Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Get Windows X (GWX)


  • Please log in to reply
30 replies to this topic

#1 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:06:02 AM

Posted 13 April 2015 - 09:52 AM

Hi all,

Anyone heard of Get Windows X (GWX)?

If not, Windows 7 SP1 and 8.1 users, dive to

C:\Windows\System32\GWX

Related reading:

Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1

Windows 7: Update enables additional capabilities for Windows - Broken

KB3023607 repeatedly removed by deepclean after KB3032359/KB3021952 (5.2mb ea) repeatedly offered/installed...

Suspicious New Folder: "%WINDIR%\System32\GWX"

 

How I encountered it:

Pretty cautious ininstalling (messing) MS updates, yesterday I installed march updates and today while monitoring using resource monitor, I found the new exe trying to access my network. So, traced the file location, checked its properties and security catalogues etc. Then executed the file GWXUXWorker.exe , my UAC described it as :

"Get Windows 10"

 

So, is M$ gonna push Win X (cut 'P' from Win XP :P :B) as inline update?


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:32 AM

Posted 13 April 2015 - 09:53 AM

It's probably the update that allows users to upgrade Windows 7 and 8 to Windows 10 later on.

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:32 PM

Posted 13 April 2015 - 09:57 AM

It's probably the update that allows users to upgrade Windows 7 and 8 to Windows 10 later on.


This. Pretty much like the upgrade advisor of Windows Vista to Windows 7, Windows 7 to Windows 8/8.1 or upgrading Windows 7 to another edition of Windows 7. It's not present on my work laptop (yet).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Andrei_V

Andrei_V

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 AM

Posted 13 April 2015 - 10:16 AM

 


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:32 AM

Posted 13 April 2015 - 10:37 AM

I appreciate that Microsoft makes the transition to Windows 10 easy, but if they add nagging (for now the nag is only speculation) then it is definitely a no go.

#6 rp88

rp88

  • Members
  • 2,899 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:32 AM

Posted 13 April 2015 - 11:20 AM

Glad to say I don't have that folder, or that exe file (unless it's hidden as a protected operating system file, I usually let them stay hidden so if it is one my search wouldn't have shown it). Just to say, the update doing this is KB3035583, I don't think anything starting with KB302 has yet been causing this process or folder you mentioned to exist.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep

  • Topic Starter

  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:06:02 AM

Posted 13 April 2015 - 12:53 PM

@ rp88 It is not a hidden one.

And still KB3035583 is not listed anywhere in updates section :(

 

Reading through the link by Andrei_v, I feel fishy,,, Can someone advise me how to uninstall the update from laptop (win 7 x64)? KB3035583 is not listed!

 

Till yesterday night, it wasn't there for me too...

May be M$ is releasing a phased update like upgrade adviser(or error one?) ;)


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:32 PM

Posted 13 April 2015 - 01:30 PM

You could always try to look for it via the command prompt:

wmic qfe | find "KB3035583"

Credits to technonymous for that command, learned about it today.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep

  • Topic Starter

  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:06:02 AM

Posted 13 April 2015 - 01:42 PM

Thanks Aura! :)
Here is result:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\windows\system32>wmic qfe | find "KB3035583"
http://support.microsoft.com/?kbid=3035583     PCname  Update
             KB3035583               PCname\Useraccount      4/12/2015


C:\windows\system32>

Whats next procedure?


Edited by Nikhil_CV, 13 April 2015 - 02:08 PM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:32 PM

Posted 13 April 2015 - 01:45 PM

That PC name too Nikhil :P You can uninstall a Windows Update via the command prompt if it doesn't show up in your history of installed updates.

https://community.spiceworks.com/how_to/38624-uninstall-specific-windows-updates-via-cmd-or-batch-file-in-windows-7-8-and-server-2008-2012

In your case, it would be:

wusa /uninstall /kb:3035583 /quiet /norestart

You can drop the "/quiet" and "/norestart" if you want. It'll display the process and ask you to restart after it's done.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep

  • Topic Starter

  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:06:02 AM

Posted 13 April 2015 - 02:14 PM

That PC name too Nikhil :P You can uninstall a Windows Update via the command prompt if it doesn't show up in your history of installed updates.

 

Hmm.... Thats personal, took it out. Actually some home issues deviated my concentration... :(

 

BTW, thanks, it worked... :)


Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:32 PM

Posted 13 April 2015 - 02:16 PM

Haha no worries :P And no problem :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 rp88

rp88

  • Members
  • 2,899 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:32 AM

Posted 14 April 2015 - 10:41 AM

Nikhil_CV, So update KB3035583 was installed before you saw this gwx folder then? Just for your information updates can also be uninstalled quite easily from the control panel-->windows update-->installed updates menu, though this usually needs a restart afterwards.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:32 PM

Posted 14 April 2015 - 10:43 AM

rp, from what Nikhil said, the update wasn't listed in his installed update history, hence why he had to find it and uninstall it via the command prompt.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 rp88

rp88

  • Members
  • 2,899 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:32 AM

Posted 14 April 2015 - 10:48 AM

And yet it had been installed somehow? Very strange, unless a different update was somehow responsible. Nikhil_CV, do you have updates on "full auto", "auto download but not install", "auto check but not download or install" or "never"? Do you check through updates before downloading? If so was it listed or not? Had you ever seen it and actively hidden it yourself (right click on an update being offered and select "hide update", that puts ones you really don't want onto a "rejected" list from where you can unhide them if you want but also they sometimes escape and re-offer themselves).

Edited by rp88, 14 April 2015 - 10:50 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users