Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown firmware flash popup requesting administrator rights Dell?? Malware??


  • Please log in to reply
87 replies to this topic

#1 rcurtin6040

rcurtin6040

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 01:17 PM

First a little disclaimer this is happening in a corporate environment on multiple systems and I did not see anything explicitly against this so here goes. 

 

This is happening on Windows 7 x64 and Windows 10 x64 machines alike (both enterprise).

 

Multiple users (myself included) came in this morning to a strange unknown unwarranted popup. We have been telling users to hit cancel but I have refrained from doing so yet on my own PC for investigatory purposes. 

 

1.jpg

 

So naturally we immediately recognized this as the normal Dell BIOS update prompt when run from Windows environment. This caused us great concern because we have not pushed any such updates. We do have in house WSUS and a K1000 appliance that could technically prompt for this but it was nothing we did. 

 

So I started looking into it further and looked at what task was trying to run (show below)

2.jpg

 

I also found this in my startup which gives no other information about it as well.

3.jpg

 

So my next step was to look in the event viewer around the time of the modified date/time of the file in question. I found the following 2 entries of concern at almost the exact same time.

4.jpg

 

5.jpg

 

Now the DBUtil_2_3 itself is generally safe but since it was modified at the exact time this all started I have my doubts. Here is the file details of this file.

 

8.jpg

 

9.jpg

 

This is the file that is trying to run named GetDockVer32W.exe located in C:\Windows\temp folder. (I have more information of what happens after I allow it to run I did on an offline computer if needed)

7.jpg

 

I checked with Dell and this is not their normal naming scheme and they do not have any information about this file. 

 

I also used power shell to find any other files created in this time window when this was all trying to execute. Here are my results of all the files it created/modified.

 

6.jpg

 

Other than McAfee Enterprise 8.8 patch 8 not finding anything I also ran a malware bytes scan which didn't detect anything crazy either. MWB did detect my Dell System Detect as a PUP but I am assuming this is a false positive as this was installed months before and none of the other affected computers have this installed. 



BC AdBot (Login to Remove)

 


#2 blakeboman

blakeboman

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 09 January 2017 - 01:57 PM

It's almost like this post originated from me.

 

I'm experiencing the exact same thing. According to my K1000, this process is running on over 200 of my computers. What is this?!



#3 PerfektioN

PerfektioN

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:07 PM

Ive been assisting blake with this issue since he told me about it.  It appears that this is related to a Dell Wired Dock which is what the TBT_Dock_Firmware is related to.  I can confirm that this instruction was not sent out from the K1000 appliance as it was not ran from any KACE deployment directory.  KACE wouldnt know where to look.  I am going to continue looking for an answer on this.



#4 rcurtin6040

rcurtin6040
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:09 PM

Thank you, and I also checked our KACE for any trace of this to no avail. I forgot to mention that we do not have any of these Thunderbolt Docks in our environment. I can say with absolute certainty no one in my IT department has downloaded this. 



#5 PerfektioN

PerfektioN

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:10 PM

@rcurtin6040 would you mind sharing an installed software list from KACE on one of your affected machines?  I will compare that in relation to our affected/non-affected machines.



#6 rcurtin6040

rcurtin6040
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:15 PM

Is plain text alright? I just used my computer as the reference as that is where I got my screenshots and all my info from. So there is more software than our "usual" workstation so I apologize for the long list.

 

