Windows 10 spyware comes to 7/8.1
#1
As we all know Windows 10 brought with it a lot of built in spyware (there's a good thread by Insider with regards to disabling it here. What you may not know is that a lot of these 'features' have now made their way over to Windows 7 & 8.1 via some recent updates. namely KB3022345, which creates a new service named "Diagnostics Tracking service" with updated versions KB3068708 and most recently KB3080149 as well as KB3075249 which collects even more information when users access the UAV prompts. As well as others listed below

Code:
KB2876229 SKYPE, If you want Skype then install it.
KB2923545 RDP
KB2970228
KB3035583
KB2990214
KB3021917
KB3068708 Telemetry
KB2592687
KB2660075
KB2506928
KB2952664 x2
KB3050265
KB2726535
KB2994023
KB3022345 Replaced by KB3068708 Telemetry
KB3022345 Caused false sfc result
KB2545698 (IE9)
KB3065987

These updates actively overwrite previous user settings meaning if they are installed they are already running and dialling home! Fortunately this new service can be removed (and the latest version has been released as optional) by following these steps
Code:
Open up control panel and select Programs and features. then select the View Installed updates tab and use the search bar to find the offending updates, there will be an option to then uninstall the update

OR from the CLI if you are so inclined
Code:
wusa /uninstall /kb:(offending update)

All in all it looks like privacy is well and truly dead, at least when it comes to mainstream computing, a sad day when big corporations can blatantly bundle spyware with their products.
Reply
#2
Highly underrated post. I suppose most people here are on *NIX. However for those of you who aren't, there's a sample of scripts that will help mitigate the damage by removing and hiding the offending updates, blocking certain microsoft domains and disabling a number of services and tasks on Win7 through 10.

https://blockwindows.wordpress.com/
Reply
#3
So if I disable all in that list , the spyware must be mostly gone?

Then I'm using this batch.

Code:
wusa /uninstall /kb:KB2876229
wusa /uninstall /kb:KB2923545  
wusa /uninstall /kb:KB2970228
wusa /uninstall /kb:KB3035583
wusa /uninstall /kb:KB2990214
wusa /uninstall /kb:KB3021917
wusa /uninstall /kb:KB3068708  
wusa /uninstall /kb:KB2592687
wusa /uninstall /kb:KB2660075
wusa /uninstall /kb:KB2506928
wusa /uninstall /kb:KB2952664  
wusa /uninstall /kb:KB3050265
wusa /uninstall /kb:KB2726535
wusa /uninstall /kb:KB2994023
wusa /uninstall /kb:KB3022345  
wusa /uninstall /kb:KB2545698  
wusa /uninstall /kb:KB3065987

wusa /uninstall /kb:KB3022345
wusa /uninstall /kb:KB3068708
wusa /uninstall /kb:KB3080149
wusa /uninstall /kb:KB3075249
Reply
#4
(03-11-2016, 03:46 PM)SHA1 Wrote: So if I disable all in that list , the spyware must be mostly gone?

Then I'm using this batch.

Code:
wusa /uninstall /kb:KB2876229
wusa /uninstall /kb:KB2923545  
wusa /uninstall /kb:KB2970228
wusa /uninstall /kb:KB3035583
wusa /uninstall /kb:KB2990214
wusa /uninstall /kb:KB3021917
wusa /uninstall /kb:KB3068708  
wusa /uninstall /kb:KB2592687
wusa /uninstall /kb:KB2660075
wusa /uninstall /kb:KB2506928
wusa /uninstall /kb:KB2952664  
wusa /uninstall /kb:KB3050265
wusa /uninstall /kb:KB2726535
wusa /uninstall /kb:KB2994023
wusa /uninstall /kb:KB3022345  
wusa /uninstall /kb:KB2545698  
wusa /uninstall /kb:KB3065987

wusa /uninstall /kb:KB3022345
wusa /uninstall /kb:KB3068708
wusa /uninstall /kb:KB3080149
wusa /uninstall /kb:KB3075249

Here is a correct version
Code:
wusa /uninstall /kb:2876229 /norestart
wusa /uninstall /kb:2923545 /norestart  
wusa /uninstall /kb:2970228 /norestart
wusa /uninstall /kb:3035583 /norestart
wusa /uninstall /kb:2990214 /norestart
wusa /uninstall /kb:3021917 /norestart
wusa /uninstall /kb:3068708 /norestart
wusa /uninstall /kb:2592687 /norestart
wusa /uninstall /kb:2660075 /norestart
wusa /uninstall /kb:2506928 /norestart
wusa /uninstall /kb:2952664 /norestart
wusa /uninstall /kb:3050265 /norestart
wusa /uninstall /kb:2726535 /norestart
wusa /uninstall /kb:2994023 /norestart
wusa /uninstall /kb:3022345 /norestart
wusa /uninstall /kb:2545698 /norestart
wusa /uninstall /kb:3065987 /norestart

wusa /uninstall /kb:3022345 /norestart
wusa /uninstall /kb:3068708 /norestart
wusa /uninstall /kb:3080149 /norestart
wusa /uninstall /kb:3075249 /norestart
Reply
#5
Or you just get the batch files/scripts from the set i mentioned and linked to earlier on in this thread. For your convenience here is a link directly to the relevant repo on github https://github.com/WindowsLies/BlockWindows/

I highly suggest you look into these, since microsoft shenanigans don't just end with the updates unfortunately.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  how to harden windows 2019 server? QMark 1 3,562 05-20-2019, 01:36 PM
Last Post: Insider
  Folder sharing between Linux and Windows overfl0wN 5 8,332 04-04-2019, 01:24 AM
Last Post: MuddyBucket
  Using Kali Linux (And other systems) natively on Windows 10 without VM. Insider 2 3,625 03-21-2019, 07:53 PM
Last Post: enmafia2
  Windows? Nerdie 6 5,888 01-12-2016, 09:28 PM
Last Post: Insider