KB3035583

Get Windows 10 - PUP malware from Microsoft

Get Windows 10 Notification
The Microsoft Get Windows 10 Update Notification Malware

An icon appears in the Windows icon tray with a nagging notification "Get Windows 10" which is actually part of an application that appeared in late April 2015 as a recommended Windows update (KB3035583). Microsoft abused their security update system to push an advertisement popup onto their customer computer systems.

KB3035583 loads an executable (GWX.exe) TSR that loads with Windows and uses system memory. It behaves like malware. KB3035583 is classified as a malware PUP. This is similar in behavior in some respects to a virus.

You can remove KB3035583, however, it will likely install again if you use automatic updates from Microsoft. You need to uninstall the update, then go into Windows Update and hide the update from appearing on the list.

disable and remove instructions

These instructions were tested and verified on a Windows 7 workstation. The steps will be the same for Windows 8 with perhaps some minor differences in wording.

Steps 9 - 14 are optional and are simply to help ensure elimination in the event that Windows Update continues to reinstall the PUP despite your best efforts to tell it no.

1. Windows Key + R , type "wuapp.exe" and press enter.
2. In the bottom left of Windows Update dialog box is a link labeled "Installed Updates." Click.
3. It may take a moment to load the list. This is a large list showing many updates listed by name, all having very similar names. You can sort them by name to help locate the one we are looking for. Locate: "Update for Microsoft Windows (KB3035583)". If sorted by name, you will find it near the bottom.
4. Right-click on "Update for Microsoft Windows (KB3035583)" and choose "Uninstall."
5. After completed you will be prompted to restart your computer. Choose "Restart Now." Be patient during the reboot process. Windows will delay loading to do "Preparing to configure Windows."
6. After Windows has loaded, we need to go back to Windows Update. Windows Key + R , type "wuapp.exe" and press enter.
7. We need to locate KB3035583 and tell it to hide the update. However, the KB3035583 may not be visible now. You may have to click "Check for Updates." Once visible as it is falsely listed as an important update. "1 important update is available" will be displayed. Click on that link. You will see "Update for Windows 7 x64-based Systems (KB3035583)" which all looks very official and important. It is actually a pop-up advertisement. Microsoft is committing an act of blatant fraud by calling what is a popup advertisement an important update. Hopefully they get stung by this via legal action. It is fraud.
8. To hide the KB3035583 update and prevent it from being reinstalled, uncheck it then right click and choose "hide update."
9. Windows Key + R , type "regedit.exe" and press enter.
10. When prompted "Do you want to allow the following program to make changes to this computer?" choose "Yes."
11. Browse to the following branch of the hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
12. Right-click on the Windows branch and choose New -> Key and create using the name "Gwx".
13. Click on Gwx and create a new 32-bit DWORD value named "DisableGwx" and set it to "1".
14. Close the Windows Registry Editor.

Create Registry Key file)

If you prefer to create a text file with the registry key entry rather than manually opening regedit.exe and creating the key, you can use the following text:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]
"DisableGwx"=dword:00000001

Just copy and paste into notepad.exe, save as a file ending with the .reg extension (such as gwx.reg) and double click.

Editorial Opinion

This can be added to the list of Windows Annoyances as well as PUP malware. Microsoft is placing a pop-up advertisement on your computer even though you are using a product you paid money for and should therefore be free of popup ads. Even on a smartphone once you pay for the app you get rewarded by not having to deal with popups. The Microsoft Windows operating system is far more expensive than a smartphone app and yet Microsoft has started a practice of disguising popup advertisements as important security updates to harass you. This is especially troubling as it opens the door to a behavior that, if not challenged, will surely be followed up with more significantly intrusive popups and advertisements. On a business productivity workstation we want neither popups distracting our employees nor invitations for our employees to attempt upgrading their own company workstation. For home computer users it is simply another advertisement to have to click and get out of the way. Home users might also be tempted to disable Windows Update altogether rationalizing that Microsoft might start including more popup advertisements in future updates, which negatively impacts their system security as well as promoting the spread of Internet worms via unpatched systems.

Finally, Microsoft has been dishonest by disguising the advertisement as an "Important Windows Update." This gives the impression it fixes a bug or addresses a security concern in Windows. It does nothing more than add a memory wasting scheduled task that not only robs your system of resources but nags you to consider purchasing something that, as of the date of the release of the advertisement, is not even yet available. Because KB3035583 was not labeled with a transparent honest description and placed in the Optional list of updates, Microsoft should be challenged legally. The intentionally mislabeled update amounts to consumer fraud. It wastes valuable end-user time. It consumes resources that could be equated to cost, including distraction, removal time, CPU cycles that consume electrical power, and potential harm to system stability as a result of the removal process.

This is just another reminder of why Micro$oft is a sleazy company with unethical leadership and further cause to celebrate as they continue to lose market share to competitors such as Apple.

update: moved to optional updates on Windows 8.1 June, 2015

As it was previously under the important updates list, it now appears as an optional update (sometimes).