OT: need windows10 help
LeatherGryphon
Posts: 11,183
I've not received the "Anniversary Update" (#1607) for Windows10 on my machines yet, but a friend has. But he's had a security scare and asked me to look into it. I looked at his Win10 Home system and at the Windows Update History. It shows only one item in the history (update #1607") is this valid? I mean shouldn't there be other updates in the history prior to the #1607?
What precipitated this "scare" was that the owner tried to explain to me that he'd seen a "Norton" warning in the lower right corner of the display that advised him to call a phone number. Then (foolishly) he did so and was told some techo-babble and convinced to let them diagnose his machine remotely. It was then that he started feeling sheepish and finally called me.
When the machine (an HP laptop) was delivered into my hands I turned it on and it continued an update installation already in progress. The update took quite a long while (90 minues) and when done and I logged into the user account it gave a few messages about preparing the account: exact words below:
-
Got a full screen message: on solid blue background “Getting things ready, please don't turn off your PC”.
-
Next message: “These updates help protect you in an online world”
-
Next message: “Go to Start > Get started app to see what's new”
-
Next message: “Making sure your apps are good to go”
-
Next message: “Let's Start”
Is this normal for a major windows update? I haven't seen it before and still shouldn't there be other updates listed in the update history?
I'm worrying that my friend has been tricked into letting someone download a bogus update with who knows what trojan hacks embedded.
I've taken it down to SafeMode and scanned with latest updates of MalwareBytes and NortonSecurity but it only reports a few MindSpark toolbar PUPs and a bunch of cookies that appear to have been successfully removed. Machine is behaving normally but I am still worried about what message the owner initially saw that prompted the phone call. Sounds snarky.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
224 S 200 W, Suite #250
Salt Lake City, UT 84101
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2024 Daz Productions Inc. All Rights Reserved.
Comments
I've never seen messages like that in any update. I think MS has default images already installed on the system it uses for updates as I never see any different (do not turn off your machine, preparing updates, etc.)
The last update I recieved was for 1511 on 8-31 and since updates are pushed to everyone at once, it is likely not a real update
I did some research on the Internet and found a few places that talked about #1607.
Here's one straight from the horse's mouth. https://support.microsoft.com/en-us/help/12387/windows-10-update-history
My own machines (Win10 Home) still only find updates for version #1511.
I somehow get the impression from some of the articles I read that version 1607 is for administrator distributed versions and maybe not for single user Home versions? I'm thinking that perhaps if the "Norton" message was legitimate, then the Norton technician may have fixed a problem by triggering a download of the #1607 version from their archives. I searched the NortonSecurity log and didn't notice anything about a serious problem in the last few days, although it had caught a couple of "setup" operations that it aborted.
Ahh, so it's not really an update, almost a new version of windows (but not stand-alone)
Then yes, I suppose it's possible it wiped previous windows updates since they wouldn't apply anymore (probably included in the 1607) and since it's almost a new install of windows could have new update screens for this installation.
Although one never ever lets a call center take control of their pc and do whatever they want. I would back up personal items such as pictures and downloads, reinstall win10, manually update to 1607 then replace the pics and downloads just to be sure no hidden nasties were put in place (or regestry changes to allow nasties)
1st - of all Windows 10 uses Windows Defender and not a Norton Antivirus product. However, if your friend uses some Microsoft services, eg, has a Microsoft Developer Account and his personal credentials need verified they'll send him an email or call by phone, they will not push a messgage to a PC, and they'll do they as Symantec not as Norton. Norton is just a product name.
2nd - of all those messages you said are typical of a new or major Windows 10 Upgrade or Windows 10 install. I didn't realize they were so corny though as I didn't pay much attention to them.
3rd - if your friend didn't have Norton Antivirus installed themself or if it wasn't part of the original HP Notebook installation has probably been infected. Probably not a serious infection but a business establishing a nagging presence on your PC to nag at your sense of security to coerce you into buying products is probably not in your best interests to do business with. Your friend should avoid most free SW. I've gotten to where I don't even browse to see what new Windows and Mac SW is out there anymore as most of it's stuffed to the gills with adwear and spywear and TSR type Windows Services type spywear.
I have Windows 10 the 1st Anniversary Edition Build 1607
and since it has had a
1. 2016 Aug 24 - Cumulative Update for Windows 10 Version 1607 for X64-based Systems (KB3176934)
2. 2016 Aug 24 - Update for Windows 10 Version 1607 (KB3176936)
3. 2016 Aug 31 - KB3176938
4. 2016 Sep 01 - KB3189031
Thanks for the replies.
I didn't see the original warning and only have the word of the user that it was a "Norton" message. However, it's possible because I know it had NortonSecurity installed on it because I installed it for him the last time the laptop was in my hands. Personally I have no issues against Norton (Symantec). I find it a useful and trustworthy product. And I find their help desk people quite knowlegeable and helpful when I solicit their help. But I do agree that unsolicited warnings to make a phone call do put me on edge. (IF that's actually what happened.)
