Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GWXUXWorker.exe


  • Please log in to reply
7 replies to this topic

#1 bigals07

bigals07

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 05 August 2015 - 09:24 AM

Hi

Can any one help when i start my computer GWXUXWorker Bad Image pops up

Could anyone please tell me how to remove it?

Kind Regards

bigals07



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 05 August 2015 - 10:11 AM

Hi bigals07 :)

This process is part of the KB3035583, which is the "Get Windows 10" app for the Windows 10 upgrade. Follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 rp88

rp88

  • Members
  • 2,966 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:45 AM

Posted 06 August 2015 - 12:14 PM

bigals07, can you specify more about what GWXUXworker.exe is doing, has it produced error messages? have you spotted it while searching through folders? have you seen it running in task manager?



If you want to avoid "upgrading" to windows 10 you can safely delete this file, and also GWX.exe and a few other related files (I can list these if you would like the list but not right now, it will take ages to dig out the sheet of paper on which I noted down the file names), but should make a system image first just in case. It is likely that there will be mulitple copies of GWX.exe and GWXUX.exe and GWXUXworker.exe on your computer, some in C:\windows\system32 and some in a sub-folder of C:\windows\WinSxS if you choose to delete GWX and the related files (If you want I will list them all for you) make sure NOT to delete ANYTHING else while doing it, system32 and WinSxS contain some extrememly important system files, you don't want to mess with these while you are getting rid of gwx and related stuff.

The order in which you should do this is as follows.

First remove the update KB3035583 (via the control panel, you will need to restart the computer after uninstalling the update) there are also some other related updates you may wish to remove, then hide them afterwards and put your updates on "check automatically but ask me before installing", that way you can prevent these updates being installed if new versions are offered again, but you can still install other updates by checking and ticking those you want every tuesday evening.

Then search within windows file explorer, for gwx . See what results it gives, probably about 7 exe files with "gwx" within their names, and a few other related files. Some of these files might not be gwx related, could just have similar names, so you shouldn't delete all of them. The gwx files found will be in system32 and a subfolder of WinSxS.

You can then find the gwx.exe file in system32 (if this one hasn't gone already), and the gwx.exe file in the subfolder of WinSxS, and (after changing the owner (to your own account), change the permissions to make your own account have "full control", also make every other listed account/user/thing have full control, but untick full control for "trusted installer". Do this only for the files in need of deletion, do not interfere with permissions for other files or for the folders. You will have to go through this whole permissions altering process once for each file you need to delete.) delete them. Alternatively, after going through that permissions process once for each file, you could rename them and chage the file extension, so that they cannot be found when the system looks for them, hence they cannot run, this can be reversed if necessary where deletion cannot be reversed. If you get stuck altering the permissions I can give you further explanations of what to do.

After that is done there should be nothing left of gwx at all.

Edited by rp88, 06 August 2015 - 12:16 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 06 August 2015 - 02:39 PM

Rather than deleting the files individually, I would uninstall the update as whole. Otherwise there's risk of corruptions in the system files.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 rp88

rp88

  • Members
  • 2,966 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:45 AM

Posted 07 August 2015 - 11:46 AM

Uninstallation doesn't get rid of all the GWX remnants, it should remove the ones from system32, but those in the subfolder of WinSxS stay behind (atleast in my experience). That is why, after removing the updates it might be necessary to delete, or at the very least rename the files and change their extensions for GWX.exe and also some other related files. This shouldn't have any negative effects, as long as only the GWX related files are deleted/renamed, but making a system image first is wise.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 07 August 2015 - 12:11 PM

As long as you uninstall the KB3035583, you won't be able to download the Windows 10 upgrade via Windows Update. And yes, deleting system files manually without uninstalling the update can leave corruption that can be detected by SFC or left in the Registry.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 rp88

rp88

  • Members
  • 2,966 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:45 AM

Posted 07 August 2015 - 12:17 PM

NOTE: I am assuming that you do NOT want to "upgrade" to windows 10, if you DO want to "upgrade" then leave the gwx files, adn the listed updates, as they are.


The GWX files are contained within 4 folders:

These folders have names beginning...

C:\Windows\WinSxS\amd64_microsoft-windows-gwx-uninstall_...
C:\Windows\WinSxS\amd64_microsoft-windows-gwx-task_...
C:\Windows\WinSxS\amd64_microsoft-windows-gwx_...
C:\Windows\WinSxS\wow64_microsoft-windows-gwx_...

Within these folders are files with the following names, some file names are listed twice because they occur in more than one folder...

config.cat
config.xml
GWX.exe
GWX.exe
GWXConfigManager.exe
GWXUI.dll
GWXUX.exe
GWXUXWorker.exe
GWXGC.exe

I uninstalled the updates responsible for these, then* I renamed all these files (just added a word to the start of their name), then I zipped up those folders, copied the zip files out of the WinSxS folder, then deleted those folders, and all the files (as listed above) within them. Finally, with the zip files containing all this nasty stuff now in a sub folder of my "Documents" folder, I renamed those zip files to .txt files. If I ever wanted to restore these GWX files I could rename those txt files to zip, then unzip them to get the folders back, take the extra word away from the front of each file name, and then copy those folders back into WinSxs, so they are not totally gone, but they are in a place where the operating system can never find them to run them. This did no damage to my computer, but making a system image first is ALWAYS wise, and can prove very helpful in a wide range of circumstances.

If you are at any point unsure as to whether the files you have found are the relevant ones, then ask for help identifying them. For example there are probably thousands of files on a computer called "config.xml", you need to make sure that only those which occur in one of those listed folders get renamed like this, files with similar names in ANY OTHER folder should not be interfered with.

If you want to get rid of GWX then you should begin by uninstalling KB3035583, KB3044374, KB3046480, KB3068708, KB3022345 and KB3058168, (not all of them are necessarily present, you might only find some of them) then restart. Then search in windows file explorer, search the whole of C:\ drive for the keyword gwx. When searching make sure that file explorer is set to show "hidden files and folders", it should NOT need to be set to show "protected operating system" files though. Post a list here of all the files which the search for "gwx" returns, if any, and of all the folders with gwx in their name. I don't think uninstalling those updates will get rid of all traces of GWX, so there will probably be some gwx things coming up in that search. If there are then I can look at the list of gwx related files you found and tell you what to do about them, if that search retruns no results then there are no traces of gwx left and uninstalling those updates has been enough to get rid of GWX.


*after changing permissions on those 4 listed folders, and the 9 files within them, do not change the permissions on any other files or folders

P.S. here is how to make a system image http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/#manual you should make one before beginning with any of this, because in the extremely unlikely event that this causes problems a system image lets you go back to before the problems began. And if you don't need the system image now, having it around for later will be very helpful, system images can help restore your system after: damage to system files, virus infection, hard-drive failure, buggy updates, unwanted changes to system settings, unwanted installation or uninstallation of programs...

P.S. Aura, just to make a note of it, after I did the uninstallation, and then deletion, which I describe, I did (amongst other things) run SFC (on the "check only and say if it finds any errors" setting) it didn't report problems from doing this. Naturally I haven't poked around in the registry at all, but I certainly haven't experienced any errors of any kinds.

Edited by rp88, 07 August 2015 - 12:27 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 bigals07

bigals07
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 09 August 2015 - 05:28 AM

Thank You for your indepth explanation I am working on it!!

 

Regards

 

Bigals 07






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users