Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting rid of a WinXP SP3 download before it's installed


  • Please log in to reply
12 replies to this topic

#1 trudger

trudger

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 24 October 2008 - 12:40 AM

You all were a tremendous help to me in getting rid of a particularly nasty piece of spyware a few years ago. I hope you'll be able to help me again.

I've searched the forums to see if my problem has already been addressed, but I've been unable to find anything. I hope I'm posting this in the right place.

I run WinXP Home SP2. I keep Windows Update set to notify me when updates are available, but not to install them.

Well, the other night, my firewall sprang to life and told me Windows Update was trying to access the Internet. I denied it permission.

The next thing I knew, a box popped up that said SP3 had been downloaded and that a reboot was necessary to complete installation. It asked if I wanted to reboot then or later. I clicked later, because I'm definitely not interested in SP3. I've heard too many bad things about it.

When I checked my Windows Update setting, I found that it had been changed to download updates automatically. I hadn't touched it, and I'm the only one who uses this computer.

I then went scrambling around looking for help. I found a Microsoft Knowledge Base article that said to disable reboot via the registry: HKEY_LOCAL_MACHINE-->Software-->Microsoft-->Windows-->CurrentVersion-->WindowsUpdate-->AutoUpdate, delete Reboot key. (It might have been the AutoReboot key -- I don't exactly remember -- if was after 3am when all of this started and I was very tired.) Anyway, that's what I did.

Now, every time I shut down my computer I get an option to either install SP3 or shut down without installing it. Obviously, I choose the second one.

So SP3 is still lurking on my HDD, ready to pounce. I believe I've found the folder that houses it: C:\Windows\SoftwareDistribution\download\1185bc01976431096846a9c917b224df. The date/time of this folder are identical to those of the incident I've described.

Here are my questions:
(1) Is there a way for me to safely remove all parts of the SP3 download from my HDD?
(2) If so, is there a way to restore the reboot key to the registry? (All Microsoft said to do before deleting the key was to back up the registry by creating a Restore Point, so that's what I did. But using it won't solve my SP3 problem.)
(3) If neither 1 nor 2 is possible, will I still be able to download security patches that require a reboot without risking installing SP3 along with them? In fact, will I ever be able to reboot again, period?

If I ever get this taken care of, I'll be turning automatic updates completely off (with any luck, they'll stay off) and checking for updates manually. That's much preferable to having this kind of thing foisted on me. I find it more than a little unnerving that my Windows Update setting was not only changed without my knowledge, it was able to override my firewall permissions.

Thanks in advance for any help you may be able to give me.

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:16 PM

Posted 24 October 2008 - 02:37 AM

When SP3 first came out in May there was a problem related to computers that had certain AMD processors. They have resolved this issue and I haven't seen any problems related to this quirk since then. I have a AMD CPU and SP3, and I haven't had any problems with it at all. I would go ahead and let it install, there are some advantages to the SP3 that make it worth while.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 trudger

trudger
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 25 October 2008 - 12:59 PM

Thanks for the input, dc3, but I really don't want to install SP3, particularly now that it's being forced on me by a Microsoft drive-by download.

I just want to know if there's a way for me to safely remove the download and add the reload key back to the registry, and if not, if I have any other alternatives.

Edited by trudger, 25 October 2008 - 01:03 PM.


#4 bandaid1968

bandaid1968

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 25 October 2008 - 10:01 PM

go ahead and let it finish installing then after reboot goto add remove programs and uninstall it from there

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:16 PM

Posted 25 October 2008 - 10:51 PM

Thanks for the input, dc3, but I really don't want to install SP3, particularly now that it's being forced on me by a Microsoft drive-by download.


trudger, If you look at the top of the page here you will see that there is a Important Announcement regarding an important update? With the emphasis being put into the announcement you should be able to appreciate how important the staff here at BC believes they are. The Service Pack is just as important, and for the same reason, the security of your computer. It is your choice, and you will do as you wish, I just hope that your choice doesn't comes back to haunt you.

Here's something else to consider, go ahead and download it as Bandaid1968 has suggested, but give it a try and see if it causes you any problems. If it does, then you can uninstall it as they have suggested.

Edited by dc3, 25 October 2008 - 11:00 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 trudger

trudger
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 26 October 2008 - 01:28 AM

Yes, dc3, I saw the important announcement. And I appreciate the advice from you and bandaid.

The Windows Update forum over at Microsoft is filled with problems concerning the SP3 install. Call me overly cautious but I really don't want to risk messing up my computer, which I depend on to make a living. I realize that some folks might say that's even more reason to install SP3, but I'm just not comfortable doing so right now. All I want to do is get rid of a download that was forced on me.

I guess I'll just keep looking for answers to my questions. Thanks anyway, BC.

#7 DSTM

DSTM

    "Bleepin' Aussie Addict"


  • Members
  • 2,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SYDNEY-AUSTRALIA
  • Local time:12:16 PM

Posted 26 October 2008 - 01:48 AM

I guess I'll just keep looking for answers to my questions. Thanks anyway, BC.

