HidHide.sys cannot be removed from C:\Windows\System32\drivers

[DJviolin]

• [X] I have searched open and closed issues for duplicates
• [X] I am submitting a bug report for existing functionality that does not work as intended
• [X] I have read the project documentation and not found a solution to my problem there
• [X] This isn't a feature request or a discussion topic

---

Bug description

After updating ViGEmBus, I removed ViGEmBus and DS4Windows (zipped archive). I don't need these tools anymore.

I ran latest Legacinator.exe also.

But HidHide.sys still be present at C:\Windows\System32\drivers. It's write protected from my current user with administrator rights.

How can I delete all of your tools from my system, if I don't need it anymore?

[nefarius]

Uninstall HidHide via its setup, or you might end up bricking your system. That is the only clean, supported way.

[DJviolin]

I used the same installer for HidHide, system restarted, uninstalled from Windows, system restarted, file still present.

[nefarius]

You can use PsExec to give yourself system permissions and then launch a CMD with highest permission with it and delete the file that way, assuming it is no longer in use. All at your own risk ofc., you need to be extra sure it is no longer needed on next boot.

[DJviolin]

I doesn't deleted HidHide without the installer, all I did was: your latest update for ViGEmBus popped up, because of the legal issue, Legacinator popped up and I didn't started HidHide uninstaller from Windows, because it wasn't there anymore. But HidHide.sys still present (and maybe other files, but I don't know what your tools installed.

What other software can use HidHide.sys? I think I don't need it, if it's not a system software, I will try PsExec.

[DJviolin]

HidHide.sys is a service maybe? Can I examine running services?

[nefarius]

You can find its service config in regedit under Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidHide and again, be very cautious what you're doing, especially without backups.

[nefarius]

What other software can use HidHide.sys? I think I don't need it, if it's not a system software, I will try PsExec.

I have no control over that, it's liberal software, anybody can.

[nefarius]

What you can also do; download the latest version from here, re-install it, then uninstall it and all should be good.

[DJviolin]

I run your latest installer, then run it again as admin to uninstall HidHide, after restart the file still present. There's nothing under Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidHide route in the registry.

Do I have to look after any other files that might be around after uninstall, or just enough the force delete HidHide.sys?

[nefarius]

Make extra sure that in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da} the value UpperFilters is either not present or empty/not containing the value HidHide, only then it is safe to just nuke the .sys file directly.

[DJviolin]

Thank You, registry key was empty, I nuked it with PsExec.

[SOMEJEDAN12]

thx for nuking my pc! i have no clue how take this hidhide shit away. great job homie