Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue windows updates


  • Please log in to reply
2 replies to this topic

#1 reaching

reaching

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 16 June 2015 - 05:02 PM

Windows Update updates files to my comp I didn't authorize and they cannot be removed. They were listed in recent updates but not in installed updates(where there's the option to uninstall).

So, I did a factory recovery which restores all the original files on and puts comp back in original state.

While recovering and preparing desktop for set up, there was a pop up that said SYSPREP PLUGIN. From what I read it's for administrators who want to access computers in a network and control what computers receive by way of programs, etc.

There was also an audio button at the top of screen while desktop was being set up for the first time...I put it on mute but I had no idea what it was for.

When prompted, I selected for windows to not to install updates...the choice with the big red x.

When I went to check, the rogue updates were still there.

I also tried to factory reset the laptop. Nothing about sysprep, but when I checked updates, there were updates dated 5/15/15. So some updates were carried over or reinstalled... not all though.


Is it possible that I am connected to someone elses network and they are controlling what files get downloaded to my computers?

Another strange thing was I clicked on the help support tab in windows on my desktop (before I did factory recovery on desktop) , I got links to reinstall hardware and install software, but when I clicked the link, windows asked if I was sure I wanted to open the file because it was from an unknown publisher and it wasn't digitally signed by Microsoft. I clicked cancel and windows gave me a pop up that says error, file corrupted...and this was offline help.

Also, windows keeps changing my settings to download updates automatically even when I disable windows updates. And even if it doesn't warn me of updates, when I reboot computer, I get a message that I should wait because updates are being installed.

Once I selected to install about 4, what I thought were legit updates. Windows restarted, it took awhile and it said something about making 4000+ registry Changes. That seems like a bit much to me.
What does this sound like to you?

Can a hacked modem or Router keep someone connected to your comp and enable them to send files to your computer?

Are my comps possessed?


I don't want to run tests (I want to throw the whole system in the garbage), but I would like some ideas as to what could cause something like this.

BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:09:10 PM

Posted 16 June 2015 - 05:30 PM

Hi reaching :)

Let's try to answer your questions one by one. First of all, I understand that some Windows Updates got installed on your system, when you didn't want them to install, and because of that, you decided to do a Factory Reset, is that right?

Is it possible that I am connected to someone elses network and they are controlling what files get downloaded to my computers?


It's highly improbably that someone is connected to your network and pushes you malicious Windows Updates, it's way more complicated than a simple MiTM to be honest.

Once I selected to install about 4, what I thought were legit updates. Windows restarted, it took awhile and it said something about making 4000+ registry Changes. That seems like a bit much to me.
What does this sound like to you?


Sounds perfectly normal. One update can involve hundreds, thousands of changes in the Registry.

Can a hacked modem or Router keep someone connected to your comp and enable them to send files to your computer?


It can, yes. But in your case, it's related to the Windows Updates, so it's not plausible.

Are my comps possessed?


No.

My guess is that Windows Updates that you didn't want installed themself automatically and that was it. There's no virus, no malware, no "hack", nothing. Also, during a Windows reinstallation, it's an option to automatically look for and install Windows Updates so your Windows is as up-to-date as it can after the install.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Mike.Tech

Mike.Tech

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Drivin' all night my hands wet on the wheel....
  • Local time:02:10 AM

Posted 16 June 2015 - 06:46 PM

Windows will update certain files without notification, and not all updates are removable. The several thousand reg entries are usually when a core windows update is installed. I assume you mean the black screen showing X operations out of a total figure, followed by a reboot?

 

Factory reset will likely add stuff you didn't want as part of the process. Sysprep can be used to create the restore image..

 

If you use wireless, and have no password, your computer can be owned, even with a firewall.

 

Depending on your OS version, you can set the group policy to totally enforce what happens with updates. https://support.microsoft.com/en-us/kb/328010

I always use it after an update changed my setting.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users