Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 updated sometime last night, reinstalled 176 tracking cookies??


  • Please log in to reply
24 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 05:27 AM

Sometime during the night Win 10 installed a update and apparently also installing 176 tracking cookies along with it.

 

Now to the untrained eye that seems to be what happened.  I run SAS Pro resident as well as regularly scans on a schedual.  Yesterday it found nothing.  This morning I had to reboot because of the update.

The update caused me to miss my regularly schedualed scan SAS and asked me to run the scan, which I did. It found 176 new tracking cookies, to the untrained eye this would seem to indicate that they had to come in with the update.

 

While tracking cookies are not a real dangerous thing we trust Microsoft not to hurt us when they update their stuff or at anytime.

Does that indicate we can no longer trust Microsoft not to hurt us and our equipment.

 

Thoughts anyone?

 

Thank you.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:35 AM

Posted 31 October 2015 - 05:37 AM

I doubt tracking cookies come in with Windows Update.

Besides they are harmless, so why bother? If you need to remove tracking cookies you can use CCleaner, or block them permanently with browser extensions.

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 31 October 2015 - 06:18 AM

to the untrained eye this would seem to indicate that they had to come in with the update.


I've never seen Windows Update install cookies and trust me, I've looked into tons of updates (extracted them to check their content). And I've also never heard of Windows Updates installing cookies so they are coming from elsewhere.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:35 AM

Posted 31 October 2015 - 07:00 AM

Block the third party cookies aka ad/ tracking cookies from installing and then remove the ones presently installed. Almost every site you visit, especially

the more popular ones, allow the install of these cookies. How To Disable Third-Party Cookies In All Major Browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 07:52 AM

I already block 3rd party cookies and do not allow tracking cookies when browseing.

From 10:30 pm to 4:am I was asleep so what browseing was I doing?

Since SAS; Malwarebytes and Defender run resident 24/7 and they detected nothing before I went to bed.

My logs show Windows update started updateing at 2:30 AM and SAS schedualed scan starts at 3:AM you want me to believe that these cookies did not come in with the update??  They just miracaculusly appeared??? Yea right.

 

4:AM I get up and have to restart my computer and ran SAS about 5 seconds later. SAS did delete the cookies when it finished, which is what I have it set to do.

I know that tracking cookies are mostly harmless, but if the advertiseing companies want this information then just pay me instead of everybody else for it.

If they were willing to pay me they could track me to their little hearts content and I would never make a peep.

But noooo they will pay the guy who writes the software to collect it the web sites that will spread it around and collect it but not the guy who the information actually belongs to.

 

Contrary to what Companies try to say they do not have any God given/ inaninable right to Advertise to begin with.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 31 October 2015 - 07:55 AM

You still have no valid proof that these cookies were dropped by Windows Update and as someone who have worked with Windows for a long time, and Windows Updates for months now I can tell you that they do not drop cookies.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:35 AM

Posted 31 October 2015 - 08:12 AM

Malwarebytes intentionally does not search for and remove cookies because they pose no significant threat...it has more important things to look for.

We do not detect or remove cookies as they are not considered a malware threat to your system. There are plenty of 3rd party programs to remove or you can even have most browsers automatically remove if you like.

Malwarebytes forum, Post #2 by AdvancedSetup (Root Admin)

Windows Defender doesn’t detect cookies. Why? Because many cookies are used for legitimate purposes and Microsoft believes that the appropriate place to manage cookies is through your Web browser.

Why didn’t Windows Defender recognize spyware on my computer?

SUPERAntiSpyware will scan for cookies by default and show them as Adware.Tracking Cookies threat detections. After a security vendor releases an update to definition databases, it is not uncommon for subsequent scans to detect threats which had previously gone undetected (not reported) by prior scans.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 08:17 AM

This is true but I am not saying that Microsoft may have intentionally did it but it may have been piggybacked in along with the updates. Because it shure showed up at my doorstep during the same time frame.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#9 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:35 AM

Posted 31 October 2015 - 08:40 AM

What browsers are installed and which one did you use yesterday?

 

If you are using Edge.....Configure how Microsoft Edge treats Cookies

 

If you are using Google Chrome or Firefox check the settings for blocking the cookies.

 

Just my comment....your scanning using those three scanners is way over done. Especially if you are aware of how adware and

malware get on your computer. When was the last time you found either?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 AM

Posted 31 October 2015 - 09:18 AM

This is true but I am not saying that Microsoft may have intentionally did it but it may have been piggybacked in along with the updates. Because it shure showed up at my doorstep during the same time frame.


Do you really want to get to the bottom of this? Alright.

Report your thread and ask it to be moved in the AII section. Once done, post your SAS log with the cookies, and also list me the Windows Updates (KBs) that were installed during the night.

Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 09:23 AM

I went to edit my last post because quietman7 gave me a reasonable reason why this may have been.
SAS may have been alerting on spywares that were not contained in the last definations.
Since SAS updates before running a scan this was a very viable possibility.

Now I would have let this drop but when I went to edit I got a NO_SUCH_TOPIC message and my whole thread disappeared for a bit. Is censorship alive and well at BC? I really do not like to think so but maybe.

In answer to your question I use only IE11 and my last session was a little before 10PM last night.
No tracking cookies are allowed and no 3rd party cookies either.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:35 AM

Posted 31 October 2015 - 09:28 AM

...Now I would have let this drop but when I went to edit I got a NO_SUCH_TOPIC message and my whole thread disappeared for a bit. Is censorship alive and well at BC? I really do not like to think so but maybe.

I moved your topic from Anti-Virus and Anti-Malware Software to this one which I felt was more appropriate. I must not have fully clicked the box to leave a link in the source forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 09:32 AM

Aura I was going to do just that but I can not seem to find SAS's logs.
Which updates were installed I will go look for.
An interesting thing I did find was 32 failed events from about 4:15 to 4:30 and all seemed to be the same event??? I did have viewer save the event but have not found yet where windows put it.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:35 AM

Posted 31 October 2015 - 09:53 AM

As Aura mentioned....the SAS log should show where the cookies were found.

 

If they are blocked from installing in the browsers then the only other two locations that I can think of would be Adobe Flash

and Cortana. I have no idea as to how Cortana handles cookies as I am not a user of either Cortana or Windows 10.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:35 AM

Posted 31 October 2015 - 10:09 AM

Sorry still can not find SAS's logs.
Windows updates were KB226702 Win defender 1.209.1095.0 : KB3106932 cumulative update for win 64 : KB3105210 cumulative : KB2267602 Win def 1.209.968.0 and 1.209.841.0

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 10/31/2015 4:44:17 AM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: LOCAL SERVICE
Computer: dannywindow8
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2015-10-31T09:44:17.819214200Z" />
<EventRecordID>76573</EventRecordID>
<Correlation />
<Execution ProcessID="844" ThreadID="2548" />
<Channel>System</Channel>
<Computer>dannywindow8</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">LOCAL SERVICE</Data>
<Data Name="param8">S-1-5-19</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>

Found it I think. Was on the clip board.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users