A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Any way to get rid of this likely Trojan?



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old February 17th 19, 02:44 AM posted to alt.comp.os.windows-10
No_Name
external usenet poster
 
Posts: 7
Default Any way to get rid of this likely Trojan?

For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new features
and apps,this one could take a little longer than other updates. Ready?
Restart now. Not ready? Pick a time that works for you."

Then you have a choice of three boxes to click. "Pick a time", "Remind me
later" or "Restart".

When this is on the screen,the computer functions are frozen for everything
bu the three choice boxes. I have been clicking "Remind me later" every
time.

I obviously do not believe this is from Microsoft at all - I think its a
PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and healthy, My
malware program: Ditto. After dismissing the box, everything on the
computer works pefectly normal until the next day when it will come up
again. Many thanks to anyone who offers any help!

Tony
Ads
  #2  
Old February 17th 19, 02:56 AM posted to alt.comp.os.windows-10
😉 Good Guy 😉
external usenet poster
 
Posts: 1,483
Default Any way to get rid of this likely Trojan?

On 17/02/2019 01:44, wrote:

I obviously do not believe this is from Microsoft at all



It is from Microsoft and all you need to do is to restart the machine.
Now do you know how to do this? Please note this is not the same as
Switching off and switching on the machine. Restart means exactly
that. So do it or ask again how to do it. I don't want to treat you as
unknown pumpkin. this takes time when your machine upgrades to a higher
version possibly 1809.


Path: news.mixmin.net!weretis.net!feeder6.news.weretis.n et!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.gigan ews.com!nntp.giganews.com!buffer1.nntp.dca1.gigane ws.com!news.giganews.com.POSTED!not-for-mail
NNTP-Posting-Date: Sat, 16 Feb 2019 19:44:16 -0600
Newsgroups: alt.comp.os.windows-10
Subject: Any way to get rid of this likely Trojan?
From: "
Organization: Your Company
Message-ID:
User-Agent: Xnews/5.04.25
Date: Sat, 16 Feb 2019 19:44:16 -0600
Lines: 22
X-Usenet-Provider:
http://www.giganews.com
X-Trace: sv3-mFYQktyJqlwPCu8AwSk4FISqnbjLuAdXjVjnnrnngG+JctFpQg uE6u4FsfL+BgEZFeteChrNWH6lxdS!91HhHTHplJU0c6/Jczfr1Po7VJlLLLNLlpGnQu+F/urW+XTWkECgrTyTvNaGz5JA2g==
X-Complaints-To:
X-DMCA-Notifications:
http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 1939
Xref: news.mixmin.net alt.comp.os.windows-10:80055





--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

  #3  
Old February 17th 19, 03:32 AM posted to alt.comp.os.windows-10
max
external usenet poster
 
Posts: 8
Default Any way to get rid of this likely Trojan?

" wrote in
:

For about two weeks now, exactly once a day my screen goes "half dark"
and a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new
features and apps,this one could take a little longer than other
updates. Ready? Restart now. Not ready? Pick a time that works for
you."

Then you have a choice of three boxes to click. "Pick a time", "Remind
me later" or "Restart".

When this is on the screen,the computer functions are frozen for
everything bu the three choice boxes. I have been clicking "Remind me
later" every time.

I obviously do not believe this is from Microsoft at all - I think its
a PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and
healthy, My malware program: Ditto. After dismissing the box,
everything on the computer works pefectly normal until the next day
when it will come up again. Many thanks to anyone who offers any help!

Tony


scan your system with malwarebytes
https://www.malwarebytes.com/mwb-download/
post back with results
--
A stupid man's report of what a clever man says can never be accurate,
because he unconsciously translates what he hears into something he
can understand. -Bertrand Russell
Registered Linux User #393236
  #4  
Old February 17th 19, 03:40 AM posted to alt.comp.os.windows-10
n/a
external usenet poster
 
Posts: 75
Default Any way to get rid of this likely Trojan?

" wrote in message
...

For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new features
and apps,this one could take a little longer than other updates. Ready?
Restart now. Not ready? Pick a time that works for you."

Then you have a choice of three boxes to click. "Pick a time", "Remind me
later" or "Restart".

When this is on the screen,the computer functions are frozen for everything
bu the three choice boxes. I have been clicking "Remind me later" every
time.

I obviously do not believe this is from Microsoft at all - I think its a
PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and healthy, My
malware program: Ditto. After dismissing the box, everything on the
computer works pefectly normal until the next day when it will come up
again. Many thanks to anyone who offers any help!

