Author Topic: How to remove this Malware?  (Read 14506 times)

0 Members and 1 Guest are viewing this topic.

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
How to remove this Malware?
« on: August 16, 2016, 08:21:54 pm »
WIN10 Ransom-ware update

Please note, I have installed one version of the remove the malware;

But it still keeps coming back; where to remove it?

Again, This is the last problem; how to solve it?

TIA

Today, we will try;
Method 6: Reset the content of the Catroot2 folder
To do this, follow these steps:
    Open an administrative Command Prompt window.
    Type the following commands, and press Enter after each command:
        net stop cryptsvc
        md %systemroot%\system32\catroot2.old
        xcopy %systemroot%\system32\catroot2 %systemroot%\system32\catroot2.old /s
    Delete all contents of the catroot2 folder, but do not delete the catroot2 folder.
    Type the following command, and then press Enter:
    net start cryptsvc
    Exit the Command Prompt window.
No success;

trying http://www.intowindows.com/remove-upgrade-to-windows-10-message-from-windows-78/
no success

went into the administrator account; deleted the distribution folder, restarted, no success

will try ; https://support.microsoft.com/en-us/kb/3080351
Already installed on my system
« Last Edit: August 27, 2016, 01:11:57 am by Rick »

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: How to remove this Malware?
« Reply #1 on: August 17, 2016, 12:54:56 am »
While some may agree with you that the way MS have pushed Win 10 that it is malware, it isn't Ransomware.

Have you previously installed Win 10 and then reverted to your previous OS as since the 29th July, MS are no longer sneaking the Win 10 update into Windows Updates - so can you explain how you've gotten that update this late ?

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: How to remove this Malware?
« Reply #2 on: August 19, 2016, 04:16:35 am »
Looks like the update was cached in the software distribution folder  and  you  failed to meet  deadline buddy...  :sad: Go ahead and run the fix windows update with windows aio and it should delete your folder with that update.
Julian

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: How to remove this Malware?
« Reply #3 on: August 23, 2016, 07:43:34 am »
Anyway to simply remove it from the registry?

Delete the update folder?

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: How to remove this Malware?
« Reply #4 on: August 23, 2016, 08:17:43 am »
so difficult to make a program that will also block the updates?

http://www.ghacks.net/2015/04/17/how-to-remove-windows-10-upgrade-updates-in-windows-7-and-8/


Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: How to remove this Malware?
« Reply #5 on: August 23, 2016, 08:30:30 am »
Go Start - type disk cleanup - right click on Disk Cleanup and select Run as administrator and you may find it listed in there.

However, if you still want to upgrade free to Win 10, you may be able to via https://www.microsoft.com/en-us/accessibility/windows10upgrade

I don't know what Assistive Technologies are, but apparently MS don't check.

MS don't seem to have put a cut off date on this, but I wouldn't hang around if you would still like to upgrade free.

As for not having any control over the updates, the Anniversary Update has been out since 2nd Aug. but quite a lot still haven't got it yet through Windows Update, although some have used the MCT to download an ISO for it and upgraded that way.

Apparently though, millions have found that the upgrade has knacked web cams which MS are still working on a fix for - meanwhile the next update has already been released to the Insider Fast Ring, who MS have debugging any updates before they are released upon the unsuspecting public.

I'm currently using v10586 which was the release when I upgraded but if you avail yourself of that upgrade now button you will undoubtable get the Anniversary Upgrade version which is v14393.

I've had standard security updates which haven't caused me any problems so far.

Up to you.....

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: How to remove this Malware?
« Reply #6 on: August 23, 2016, 09:04:12 am »
here you go;

you do the rest;

take control of these files, delete them

GWX in windows\system32\GWX "need take control"
Take control of and Delete these additional files attached;

SEARCH GWX in registry and Delete-remove the registry keys attached;

See if you have a file named kdb-i386-1211g in your system and check it; I have mot reviewed it

Check for update and remove KB3035583 / be sure check for updates after restart and hide this UPDATE...
Funny how its ok for this update to keep re-occurring too?

List of updates that if already installed should be removed:

KB3035583
KB2952664
KB2977759
KB3021917
KB3075249
KB3080149
KB3083710
KB3083324
KB3090045
KB3112343
KB3123862
KB3022345
KB3068708

be sure run disk-cleanup too and refresh your update catalog

If that is not a watered down version of Ransom-Ware, NOTHING is !!!!!

I need get back to my day job now

Buy my gloves :)
« Last Edit: August 23, 2016, 11:05:38 am by Rick »

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: How to remove this Malware?
« Reply #7 on: August 23, 2016, 03:07:52 pm »
The deadline for the free upgrade to Win 10 expired on 29th July so those updates are now benign although some were Telemetry.

You don't have to remove GWX from the registry either although it won't do any harm.

KB3035583 was the main one that put the GWX icon into the system tray and KB295664 was a Telemetry one.

You can uninstall all of those updates from Installed Updates and they shouldn't reappear - they didn't for me for August's updates on my Win 7 laptops, but it's always best to check what each new update is for.

You are worrying about nothing.

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: How to remove this Malware?
« Reply #8 on: August 24, 2016, 08:59:00 pm »
Please help to answer the first question !

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Re: How to remove this Malware?
« Reply #9 on: August 25, 2016, 12:10:48 am »
Looks like the update was cached in the software distribution folder  and  you  failed to meet  deadline buddy...  :sad: Go ahead and run the fix windows update with windows aio and it should delete your folder with that update.

Julian, I renamed the folder, no effect

Offline Tim_Tweaking

  • Administrator
  • Newbie
  • *****
  • Join Date: Oct 2015
  • Posts: 49
  • Karma: 5
    • View Profile
    • Tweaking.com
Re: How to remove this Malware?
« Reply #10 on: August 27, 2016, 05:14:31 am »
This thread has been closed. The help was not taken and a disrespectful comment was posted and deleted. There are plenty of tools already created to do this and more @ http://www.majorgeeks.com/mg/sortpopularity/windows_10_fixes.html

Otherwise I can't tell, it almost seems more like he was offering his registry tweaks to Shane for the program but it's in the wrong forum so maybe that was the confusion?

Either way, this is closed and locked.
Tweaking.Com Support and Moderator