Doesn't matter what forum, you visit regarding any updates or programs,you will allways read many negative posts, and most of the time, it's not the update or the program,but the person not installing correctly.
Easy to get Paranoid, about these things.
Bleeping Computer have some of the best Tech Guys on the Net,and I would be listening to their advice intently.
If you do have a problem,which I doubt,they are only too happy to assist you. :thumbsup:















#8 trudger

trudger
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 26 October 2008 - 05:01 AM

It's not that I don't trust the tech guys, it's that I simply don't want to install SP3 right now. This doesn't mean I'll never install it.

I've finally managed to find a way to get around the SP3 install, and grab and install the other crucial updates. I'm satisfied with that, at least for now.

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:16 PM

Posted 26 October 2008 - 06:28 AM

You can either install SP3 or not install it - that's your choice.
Without SP3 you'll be vulnerable. The bad guys are counting on you not updating - that way they've got longer to get into your system. Here's a link to the Am I Infected forum in case you need it later on: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

I install SP3 routinely at work and haven't had an issue with it since the HP AMD/Intel issue first arose.
There are 2 major reasons for a Service Pack not installing (or hosing your system). They are:
- being infected when trying to install the Service Pack
- having outdated drivers that are not compatible with the Service Pack versions.
So, prior to installing a Service Pack you should:
- scan your system with an independent virus scanner to ensure that you're not infected.
- update any drivers that are impacted by the Service Pack
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 26 October 2008 - 08:40 AM

Hi trudger,
I think SP3 was installed unexpectedly on my computer in a similar way to what you mentioned. I was working online and all at once my Windows Explorer settings changed. The thing I noticed immediately was that the file endings had disappeared (i.e. no longer set to show hidden files and file extensions). There were new files all over the place. I too had my updates set to install manually. In my case, I thought it was malware that was causing the changes in my computer. Some really weird things happened, like I did a google search of an unfamiliar file and when I hit the little magnifying glass in Firefox to conduct the search, my Firefox browser shut off as if it had never been in use. No warnings about multiple tabs being opened, no closing down, just blink and I was looking at the desktop. I was seriously worried about malware at that point. As I worried my way through this, I was working in malware removal at the time, and we got lots and lots of computers with the April release date for SP3 in their files. I finally realized by the date of all the new files on my computer, that SP3 had downloaded and installed on my computer without permission and other than the changed settings in Windows Explorer, I couldn't find anything further to worry about. The installation was smooth, almost invisible, and I wouldn't have noticed it if it hadn't been for that one quirk. I had wanted to get it anyway, because I'm a complete supporter of Windows Updates and especially the service packs, but I like to set the updates to manual to force myself to read about them. The links make it easy to go straight to the articles about each update.

It's true that it can be uninstalled via add/remove programs once installed. Additionally, you can reset your system restore to a point prior to when it was downloaded, and that should take away the shutdown message.

Edited by Zllio, 26 October 2008 - 10:00 AM.


#11 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:09:16 PM

Posted 26 October 2008 - 09:46 AM

I had a similar thing with SP3 just appearing, I put it off for a couple of days to do a little more research. Found a few Pro's & Con's nothing that blew me off installing it, I am very glad I did! My system perked no question added some speed, not sure of other benefits though I am sure there were a myriad of patches. I would not hesitate to do the install, if you have an AMD processor like mentioned above load that patch first.

Phil

Honesty & Integrity Above All!


#12 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:09:16 PM

Posted 26 October 2008 - 01:45 PM

Same thing happened to me couple of months ago. Then I learned that in order to truly turn of Automatic Updates, you have to not only Stop and Disable it in Control Panel, Admin Services, you also have to Disable the Background Intelligence Transfer Service (BITS)! MS Updates is able to use this "background" (back door, so to speak) feature of Windows to turn on Auto Updates and download & install updates even when user has turned off AU or has it set to Notify.

Since learning this I disabled both with no ill effects. Then, before every monthly patch Tuesday, I go in and Start and set to Automatic both services. Then I do my updates. When done updating, I immediately Stop & Disable them. Reason for me, actually, is not WGA (LOL) as some might think. I like to Create a Restore Point before ALL security patches so that if one proves to be "buggy" or problematic, I can restore to a point before the update was d/l & installed. Can't be too safe when it comes to MS (wink).

Edited by buttoni, 26 October 2008 - 01:47 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#13 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 27 October 2008 - 10:19 PM

wow! interesting!

So how do you turn off this BITS! critter? The Orwellian creepiness of "legal" backdoors gives me the heebee jeebees!

Oh, I found it in the services. It's set to manual. Do I still have to turn it off to keep it from doing something like that? Also, if BITS is turned off, does that automatically prevent all the updates from being downloaded or does it just prevent the odd thing like the SP3 trick above from happening?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users