Tony


Tony,

You didn't state what anti-virus / anti-malware software you're using but I
would suggest you download and install the 14 day trial Malwarebytes from:

https://www.malwarebytes.com/

If Malwarebytes doesn't come up with anything (be sure to enable Root Kit
Scan in the options) then it could be something in the browser that got
picked up from an infected site or ad server. Lot's of places for malware
to hide and you can go thru looking at services.msc, msconfig.exe, Task
Manager and look at Applications and Processes and on and on and on. But do
the easy steps first before you go down any rabbit holes that may end up
borking your system.
--
Bob S.

  #5  
Old February 17th 19, 04:22 AM posted to alt.comp.os.windows-10
No_Name
external usenet poster
 
Posts: 7
Default Any way to get rid of this likely Trojan?

"n/a" wrote in :

" wrote in message
...

For about two weeks now, exactly once a day my screen goes "half dark"
and a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new
features and apps,this one could take a little longer than other
updates. Ready? Restart now. Not ready? Pick a time that works for
you."

Then you have a choice of three boxes to click. "Pick a time", "Remind
me later" or "Restart".

When this is on the screen,the computer functions are frozen for
everything bu the three choice boxes. I have been clicking "Remind me
later" every time.

I obviously do not believe this is from Microsoft at all - I think its
a PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and
healthy, My malware program: Ditto. After dismissing the box,
everything on the computer works pefectly normal until the next day
when it will come up again. Many thanks to anyone who offers any help!

Tony


Tony,

You didn't state what anti-virus / anti-malware software you're using
but I would suggest you download and install the 14 day trial
Malwarebytes from:

https://www.malwarebytes.com/

If Malwarebytes doesn't come up with anything (be sure to enable Root
Kit Scan in the options) then it could be something in the browser
that got picked up from an infected site or ad server. Lot's of
places for malware to hide and you can go thru looking at
services.msc, msconfig.exe, Task Manager and look at Applications and
Processes and on and on and on. But do the easy steps first before
you go down any rabbit holes that may end up borking your system.



I appreciate the responses I've gotten so far. Malwarebytes found
nothing - perfect. I will spend some time exploring the other
possibilities offered, and report back tomorrow or Monday. may yet go
ahead and install it at the nrext prompt,but I'm not quite ready to go
there yet.

Tony

  #6  
Old February 17th 19, 04:27 AM posted to alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Any way to get rid of this likely Trojan?

In article ,
" wrote:

For about two weeks now, exactly once a day my screen goes "half dark"
and a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new
features and apps,this one could take a little longer than other
updates. Ready? Restart now. Not ready? Pick a time that works for
you."

Then you have a choice of three boxes to click. "Pick a time", "Remind
me later" or "Restart".

When this is on the screen,the computer functions are frozen for
everything bu the three choice boxes. I have been clicking "Remind me
later" every time.

I obviously do not believe this is from Microsoft at all - I think its
a PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and
healthy, My malware program: Ditto. After dismissing the box,
everything on the computer works pefectly normal until the next day
when it will come up again. Many thanks to anyone who offers any help!



I appreciate the responses I've gotten so far. Malwarebytes found
nothing - perfect. I will spend some time exploring the other
possibilities offered, and report back tomorrow or Monday. may yet go
ahead and install it at the nrext prompt,but I'm not quite ready to go
there yet.


why do you think it's not from microsoft?

based on your description, it sounds legitimate.

when is the last time you updated win10? what version are you at now?

win10 updates often interrupt, which is why i do them at my convenience.
  #7  
Old February 17th 19, 04:38 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Any way to get rid of this likely Trojan?

wrote:
For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new features
and apps,this one could take a little longer than other updates. Ready?
Restart now. Not ready? Pick a time that works for you."

Then you have a choice of three boxes to click. "Pick a time", "Remind me
later" or "Restart".

When this is on the screen,the computer functions are frozen for everything
bu the three choice boxes. I have been clicking "Remind me later" every
time.

I obviously do not believe this is from Microsoft at all - I think its a
PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and healthy, My
malware program: Ditto. After dismissing the box, everything on the
computer works pefectly normal until the next day when it will come up
again. Many thanks to anyone who offers any help!

Tony


You could open the Settings wheel on the left of the screen,
and select Update and Security. If a security patch or an actual
OS related thing is doing it, it will be showing, with a Restart
button showing as well.

You can look at this article. Apparently Windows Store junk apps
are waiting to get into your machine.

https://windowsreport.com/windows-10...alert-disable/

Some of the information in that page is laughably wrong.
You can't disable Windows Update service, because the Scheduled
Task entries for Orchestrator will switch it back on. But
deleting the Windows Update service file worked. I have a
VM stuck at 16299, where the service is simply "no longer available"
because I put an end to it. This is part of a long term experiment to
see if the OS has back doors and a sense of humor.

