Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove the Get Windows 10 icon from the icon tray


  • Please log in to reply
193 replies to this topic

#16 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:14 PM

Well if that works for you it's great then! :P It's just that now people won't be able to say that you cannot "completely remove it" :lol:

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#17 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:15 PM

lol what about using msconfig?

#18 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:16 PM

The entries you are removing are in the Task Scheduler, not msconfig. It would be way too easy if it was eh :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#19 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:19 PM

I looked there after I posted that and it isn't there. so why not go into task scheduler and disable it there?

#20 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:21 PM

Its faster with Autoruns and easier to see. I can post the alternative Task Scheduler procedure tomorrow if you want.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#21 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:23 PM

Cool for now I reneable them just to be sure I don't mess anything up even though I know which ones to look for.

Edit: never mind they are the same as what you posted for auto runs. Right click and disable.

Edited by Dragonlady24, 01 June 2015 - 09:25 PM.


#22 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:26 PM

Alright haha :) It'll be posted tomorrow morning. Thinking of wish I might have another alternate method as well. If it works, I'll post it as well so the users will have plenty of options.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#23 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:29 PM

You need to restart the machine after disabling in task scheduler of course, but it works.

Be sure to mention I tested it and it does work :)

Edited by Dragonlady24, 01 June 2015 - 09:30 PM.


#24 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:31 PM

I will no worries :) I always gives credits to someone when they test or share something with me so I'm sure that they get recognized :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#25 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:34 PM

You gave me the path of where to look. I just followed it and used task scheduler to disable it. I can supply the full directions for windows 8.1 it will be different for all the other OS.

Edited by Dragonlady24, 01 June 2015 - 09:36 PM.


#26 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 June 2015 - 09:38 PM

I'll adapt the method for Windows 7 if needed (since its the only other OS that will get it) and I have a VM with Windows 7 English in it so :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#27 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:45 AM

Posted 01 June 2015 - 09:42 PM

Option 2 using task scheduler

In windows 8.1 press c+the windows key to open he charm menu bar.

Click search and type in Task scheduler.

In task scheduler click the microsoft folder then windows, setup and select the gwxtray name.

On the right hand side right clcik ont the followiung entries and select disable:
gwxlaunchtrayprocess
refreshgwxconfig

close out of task scheduler and restart.

#28 VecchioScarpone

VecchioScarpone

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 01 June 2015 - 10:39 PM

This is what I was recommending to people at first, but they were complaining to still see it in the extended icon tray view, so I had to mess around and find this :P

MS also recommend to change the customize setting. As soon as I restarted the computer, there it was on my task bar again.

Not anymore :grinner:



#29 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:04:45 PM

Posted 02 June 2015 - 12:53 AM

- When one uses Explorer then it appears to be in a subfolder of "system32". In "system32\gwx" there's a "junction link" to the "winsxs" folder. "Winsxs" actually contains more "gwx" related stuff. Even what seems to be an "uninstaller". See attachment.

- One can also use Ccleaner to remove those Tasks but then one has to select the "Advanced Mode". Then the (system) tasks used by MS show up. VERY revealing !!!

Attached Files

  • Attached File  GWX.png   38.27KB   1 downloads


#30 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 June 2015 - 05:16 AM

Pretty much every payloads in system32 have a junction point to a file in winsxs, but the main process is being launched from System32\GWX. And not really to be honest. A lot of programs (even Autoruns) hides Microsoft entries by default to the user can identify third-party ones and malicious ones easier.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users