64 Bit HP CIO Components Installer (13.2.1) 8GadgetPack (21.0.0) AMD Catalyst Control Center (2015.0804.21.41908) AMD Catalyst Control Center (1.00.0000) AMD Catalyst Install Manager (8.0.916.0) AnyDVD (8.0.5.0) Apple Application Support (32-bit) (5.2) Apple Application Support (64-bit) (5.2) Apple Mobile Device Support (10.0.1.3) Apple Software Update (2.2.0.150) Application Compatibility Toolkit (10.1.14393.0) Application Verifier (x64) (4.0.917) Appman Sequencer on amd64 (10.1.14393.0) Artemis Views 4.1.5 Assessments on Client (10.1.14393.0) Avaya Communicator 2.1.4.84 (2.1.4.84) Barcode Statusing Interface 1.0 Bentley 2K4 Launcher (2.2.4189.18622) Bentley Coax V8 2004 Edition (08.05.02.97) Bentley DGN IFilter (1.0.1.9) Bentley DGN Index Service (08.11.09030) Bentley DGN Preview Handler (8.11.8004) Bentley DGN Thumbnail Provider (8.11.7.411) Bentley MicroStation (V 08.05.02.70) - 1 Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (8.11.7.443) Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2014 (08.11.09.459) Bonjour (3.1.0.1) Catalyst Control Center - Branding (1.00.0000) Catalyst Control Center Graphics Previews Common (2015.0804.21.41908) Catalyst Control Center InstallProxy (2015.1104.1643.30033) Catalyst Control Center Localization All (2015.0804.21.41908) CCC Help Chinese Standard (2015.0804.0020.41908) CCC Help Chinese Traditional (2015.0804.0020.41908) CCC Help Czech (2015.0804.0020.41908) CCC Help Danish (2015.0804.0020.41908) CCC Help Dutch (2015.0804.0020.41908) CCC Help English (2015.0804.0020.41908) CCC Help Finnish (2015.0804.0020.41908) CCC Help French (2015.0804.0020.41908) CCC Help German (2015.0804.0020.41908) CCC Help Greek (2015.0804.0020.41908) CCC Help Hungarian (2015.0804.0020.41908) CCC Help Italian (2015.0804.0020.41908) CCC Help Japanese (2015.0804.0020.41908) CCC Help Korean (2015.0804.0020.41908) CCC Help Norwegian (2015.0804.0020.41908) CCC Help Polish (2015.0804.0020.41908) CCC Help Portuguese (2015.0804.0020.41908) CCC Help Russian (2015.0804.0020.41908) CCC Help Spanish (2015.0804.0020.41908) CCC Help Swedish (2015.0804.0020.41908) CCC Help Thai (2015.0804.0020.41908) CCC Help Turkish (2015.0804.0020.41908) Cisco WebEx Meetings Debugging Tools for Windows (x64) (6.11.1.404) Dell KACE Agent (6.4.522) DHTML Editing Component (6.02.0002) DVDFab 9.3.1.9 (21/10/2016) eReg (1.20.138.34) Extension Fields Editor 1.0 FileZilla Client 3.17.0.1 (3.17.0.1) Google Chrome (55.0.2883.87) Google Drive (1.32.4066.7445) Google Earth Pro (7.1.5.1557) Google Update Helper (1.3.32.7) HDR Preview (1.0.0.2) Herramientas de corrección de Microsoft Office 2016: español (16.0.4266.1001) i-model ODBC Driver for Windows 7 (01.00.00020) i-model ODBC Driver for Windows 7 (x64) (01.00.00020) Imaging And Configuration Designer (10.1.14393.0) Imaging Designer (10.1.14393.0) Imaging Tools Support (10.1.14393.0) IP Office Admin Suite (9.1.700.163) iTunes (12.5.4.42) Java 7 Update 80 (7.0.800) Java 8 Update 111 (8.0.1110.14) Java Auto Updater (2.8.111.14) Java™ 6 Update 11 (6.0.110) Java™ 6 Update 31 (64-bit) (6.0.310) Juniper Networks Secure Application Manager (8.0.7.32723) K2000 Media Manager (9.9.9) Karen's Directory Printer (5.3.0.2) KeePass Password Safe 2.34 (2.34) Kits Configuration Installer (10.1.14393.0) Logitech Gaming Software 8.88 (8.88.28) Logitech SetPoint 6.32 (6.32.20) Malwarebytes version 3.0.5.1299 (3.0.5.1299) ManagementReports McAfee Agent (5.0.4.283) McAfee VirusScan Enterprise (8.8.08000) mControl Microsoft Access MUI (English) 2016 (16.0.4266.1001) Microsoft Access Setup Metadata MUI (English) 2016 (16.0.4266.1001) Microsoft DCF MUI (English) 2016 (16.0.4266.1001) Microsoft Document Explorer 2008 (9.0.21022) Microsoft Excel MUI (English) 2016 (16.0.4266.1001) Microsoft Groove MUI (English) 2016 (16.0.4266.1001) Microsoft InfoPath MUI (English) 2016 (16.0.4266.1001) Microsoft Office 64-bit Components 2016 (16.0.4266.1001) Microsoft Office OSM MUI (English) 2016 (16.0.4266.1001) Microsoft Office OSM UX MUI (English) 2016 (16.0.4266.1001) Microsoft Office Professional Plus 2016 (16.0.4266.1001) Microsoft Office Proofing (English) 2016 (16.0.4266.1001) Microsoft Office Proofing Tools 2016 - English (16.0.4266.1001) Microsoft Office Shared 64-bit MUI (English) 2016 (16.0.4266.1001) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 (16.0.4266.1001) Microsoft Office Shared MUI (English) 2016 (16.0.4266.1001) Microsoft Office Shared Setup Metadata MUI (English) 2016 (16.0.4266.1001) Microsoft OneNote MUI (English) 2016 (16.0.4266.1001) Microsoft Outlook MUI (English) 