And note that Microsoft is making enough changes to the
file system, to make deleting that service harder and harder
to do. That option isn't always going to be there for us.

The size of

SoftwareDistribution
C:\$WINDOWS.~BT
C:\@WINDOWS.~WS

hints at how clogged up your system is. If it was an
OS Upgrade, those might have been bloated at one time,
as it staged the update. A good deal of an OS Upgrade
is done before the reboot, to reduce the install time
to "only 40 minutes" :-/ I don't really know where else
they're hiding that stuff now. An OS upgrade consists of
at least a 1000 tiny packages, that when executed and
migrated, gives you a new OS version. They no longer
work with solid WIM files and ISO-like installation
images.

You could at least type

winver

in Start : Run and see what version you're at. A machine
which is "Current" in a sense, would be 17763.500 or so.

The Insider Edition is at 1903 (19H1) release version,
so it won't be too long before the next OS Upgrade comes in.
That means a machine at 1803 has to be bumped to 1809
in the next month or so, so that in theory it can go
from 1809 to 1903 when 1903 is released. They don't like
to get too far behind.

The Windows Store stuff, I don't know what "path" it uses
in the software stack, as it does not use Windows Update
to the best of my knowledge. It's sneaky. You'll see 100MB
of crap being downloaded, and may not be able to get TCPView
set up in time to determine where it's going or what is going
on.

Windows has two ingestion mechanisms. The "old" one is BITS.
the Background Intelligent Transfer Service. It can open multiple
connections at a time, and if you have multiple computers on
one home router, it results in "unfair" behavior where the
one computer doing a Windows OS Upgrade "hogs" the router
box.

The second method used, is similar to Torrent. It's called
DoSVC and is capable of downloading updates from other
peoples computers (the files transferred are all signed).
On the machine I was examining a while ago, it started running
because I hadn't disabled it.

You can actually disable DoSVC and set a "throttling" on
BITS, but the OS I did that to, has chosen not to do any
significant updates since then. It's "sulking", even though
I think Windows Defender and the occasional Security Patch
still manage to download.

Summary: At least have a look in Settings : Update and Security
and report back with your winver value. There might be
a "Restart" button waiting for you in the Update thing.

Paul
  #8  
Old February 17th 19, 08:18 AM posted to alt.comp.os.windows-10
pjp[_10_]
external usenet poster
 
Posts: 1,183
Default Any way to get rid of this likely Trojan?

In article ,
says...

For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up that says the following:

"Restart to install the newest Windows features update. With new features
and apps,this one could take a little longer than other updates. Ready?
Restart now. Not ready? Pick a time that works for you."

Then you have a choice of three boxes to click. "Pick a time", "Remind me
later" or "Restart".

When this is on the screen,the computer functions are frozen for everything
bu the three choice boxes. I have been clicking "Remind me later" every
time.

I obviously do not believe this is from Microsoft at all - I think its a
PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and healthy, My
malware program: Ditto. After dismissing the box, everything on the
computer works pefectly normal until the next day when it will come up
again. Many thanks to anyone who offers any help!

Tony


I suspect almost to belief it's just MS's way of informing you to
reboot. I assume you never turn the pc off or it'd do the update
automatically upon next shutdown/restart cycle anyway. That'd likely
also remove the "reminder" notice.
  #10  
Old February 17th 19, 03:30 PM posted to alt.comp.os.windows-10
Char Jackson
external usenet poster
 
Posts: 10,449
Default Any way to get rid of this likely Trojan?

On Sun, 17 Feb 2019 10:40:07 +0000, Andy Burns
wrote:

wrote:

For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up
I obviously do not believe this is from Microsoft at all


It sounds *exactly* like the standard Microsoft message for a 'major'
Win10 upgrade ...


+1

  #11  
Old February 17th 19, 04:18 PM posted to alt.comp.os.windows-10
No_Name
external usenet poster
 
Posts: 7
Default ping Paul Any way to get rid of this likely Trojan?

Paul wrote in :


You could open the Settings wheel on the left of the screen,
and select Update and Security. If a security patch or an actual
OS related thing is doing it, it will be showing, with a Restart
button showing as well.



That was it. It showed up in Update and Security exactly as described by
you, and I did the reboot. It came back up quicker than I though it would,
and a check of WinVer shows that I am still running Windows 10 version
1803(17134.523). I really apreciated your in-depth post, Paul.