I do wish that people would take note of error messages and write down or snap a photo of scary messages. I feel like a doctor getting a walk-in patient who says that some friend told them they had some medico-babble scary disease but they can't remember exactly what was said and then they took some combination of miscellaneous drugs that they can't remember what were, before coming to me asking for help. Oy!!!!!
British TV watchers will understand completely if I say that feel like Doc Martin and sometimes I act like him too.
According to the note from MS that I saw people may not get the Anniversary update until November, it's a phased release (presuambly MS worries about its own bandwidth, if not ours). As it is a new version it will no longer list older updates. Theer are, however, some post Anniversary update updates.
Window 10 uses whatever security software is isntalled - Defender is the fall back in the absence of anything else. I have Norton and it does produce pop-ups and they are branded Norton.
That said, I agree that the call this number bit sounds unlikely unless - just remotely - it was a warning that a renewal was needed.
HP outsources support to a number of regional "support companies". I have had to clean up messes made by these companies for years. A few of them will *immediately* ask the user to allow them remote assistance access. I have seen all manner of crazy things done by these idiots in the name of "fixing printer drivers", "updating HP hardware drivers", and other excuses. In every case where I am called in to resolve the mess I advise the people to *never* give an unknown person access to their system regardless of who the person is supposedly representing. A few times the systems were so badly hosed that a backup and recovery was the only fix for the damage. Other times the fixes were so simple that there was no need what-so-ever for the support person to have needed access in the first place.
Kendall
Why use a rubber mallet when a sledgehammer is at hand?
My Desktop updated today. I think it took about an hour. As far is I know, only message one and two showed up. Neither of my antivirus programs have flagged anything.
Although something has changed on my laptop. I can now see the browsing history for my Desktop and my Mum's tablet (which didn't happen before today). Is there a way of stopping it/turning it off?
I must admit when I see and read threads like this, it becomes "brown trousers time".
How about the fact that, by default, your machine is providing Microsoft's OTHER INTERNET CUSTOMERS with updates? Yup, that's right. YOU are saving Microsoft bandwidth/money on YOUR DIME.
Settings->Update & Security->Advanced Options->Choose How Updates are Delivered
Get updates from Microsoft, and get updates from and send updates to
(default on) PCs on my local network, and PCs on the internet.
Kendall
That sounds like another a very good reason NOT to get Windows 10. I surely don't want to receive updates from "other computers on the internet" which may infested with viruses or malware.
My 'Choose how updates are delivered' is defaulted to off for allowing Windows updates to be distributed to other computers on the net and since that is turned off the choice between PCs on my local network or Pcs on my local network and PCs on the Internet doesn't matter but it's defaulted tp Pcs on my local network.
It will probably depend on if you get the default Windows 10 configuration policies changed by the business for whether or not that has been changed from the default of Off and (so doesn't matter) PCs on my local network.
The sharing updates with other pcs is nothing more than peer to peer (like torrents) if the piece your computer is recieving doesn't match the hash number, then the piece is rejected and it tries again. Also, it only shares with pc's on your local network, not the guy down the street. Unless the original update straight from MS is infected, you can't get a virus by allowing this. The downside is it will chew up your home bandwith as all your pc's are sharing with eachother, the upside is you will get the update faster.
*edit* I didn't see that they added the option for pc's on the internet as well. Either way, a virus can't spread that way (at least not yet. I'm sure someday someone will figure out how and write one. There's always someone smarter)
It's not about spreading malware (although doing that is not beyond possibility) the problem is that M$ is using their customer's internet (i.e. customers paying their internet) so that M$ doesn't have to pay for that bandwidth. For most, the never know that their machines are sending out the updates since they never navigate that deeply into the settings. I find it incredibly doubtful that M$ didn't bury it that deeply specifically because they knew people wouldn't look for it there.
Kendall
Oh, I don't doubt they put it in that deep on purpose, just like they removed the option (at least not withought using tricks) to hide specific updates or the option to only notify of updates and let me choose when to download. The malware part was in reply to charlie's post above.
Malware spread has been quite the discussion about this lately. The software that is being used is from akamai, whose main business is NOT security but Content Distribution. Since there is no published way to determine what is actually being distributed, pretty much anything can be. Microsoft says "updates" but their use of the language could allow that to be "advertising" as well.
Kendall
Well I saw the users of another 2GB download product that is often updated frequently as in the complete 2GB has to be downloaded repeatedly even week or two and the users absolutely threw fits until the makers of that product allowed for distributing the product in such a manner. Microsoft was probably similarly harangued.
If you don't go for a quick install you are asked how you want to handle updates, among other things.