2016 (16.0.4266.1001) Microsoft PowerPoint MUI (English) 2016 (16.0.4266.1001) Microsoft Publisher MUI (English) 2016 (16.0.4266.1001) Microsoft Report Viewer 2012 Runtime (11.1.3452.0) Microsoft Silverlight (5.1.50428.0) Microsoft Skype for Business MUI (English) 2016 (16.0.4266.1001) Microsoft SQL Server 2008 Setup Support Files (10.1.2731.0) Microsoft SQL Server 2012 Microsoft SQL Server 2012 Microsoft SQL Server 2012 Native Client (11.2.5058.0) Microsoft SQL Server 2012 RsFx Driver (11.2.5058.0) Microsoft SQL Server 2012 Setup (English) (11.2.5343.0) Microsoft SQL Server 2012 Transact-SQL ScriptDom (11.2.5058.0) Microsoft System CLR Types for SQL Server 2012 (x64) (11.0.2100.60) Microsoft Visio MUI (English) 2016 (16.0.4266.1001) Microsoft Visio Professional 2016 (16.0.4266.1001) Microsoft Visual C++ 2005 Redistributable (8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (11.0.50727.1) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (11.0.61030.0) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (11.0.61030) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (11.0.61030) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (9.0.30729) Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (9.0.30729) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (2.0.50728) Microsoft VSS Writer for SQL Server 2012 (11.2.5058.0) Microsoft Windows 10 Enterprise x64 (10.0.14393) Microsoft Windows SDK .NET Framework Tools (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 (7.0) (7.0.7600.16385.40715) Microsoft Windows SDK for Windows 7 (7.0) (7.0.40715) Microsoft Windows SDK for Windows 7 .NET Documentation (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 Common Utilities (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 Headers and Libraries (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 Samples (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715) (7.0.40715) Microsoft Windows SDK for Windows 7 Win32 Documentation (40715) (7.0.40715) Microsoft Windows SDK Intellisense and Reference Assemblies (40715) (7.0.40715) Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715) (7.0.40715) Microsoft Word MUI (English) 2016 (16.0.4266.1001) MicroStation PowerDraft V8i (SELECTseries 3) 08.11.09.459 (08.11.09.459) MicroStation V8i (SELECTseries 2) 08.11.07.443 (8.11.7.443) MXAx64 (10.1.14393.0) Notepad++ (7) Oracle Data Provider for .NET Help (10.2.020) Orca (5.0.7069.0000) Outils de vérification linguistique 2016 de Microsoft Office - Français (16.0.4266.1001) Overwolf (0.101.26.0) Overwolf.Setup.VC100CRTx64.Dist (1.0.0) PdaNet+ for Android 4.19 PDF-Viewer (2.5.210.0) PrimoPDF -- brought to you by Nitro PDF Software (5) Pulse Secure Network Connect 8.1 (8.1.10.49689) Pulse Secure Setup Client 64-bit Activex Control (2.1.1.1) Realtek High Definition Audio Driver (6.0.1.6075) RedistSysFiles (8.1.0) Remote Desktop Connection Manager (2.7.14060) RSA SecurID Software Token (5.0.0.292) ScreenConnect Client (cb939ac30f8df382) (6.0.11622.6115) Skype™ 7.30 (7.30.105) Snagit 11 (11.1.0) SQL Server 2012 Common Files (11.2.5058.0) SQL Server 2012 Database Engine Services (11.2.5058.0) SQL Server 2012 Database Engine Shared (11.2.5058.0) SQL Server Browser for SQL Server 2012 (11.2.5058.0) Sql Server Customer Experience Improvement Program (11.2.5058.0) Toolkit Documentation (10.1.14393.0) UEV Tools on amd64 (10.1.14393.0) User State Migration Tool (10.1.14393.0) VBA (2627.01) (6.03.00.9402) VIP Access (2.2.1.13) Visual Basic for Applications ® Core (6.5.10.32) Visual Basic for Applications ® Core - English (6.5.10.32) VLC media player (2.2.4) VMware vSphere Client 6.0 (6.0.0.6826) VMware Workstation (12.5.2) Volume Activation Management Tool (10.1.14393.0) Windows 7 USB/DVD Download Tool (1.0.30) Windows Assessment and Deployment Kit - Windows 10 (10.1.14393.0) Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU) (10.1.14393.0) Windows Assessment Services - Client (Client SKU) (10.1.14393.0) Windows Assessment Toolkit (10.1.14393.0) Windows Assessment Toolkit (AMD64 Architecture Specific) (10.1.14393.0) Windows Deployment Customizations (10.1.14393.0) Windows Deployment Tools (10.1.14393.0) Windows PE x86 x64 (10.1.14393.0) Windows PE x86 x64 wims (10.1.14393.0) Windows Phone Common Packaging and Test Tools (NT_x86_fre) (10.1.14393.0) Windows SDK Intellidocs (9.0.30729) Windows System Image Manager on amd64 (10.1.14393.0) WinZip 18.5 (18.5.11111) WPT Redistributables (10.1.14393.0) WPTx64 (10.1.14393.0) Xming 6.9.0.31 (6.9.0.31) XYplorerFree 15.40 (15.40) Youtube Music Downloader 9.1 (9.1)