Tony
  #12  
Old February 17th 19, 07:38 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default ping Paul Any way to get rid of this likely Trojan?

wrote:
Paul wrote in :

You could open the Settings wheel on the left of the screen,
and select Update and Security. If a security patch or an actual
OS related thing is doing it, it will be showing, with a Restart
button showing as well.



That was it. It showed up in Update and Security exactly as described by
you, and I did the reboot. It came back up quicker than I though it would,
and a check of WinVer shows that I am still running Windows 10 version
1803(17134.523). I really apreciated your in-depth post, Paul.

Tony


You could if you wanted, download an 1809(17763.1) DVD and
upgrade the OS version that way. When you get the ISO (2.5GB
for 32 bit, 3.5GB for 64 bit), you right-click the ISO and mount
the ISO as if it was a virtual DVD drive. You run setup.exe
on that fake optical drive, to kick off the Upgrade Install
and it should tell you before it starts, that all your programs
and data will be preserved.

Someone recently reported the DVD has become larger recently,
and the DVD has gone from supporting eight install options
to around twelve install options. It's a form of unnecessary
bloat that makes the 64 bit DVD closer to 4.5GB. Each "image"
added to the DVD, adds a couple hundred megabytes of directory
info. If downloaded today, there's a danger the DVD might
not fit on a single-layer DVD, if you wanted to burn one.
For an Upgrade Install though, you don't need to burn a
DVD, and simply right-clicking the ISO9660 download file
and mounting it, makes the install available to you.

Or, you have the option of waiting until Microsoft forces
the Upgrade via Windows Update. I can understand in the case
of Tablets, those are the last to receive OS Upgrades, and
they might get very close to 1903 timeframe before 1809 comes in.
For other computing devices, 1809 should have been offered by
now, as those devices have the disk space for an Upgrade
to come in. An Upgrade needs at least 20GB of space
for Windows.old plus space for the staging areas for the
DVD-sized info to be stored. A 32GB tablet might need to
have an SD plugged in, to provide sufficient temporary
storage for an install to work.

If you've moved your home directory to another partition,
or moved Program Files, the OS installer does not handle
those situations well, and the OS installer will back
out after a couple of hours. Too much customization gives
the OS installer indigestion.

Paul
  #13  
Old February 17th 19, 08:49 PM posted to alt.comp.os.windows-10
Ant[_3_]
external usenet poster
 
Posts: 873
Default Any way to get rid of this likely Trojan?

Screen capture and show us please.


wrote:
For about two weeks now, exactly once a day my screen goes "half dark" and
a blue box pops up that says the following:


"Restart to install the newest Windows features update. With new features
and apps,this one could take a little longer than other updates. Ready?
Restart now. Not ready? Pick a time that works for you."


Then you have a choice of three boxes to click. "Pick a time", "Remind me
later" or "Restart".


When this is on the screen,the computer functions are frozen for everything
bu the three choice boxes. I have been clicking "Remind me later" every
time.


I obviously do not believe this is from Microsoft at all - I think its a
PUP or worse - maybe much worse - if I click "install". Any idea on
getting rid of it? My anti-virus scans everything as clean and healthy, My
malware program: Ditto. After dismissing the box, everything on the
computer works pefectly normal until the next day when it will come up
again. Many thanks to anyone who offers any help!


Tony


--
Quote of the Week: "As a thinker and planner, the ant is the equal of
any savage race of men; as a self-educated specialist in several arts
she is the superior of any savage race of men; and in one or two high
mental qualities she is above the reach of any man..." --Mark Twain
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @
http://aqfl.net & http://antfarm.home.dhs.org /
/ /\ /\ \ http://antfarm.ma.cx. Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )
  #14  
Old February 17th 19, 11:15 PM posted to alt.comp.os.windows-10
😉 Good Guy 😉
external usenet poster
 
Posts: 1,483
Default Any way to get rid of this likely Trojan?

On 17/02/2019 19:49, Ant wrote:
Screen capture and show us please.



The pumpkin won't know how to do this so please refrain from asking
something that posters can't do. You are embarrassing them..




--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

  #15  
Old February 17th 19, 11:17 PM posted to alt.comp.os.windows-10
😉 Good Guy 😉
external usenet poster
 
Posts: 1,483
Default Any way to get rid of this likely Trojan?

On 17/02/2019 07:18, pjp wrote:
I suspect almost to belief it's just MS's way of informing you to
reboot.

The idiot has found a new way to smash up a computer. BOOT IT HARD
UNTIL IT SMASHES.



..


--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 10:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.