click it, choose the Driver tab and look at the Driver Provider and Digital Signer items. These typically show the name of the service and the company behind it.

As a cross-check, select the Events tab and scroll to the bottom of the list. If the last event was a long time ago this might indicate that the adapter is no longer used, although this isn’t guaranteed.

If you’re confident an adapter is no longer necessary, and you’re also happy you know how to fix the problem if you’re wrong (reinstall it, use a system restore point, or something else), right-click it, select Uninstall Device and check the box to ‘Delete the driver software for this device.’

Event logs

The Windows event logs typically record a vast amount of detail on your PC activities, and these can include basic details of a VPN session: connect and disconnect times, and the VPN server you accessed.

This only applies to native Windows VPN protocols – IKEv2, L2TP, PPTP, SSTP – and the OpenVPN connections used by most VPN clients won’t be covered.  Anything that is logged will be overwritten after a few days, too, as new Windows events overwrite the old ones. Still, if you’re looking to maintain maximum privacy it might be worth checking what’s being recorded on your system.

Launch Event Viewer (press Win+R, type eventvwr.msc and press Enter) to begin.

In Windows 10, click Action > Create Custom View. Expand the Event Logs list, then Windows Logs, and check the Application and System boxes.

Expand the Event Sources list and check the RasClient, Rasman and RasSstp boxes.

Click OK, give the filter a name of Connection Events and click OK.

Event Viewer should now add your Connection Events view to the Custom Views section in the left-hand pane, and display all events from the RasMan, RasClient and RasSstp sources.

Now scroll down the list and look at the details of each event.

There aren’t any details? Click View and make sure the Preview Pane option is selected.

In some cases you will see RasMan events recording connect and disconnect times for named VPNs over the past few days. RasClient events may go further, including the name of the VPN server you’re accessing.

Does this matter? If you’re using your own computer, and no-one else has access to it, probably not. But if you’re looking for maximum privacy, you can delete this history by right-clicking the Application and System logs and selecting Clear Log.

Event logs

The Windows event logs typically record a vast amount of detail on your PC activities, and these can include basic details of a VPN session: connect and disconnect times, and the VPN server you accessed.

This only applies to native Windows VPN protocols – IKEv2, L2TP, PPTP, SSTP – and the OpenVPN connections used by most VPN clients won’t be covered.  Anything that is logged will be overwritten after a few days, too, as new Windows events overwrite the old ones. Still, if you’re looking to maintain maximum privacy it might be worth checking what’s being recorded on your system.

Launch Event Viewer (press Win+R, type eventvwr.msc and press Enter) to begin.

In Windows 10, click Action > Create Custom View. Expand the Event Logs list, then Windows Logs, and check the Application and System boxes.

Expand the Event Sources list and check the RasClient, Rasman and RasSstp boxes.

Click OK, give the filter a name of Connection Events and click OK.

Event Viewer should now add your Connection Events view to the Custom Views section in the left-hand pane, and display all events from the RasMan, RasClient and RasSstp sources.

Now scroll down the list and look at the details of each event.

There aren’t any details? Click View and make sure the Preview Pane option is selected.

In some cases you will see RasMan events recording connect and disconnect times for named VPNs over the past few days. RasClient events may go further, including the name of the VPN server you’re accessing.

Does this matter? If you’re using your own computer, and no-one else has access to it, probably not. But if you’re looking for maximum privacy, you can delete this history by right-clicking the Application and System logs and selecting Clear Log.

Windows network profiles

Windows maintains profiles of some of the networks you access, optionally including your logon details, making it easier to reconnect later.

The privacy impact of this is small, but it could allow snoopers to see which VPNs you’ve used and when, months or even years after any client was uninstalled.

On Windows 10, press Win+I to open the Settings dialog and click ‘Network & Internet’. (If you’re on an earlier version of Windows, you can also view your network profiles from the Control Panel ‘Internet Options’ applet.)

Click VPN in the left-hand pane to view any VPN profiles. These only list basic L2TP and PPTP connections, and as most VPNs use OpenVPN there’s a chance you’ll see nothing at all.

Most profiles will be easy to recognize. Our test system listed ‘IPVanish VPN (L2TP)’ and ‘IPVanish VPN (PPTP)’, for instance, clearly left over from a previous IPVanish installation.

If you’re unsure how a profile is used, select it and click Advanced Options. This displays properties including the server name, and optionally the username and password, which may give you some clues.

If you’ve found a profile which you’d like to delete, click it and select Remove.

This article is about cleaning up VPN records, but you can apply the same principle to remove stored wireless network profiles. If you’re interested, click Wi-Fi in the left-hand pane (on Windows 10) and click Manage Known Networks to view and delete stored profiles.