#7 rcurtin6040

rcurtin6040
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:17 PM

Oh wow that looks horrible... I will paste into the code tags.

64 Bit HP CIO Components Installer (13.2.1)
8GadgetPack (21.0.0)
AMD Catalyst Control Center (2015.0804.21.41908)
AMD Catalyst Control Center (1.00.0000)
AMD Catalyst Install Manager (8.0.916.0)
AnyDVD (8.0.5.0)
Apple Application Support (32-bit) (5.2)
Apple Application Support (64-bit) (5.2)
Apple Mobile Device Support (10.0.1.3)
Apple Software Update (2.2.0.150)
Application Compatibility Toolkit (10.1.14393.0)
Application Verifier (x64) (4.0.917)
Appman Sequencer on amd64 (10.1.14393.0)
Artemis Views 4.1.5
Assessments on Client (10.1.14393.0)
Avaya Communicator 2.1.4.84 (2.1.4.84)
Barcode Statusing Interface 1.0
Bentley 2K4 Launcher (2.2.4189.18622)
Bentley Coax V8 2004 Edition (08.05.02.97)
Bentley DGN IFilter (1.0.1.9)
Bentley DGN Index Service (08.11.09030)
Bentley DGN Preview Handler (8.11.8004)
Bentley DGN Thumbnail Provider (8.11.7.411)
Bentley MicroStation (V 08.05.02.70) - 1
Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (8.11.7.443)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2014 (08.11.09.459)
Bonjour (3.1.0.1)
Catalyst Control Center - Branding (1.00.0000)
Catalyst Control Center Graphics Previews Common (2015.0804.21.41908)
Catalyst Control Center InstallProxy (2015.1104.1643.30033)
Catalyst Control Center Localization All (2015.0804.21.41908)
CCC Help Chinese Standard (2015.0804.0020.41908)
CCC Help Chinese Traditional (2015.0804.0020.41908)
CCC Help Czech (2015.0804.0020.41908)
CCC Help Danish (2015.0804.0020.41908)
CCC Help Dutch (2015.0804.0020.41908)
CCC Help English (2015.0804.0020.41908)
CCC Help Finnish (2015.0804.0020.41908)
CCC Help French (2015.0804.0020.41908)
CCC Help German (2015.0804.0020.41908)
CCC Help Greek (2015.0804.0020.41908)
CCC Help Hungarian (2015.0804.0020.41908)
CCC Help Italian (2015.0804.0020.41908)
CCC Help Japanese (2015.0804.0020.41908)
CCC Help Korean (2015.0804.0020.41908)
CCC Help Norwegian (2015.0804.0020.41908)
CCC Help Polish (2015.0804.0020.41908)
CCC Help Portuguese (2015.0804.0020.41908)
CCC Help Russian (2015.0804.0020.41908)
CCC Help Spanish (2015.0804.0020.41908)
CCC Help Swedish (2015.0804.0020.41908)
CCC Help Thai (2015.0804.0020.41908)
CCC Help Turkish (2015.0804.0020.41908)
Cisco WebEx Meetings
Debugging Tools for Windows (x64) (6.11.1.404)
Dell KACE Agent (6.4.522)
DHTML Editing Component (6.02.0002)
DVDFab 9.3.1.9 (21/10/2016)
eReg (1.20.138.34)
Extension Fields Editor 1.0
FileZilla Client 3.17.0.1 (3.17.0.1)
Google Chrome (55.0.2883.87)
Google Drive (1.32.4066.7445)
Google Earth Pro (7.1.5.1557)
Google Update Helper (1.3.32.7)
HDR Preview (1.0.0.2)
Herramientas de corrección de Microsoft Office 2016: español (16.0.4266.1001)
i-model ODBC Driver for Windows 7 (01.00.00020)
i-model ODBC Driver for Windows 7 (x64) (01.00.00020)
Imaging And Configuration Designer (10.1.14393.0)
Imaging Designer (10.1.14393.0)
