KB3035583

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 10:35, 11 June 2015 by Admin (Talk | contribs)

Jump to: navigation, search

Get Windows 10 - PUP malware from Microsoft

Get Windows 10 Notification
The Microsoft Get Windows 10 Update Notification Malware

An icon appears in the Windows icon tray with a nagging notification "Get Windows 10" which is actually part of an application that appeared in late April 2015 as a recommended Windows update (KB3035583). Microsoft abused their security update system to push an advertisement popup onto their customer computer systems.

KB3035583 loads an executable (GWX.exe) TSR that loads with Windows and uses system memory. It behaves like malware. KB3035583 is classified as a malware PUP. This is similar in behavior in some respects to a virus.

You can remove KB3035583, however, it will likely install again if you use automatic updates from Microsoft. You need to uninstall the update, then go into Windows Update and hide the update from appearing on the list.

disable and remove instructions

These instructions were tested and verified on a Windows 7 workstation. The steps will be the same for Windows 8 with perhaps some minor differences in wording.

Steps 9 - 14 are optional and are simply to help ensure elimination in the event that Windows Update continues to reinstall the PUP despite your best efforts to tell it no.

  1. Windows Key + R , type "wuapp.exe" and press enter.
  2. In the bottom left of Windows Update dialog box is a link labeled "Installed Updates." Click.
  3. It may take a moment to load the list. This is a large list showing many updates listed by name, all having very similar names. You can sort them by name to help locate the one we are looking for. Locate: "Update for Microsoft Windows (KB3035583)". If sorted by name, you will find it near the bottom.
  4. Right-click on "Update for Microsoft Windows (KB3035583)" and choose "Uninstall."
  5. After completed you will be prompted to restart your computer. Choose "Restart Now." Be patient during the reboot process. Windows will delay loading to do "Preparing to configure Windows."
  6. After Windows has loaded, we need to go back to Windows Update. Windows Key + R , type "wuapp.exe" and press enter.
  7. We need to locate KB3035583 and tell it to hide the update. However, the KB3035583 may not be visible now. You may have to click "Check for Updates." Once visible as it is falsely listed as an important update. "1 important update is available" will be displayed. Click on that link. You will see "Update for Windows 7 x64-based Systems (KB3035583)" which all looks very official and important. It is actually a pop-up advertisement. Microsoft is committing an act of blatant fraud by calling what is a popup advertisement an important update. Hopefully they get stung by this via legal action. It is fraud.
  8. To hide the KB3035583 update and prevent it from being reinstalled, uncheck it then right click and choose "hide update."
  9. Windows Key + R , type "regedit.exe" and press enter.
  10. When prompted "Do you want to allow the following program to make changes to this computer?" choose "Yes."
  11. Browse to the following branch of the hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
  12. Right-click on the Windows branch and choose New -> Key and create using the name "Gwx".
  13. Click on Gwx and create a new 32-bit DWORD value named "DisableGwx" and set it to "1".
  14. Close the Windows Registry Editor.
Retrieved from "http://wiki.robotz.com/index.php?title=KB3035583&oldid=10861"