System drivers

Set up a VPN on a PC and it will often install one or more system drivers. Uninstalling the VPN won’t necessarily remove the drivers, though, so it could be worth checking out your computer for any leftovers.

Launch the System Information applet (press Win+R, type msinfo32.exe, press Enter), expand Software Environment and click System Drivers to see the installed drivers on your system. Scroll down the driver descriptions, looking for anything that relates to a VPN you’ve tried before but subsequently uninstalled.

Examples of leftovers on our test system included ‘Astrill SSL VPN Adapter’ and ‘Phantom TAP-Windows Adapter V9’.

If you find anything, check its values in the Started and State columns. If these show the driver has started and is in the running state, that suggests the VPN has an installed device and perhaps other software. Check our earlier instructions to make sure you have removed any clients and virtual network adapters.

If the table tells you the driver is in the ‘Stopped’ state, and hasn’t started, then that indicates it’s not being used right now. The safest option is still to leave it alone, but you can try to remove a driver if you’re sure it won’t be needed again.

First, open an elevated command line (search for Command, right-click Command Prompt, select Run as Administrator).

Type PNPUTIL -e and press Enter to display all the third-party drivers installed on your system.

Browse the list looking for package providers which match the drivers you noticed earlier, then look for their ‘published name’. On our test system, the package provider ‘Phanton TAP-Windows Provider V9’ had a published name of oem103.inf.

To remove a driver, use the pnputil command with its delete-driver option and the published name. For our example, that meant typing:

pnputil /delete-driver oem103.inf /uninstall

Replace oem103.inf with the published name of your driver, then reboot and check the results.

Network history

Windows records some basic details on every network you access, even if it’s via a VPN. There’s not much recorded – a name, the first and most recent connection dates – and having this information around won’t cause you any technical issues. Still, it could tell others a lot about how the system has been used, and if you’re really concerned about privacy you might want to clear it away.

Launch REGEDIT, browse to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and scroll through the subkeys in the left-hand pane.

Look at the Description value to identify each item. On our test system, some of these represented system network adapters (‘Local Area Connection’), others were hotspots we had had accessed (‘Premier Inn Ultimate Wi-Fi’), but others clearly belonged to VPNs (‘GooseVPN’, ‘PureVPN’, ‘IPVanish VPN’).

If you see a profile representing a VPN or network you’re sure you’ll never use again, you can remove it by right-clicking the profile in the left-hand pane and selecting Delete.

A related list at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged provides more details on the same networks. Scroll it to see everything you’ve accessed, check the descriptions, and delete any keys you no longer need.

A final Connections key at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections records basic connection settings for your regular network adapters and any virtual adapters (VPNs) you might have installed.

It’s safe to delete keys for VPNs you no longer use, but be sure to leave the system connections alone. On our test system, these included DefaultConnectionSettings, LAN Connection and SavedLegacySettings, but you may have others, and it’s very important they remain untouched.

Check out the best VPN services of 2017 and visit thebestvpnfor.me to get the best VPN deals on the market

http://www.techradar.com/how-to/how-to-uninstall-a-vpn-the-correct-way

Written by Mike Williams

Picture credit: webopedia.com

Microtechs 24/7/365 White label Technical Helpdesk

In today’s world, a rock solid IT infrastructure is key to every successful business. At Microtechs we have the experience and resource to ensure your company has the support it needs 24 hours a day, 7 days a week, 365 days a year. We are able to provide an immediate response from our state of the art Technical Operations Centre which is based in the heart of Surrey.

With our rapidly expanding team, all specifically trained, working 24/7/365, we are able to provide excellent customer service and technical support. All of our services are available completely white labelled, ensuring a seamless extension to your company.

Through our services you are able to extend your hours to 24/7 or simply use us as an over flow assistant during office hours. This is all tailored to your business needs.  

How does Outsourcing your help desk benefit your business?

1.       It reduces your staffing costs. Why hire another member of staff, if you can outsource all of your calls for less? We are normally between 25-50% cheaper than an in-house option.

2.       It expands your opening hours. We have a technical operations centre which is open 24/7/365.

3.       It will improve your customer experience. Are you taking multiple calls from clients, but can’t get back to them as quick as you would like? Well now you have a team of 30 staff taking your support calls for you. Have an important meetings? No problem, your help desk has your back.

We work with over 60 IT & Telecoms Businesses who trust us to deal day to day with their clients.

 

Feel free to call our friendly solutions team, who will be happy to discuss further and help tailor a solution to you.

 

Call us now on 01483 407417

Author:

sales
Share:

ONE OF THE WORLD'S LEADING PROVIDERS OF OUTSOURCED I.T., BUSINESS & IN HOME TECHNOLOGY SERVICES.

More About Us