Imaging Tools Support (10.1.14393.0)
IP Office Admin Suite (9.1.700.163)
iTunes (12.5.4.42)
Java 7 Update 80 (7.0.800)
Java 8 Update 111 (8.0.1110.14)
Java Auto Updater (2.8.111.14)
Java(TM) 6 Update 11 (6.0.110)
Java(TM) 6 Update 31 (64-bit) (6.0.310)
Juniper Networks Secure Application Manager (8.0.7.32723)
K2000 Media Manager (9.9.9)
Karen's Directory Printer (5.3.0.2)
KeePass Password Safe 2.34 (2.34)
Kits Configuration Installer (10.1.14393.0)
Logitech Gaming Software 8.88 (8.88.28)
Logitech SetPoint 6.32 (6.32.20)
Malwarebytes version 3.0.5.1299 (3.0.5.1299)
ManagementReports
McAfee Agent (5.0.4.283)
McAfee VirusScan Enterprise (8.8.08000)
mControl
Microsoft Access MUI (English) 2016 (16.0.4266.1001)
Microsoft Access Setup Metadata MUI (English) 2016 (16.0.4266.1001)
Microsoft DCF MUI (English) 2016 (16.0.4266.1001)
Microsoft Document Explorer 2008 (9.0.21022)
Microsoft Excel MUI (English) 2016 (16.0.4266.1001)
Microsoft Groove MUI (English) 2016 (16.0.4266.1001)
Microsoft InfoPath MUI (English) 2016 (16.0.4266.1001)
Microsoft Office 64-bit Components 2016 (16.0.4266.1001)
Microsoft Office OSM MUI (English) 2016 (16.0.4266.1001)
Microsoft Office OSM UX MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Professional Plus 2016 (16.0.4266.1001)
Microsoft Office Proofing (English) 2016 (16.0.4266.1001)
Microsoft Office Proofing Tools 2016 - English (16.0.4266.1001)
Microsoft Office Shared 64-bit MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Shared MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Shared Setup Metadata MUI (English) 2016 (16.0.4266.1001)
Microsoft OneNote MUI (English) 2016 (16.0.4266.1001)
Microsoft Outlook MUI (English) 2016 (16.0.4266.1001)
Microsoft PowerPoint MUI (English) 2016 (16.0.4266.1001)
Microsoft Publisher MUI (English) 2016 (16.0.4266.1001)
Microsoft Report Viewer 2012 Runtime (11.1.3452.0)
Microsoft Silverlight (5.1.50428.0)
Microsoft Skype for Business MUI (English) 2016 (16.0.4266.1001)
Microsoft SQL Server 2008 Setup Support Files (10.1.2731.0)
Microsoft SQL Server 2012
Microsoft SQL Server 2012
Microsoft SQL Server 2012 Native Client (11.2.5058.0)
Microsoft SQL Server 2012 RsFx Driver (11.2.5058.0)
Microsoft SQL Server 2012 Setup (English) (11.2.5343.0)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (11.2.5058.0)
Microsoft System CLR Types for SQL Server 2012 (x64) (11.0.2100.60)
Microsoft Visio MUI (English) 2016 (16.0.4266.1001)
Microsoft Visio Professional 2016 (16.0.4266.1001)
Microsoft Visual C++ 2005 Redistributable (8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64 (9.0.30729)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (9.0.30729)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (2.0.50728)
Microsoft VSS Writer for SQL Server 2012 (11.2.5058.0)
Microsoft Windows 10 Enterprise x64 (10.0.14393)
Microsoft Windows SDK .NET Framework Tools (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 (7.0) (7.0.7600.16385.40715)
Microsoft Windows SDK for Windows 7 (7.0) (7.0.40715)
Microsoft Windows SDK for Windows 7 .NET Documentation (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 Common Utilities (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 Headers and Libraries (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 Samples (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715) (7.0.40715)
Microsoft Windows SDK for Windows 7 Win32 Documentation (40715) (7.0.40715)
Microsoft Windows SDK Intellisense and Reference Assemblies (40715) (7.0.40715)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715) (7.0.40715)
Microsoft Word MUI (English) 2016 (16.0.4266.1001)
MicroStation PowerDraft V8i (SELECTseries 3) 08.11.09.459 (08.11.09.459)
MicroStation V8i (SELECTseries 2) 08.11.07.443 (8.11.7.443)
MXAx64 (10.1.14393.0)
Notepad++ (7)
Oracle Data Provider for .NET Help (10.2.020)
Orca (5.0.7069.0000)
Outils de vérification linguistique 2016 de Microsoft Office - Français (16.0.4266.1001)
Overwolf (0.101.26.0)
Overwolf.Setup.VC100CRTx64.Dist (1.0.0)
PdaNet+ for Android 4.19
PDF-Viewer (2.5.210.0)
PrimoPDF -- brought to you by Nitro PDF Software (5)
Pulse Secure Network Connect 8.1 (8.1.10.49689)
Pulse Secure Setup Client 64-bit Activex Control (2.1.1.1)
Realtek High Definition Audio Driver (6.0.1.6075)
RedistSysFiles (8.1.0)
Remote Desktop Connection Manager (2.7.14060)
RSA SecurID Software Token (5.0.0.292)
ScreenConnect Client (cb939ac30f8df382) (6.0.11622.6115)
Skype™ 7.30 (7.30.105)
Snagit 11 (11.1.0)
SQL Server 2012 Common Files (11.2.5058.0)
SQL Server 2012 Database Engine Services (11.2.5058.0)
SQL Server 2012 Database Engine Shared (11.2.5058.0)
SQL Server Browser for SQL Server 2012 (11.2.5058.0)
Sql Server Customer Experience Improvement Program (11.2.5058.0)
Toolkit Documentation (10.1.14393.0)
UEV Tools on amd64 (10.1.14393.0)
User State Migration Tool (10.1.14393.0)
VBA (2627.01) (6.03.00.9402)
VIP Access (2.2.1.13)
Visual Basic for Applications (R) Core (6.5.10.32)
Visual Basic for Applications (R) Core - English (6.5.10.32)
VLC media player (2.2.4)
VMware vSphere Client 6.0 (6.0.0.6826)
VMware Workstation (12.5.2)
Volume Activation Management Tool (10.1.14393.0)
Windows 7 USB/DVD Download Tool (1.0.30)
Windows Assessment and Deployment Kit - Windows 10 (10.1.14393.0)
Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU) (10.1.14393.0)
Windows Assessment Services - Client (Client SKU) (10.1.14393.0)
Windows Assessment Toolkit (10.1.14393.0)
Windows Assessment Toolkit (AMD64 Architecture Specific) (10.1.14393.0)
Windows Deployment Customizations (10.1.14393.0)
Windows Deployment Tools (10.1.14393.0)
Windows PE x86 x64 (10.1.14393.0)
Windows PE x86 x64 wims (10.1.14393.0)
Windows Phone Common Packaging and Test Tools (NT_x86_fre) (10.1.14393.0)
Windows SDK Intellidocs (9.0.30729)
Windows System Image Manager on amd64 (10.1.14393.0)
WinZip 18.5 (18.5.11111)
WPT Redistributables (10.1.14393.0)
WPTx64 (10.1.14393.0)
Xming 6.9.0.31 (6.9.0.31)
XYplorerFree 15.40 (15.40)
Youtube Music Downloader 9.1 (9.1)



#8 blakeboman

blakeboman

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 09 January 2017 - 02:22 PM

According to http://jura.wi.mit.edu/bioc/tools/compare.php, this is the software that matches between our computers. I, too, have seen the prompt in question. To me, it doesn't look to be related to any software we have in common.

Appman Sequencer on amd64 (10.1.14393.0)
Assessments on Client (10.1.14393.0)
Dell KACE Agent (6.4.522)
Google Chrome (55.0.2883.87)
Google Update Helper (1.3.32.7)
Herramientas de corrección de Microsoft Office 2016: español (16.0.4266.1001)
Imaging And Configuration Designer (10.1.14393.0)
Imaging Designer (10.1.14393.0)
Imaging Tools Support (10.1.14393.0)
Java 8 Update 111 (8.0.1110.14)
Kits Configuration Installer (10.1.14393.0)
Microsoft Access MUI (English) 2016 (16.0.4266.1001)
Microsoft Access Setup Metadata MUI (English) 2016 (16.0.4266.1001)
Microsoft DCF MUI (English) 2016 (16.0.4266.1001)
Microsoft Excel MUI (English) 2016 (16.0.4266.1001)
Microsoft Groove MUI (English) 2016 (16.0.4266.1001)
Microsoft InfoPath MUI (English) 2016 (16.0.4266.1001)
Microsoft Office OSM MUI (English) 2016 (16.0.4266.1001)
Microsoft Office OSM UX MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Professional Plus 2016 (16.0.4266.1001)
Microsoft Office Proofing (English) 2016 (16.0.4266.1001)
Microsoft Office Proofing Tools 2016 - English (16.0.4266.1001)
Microsoft Office Shared MUI (English) 2016 (16.0.4266.1001)
Microsoft Office Shared Setup Metadata MUI (English) 2016 (16.0.4266.1001)
Microsoft OneNote MUI (English) 2016 (16.0.4266.1001)
Microsoft Outlook MUI (English) 2016 (16.0.4266.1001)
Microsoft PowerPoint MUI (English) 2016 (16.0.4266.1001)
Microsoft Publisher MUI (English) 2016 (16.0.4266.1001)
Microsoft Skype for Business MUI (English) 2016 (16.0.4266.1001)
Microsoft Visual C++ 2005 Redistributable (8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (2.0.50728)
Microsoft Windows 10 Enterprise x64 (10.0.14393)
Microsoft Word MUI (English) 2016 (16.0.4266.1001)
Outils de vérification linguistique 2016 de Microsoft Office - Français (16.0.4266.1001)
Realtek High Definition Audio Driver (6.0.1.6075)
Remote Desktop Connection Manager (2.7.14060)
Toolkit Documentation (10.1.14393.0)
UEV Tools on amd64 (10.1.14393.0)
User State Migration Tool (10.1.14393.0)
WPT Redistributables (10.1.14393.0)
WPTx64 (10.1.14393.0)
Windows Assessment Toolkit (10.1.14393.0)
Windows Assessment Toolkit (AMD64 Architecture Specific) (10.1.14393.0)
Windows Assessment and Deployment Kit - Windows 10 (10.1.14393.0)
Windows Deployment Customizations (10.1.14393.0)
Windows Deployment Tools (10.1.14393.0)
Windows PE x86 x64 (10.1.14393.0)
Windows PE x86 x64 wims (10.1.14393.0)
Windows Phone Common Packaging and Test Tools (NT_x86_fre) (10.1.14393.0)
Windows System Image Manager on amd64 (10.1.14393.0)



#9 PerfektioN

PerfektioN

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:27 PM

So the downfall here is no applications have been updated today for any of the machines that we are seeing with the issue.  Meaning something has randomly pushed this firmware update out.  With the matching list above nothing makes sense to deploy a Dell Bios Update to fix an USB docking issue.



#10 js28

js28

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 09 January 2017 - 02:30 PM

Check your Dell Updates schedules on the K1000(under Security).  Ours had a default schedule that was set to run at 4am every Monday, which is the time the popups started happening.  I confirmed that was causing it for us by manually running the detection against my computer.  I don't remember ever enabling that on our appliance so it may be configured by default.



#11 rcurtin6040

rcurtin6040
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:31 PM

I will say this from what I have seen my computer has the Dell System Detect installed (does not show in the K1000 report). Having that installed prompts the PC (even if not executed) to copy all of those .PNF files to my C:\Windows\INF directory. As an example a computer without the Dell System Detect only has the following files during the time in question.

#TYPE Selected.System.IO.DirectoryInfo		
LastWriteTime	Directory	                Name
1/9/2017 4:01                                   Dell
1/9/2017 4:01	                                UpdatePackage
1/9/2017 4:01		                        Log
1/9/2017 4:01	C:\Dell\UpdatePackage\Log	GetDockVer32W.log
1/9/2017 4:01	C:\Windows\Prefetch	        CSCRIPT.EXE-D1EF4768.pf
1/9/2017 4:07		                        inv1CE9_tmp
1/9/2017 4:07		                        TBT_Dock_Firmware
1/9/2017 4:01	C:\Windows\Temp\inv1CE9_tmp	icredir.txt



#12 blakeboman

blakeboman

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 09 January 2017 - 02:33 PM

We do not have a Dell Updates schedule running, other than a detect (no deploy schedules).



#13 PerfektioN

PerfektioN

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:33 PM

@

 

 

I will say this from what I have seen my computer has the Dell System Detect installed (does not show in the K1000 report). Having that installed prompts the PC (even if not executed) to copy all of those .PNF files to my C:\Windows\INF directory. As an example a computer without the Dell System Detect only has the following files during the time in question.

#TYPE Selected.System.IO.DirectoryInfo		
LastWriteTime	Directory	                Name
1/9/2017 4:01                                   Dell
1/9/2017 4:01	                                UpdatePackage
1/9/2017 4:01		                        Log
1/9/2017 4:01	C:\Dell\UpdatePackage\Log	GetDockVer32W.log
1/9/2017 4:01	C:\Windows\Prefetch	        CSCRIPT.EXE-D1EF4768.pf
1/9/2017 4:07		                        inv1CE9_tmp
1/9/2017 4:07		                        TBT_Dock_Firmware
1/9/2017 4:01	C:\Windows\Temp\inv1CE9_tmp	icredir.txt

 

 

Paste that c:\dell\updatepackage\log\getdockver32w.log file in here if you could please.



#14 PerfektioN

PerfektioN

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:34 PM

Notice we went from 5 users reading this topic to 35 users.  This is a growing issue.  If Dell confirmed that they are not aware of this file or update, we may have a big issue.



#15 rcurtin6040

rcurtin6040
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2017 - 02:35 PM

It is a 0 KB file and is completely empty on my computer which has not run the file in question. Now IF you allow this to run (inputting BIOS admin password you get the following (ran on offline machine))


**************************************************
***Dell Get Dock Version started on 1/9/2017 at 4:01:39***
Command: C:\Windows\TEMP\invE0F2_tmp\TBT_Dock_Firmware\GetDockVer32W.exe /o= ..\TB_Dock_Inv.xml

Dock Firmware Update is incompatible with your system.

Update utility is only compatible with systems running Dell BIOS.
Dell Get Dock Version
Error: No Dock found or cannot communicate to the Dock. Exit the program.

**************************************************
***Dell Get Dock Version started on 1/9/2017 at 10:06:50***
Command: C:\Windows\Temp\invE0F2_tmp\TBT_Dock_Firmware\GetDockVer32W.exe 

Dock Firmware Update is incompatible with your system.

Update utility is only compatible with systems running Dell BIOS.
Dell Get Dock Version
Error: No Dock found or cannot communicate to the Dock. Exit the program.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users