Windows 10: Can't find the source of this weird update dialogue

I'm getting a message (2nd time now) that, according to every check I can think of, looks to be an update from Microsoft, but it definitely shouldn't be there and isn't working properly. I've checked and the program that's running it is legit, it is a program that is supposed to be there, is signed by Microsoft, and hasn't apparently been altered or even accessed since the original installation of the OS. I've run it through anti-virus, and come up empty handed. No threat. I've run a full system scan. No threat. I've gone through every process running on my computer right now by hand and all there's not a single one I can't account for. And yet, the message I'm getting is very very wrong.

It's an update dialogue that is styled like it's from vista or 7 (additionally, in the details of the file that's launching it, Internet Explorer is mentioned, so it was created before Edge was a thing). In typical windows 7 fashion, it says that my PC is 'Entitled' to an upgrade which will get me the Fresh and new intuitive Chromium Browser. This is the part I find the most sketchy. As far as I know, Chromium is a version of the Chrome browser that is mainly if not exclusively used on Linux. It's definitely not Microsoft based, and is a competitor with IE or Edge. Windows would never install it on your computer for you.

This is the second time I have encountered this error. There is no way to decline the upgrade. Last time, I killed it in Task Manager. My spidey-sense is tingling, this doesn't feel at all right, but I don't know what steps I should take to eliminate a virus that doesn't seem to exist. Any recommendations?





:)

 

How to find the source of the anniversary update fail ?

Looks like there is something that potentially could be investigated and changed about that. E.g. find out what this is

{bf1a281b-ad7b-4476-ac95-f47682990ce7}

and either fix it or get rid of it. Then that would remove those symptoms from your diagnostics.

Related to this imagine that "loaded by another process" suggests you have an interferer present so try figuring out what that may be and get rid of it too.

The problem symptoms range from 15:23 to 15:31.

We can use this Regular Expression to scan through this log: exit\(0x(?!00000000)|faile

A problem I have is that I don't know if this exit code is a problem or not exit(0xe000020e).

If it is a problem you would have to assess what to do about the devices it occurred with.

E.g. note the TN troubleshooter guide advice about

"running setup using a minimal set of drivers "

But stuff like this doesn't look good

MoveFile: 'C:\windows\system32\SET4C16.tmp' to 'C:\windows\system32\RtkCoLDR64.dll' FAILED!

So what was happening at 14:30?

Do finds in here for Regular Expression Fail(?!o) backwards

Here's our mystery Hive again.

2017-03-12 15:53:20, Info CBS Failed to flush offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy1/windows/System32/config/DRIVERS. [HRESULT = 0x800703f8 - ERROR_REGISTRY_IO_FAILED]

And it still smells to me like there is an interferer present (or a permissions problem which has the same effect)

In fact if we eliminate all the INVALID_PACKAGE events you can see that this registry problem is really all that you have to deal with to try changing your symptom significantly. Use this Regular Expression for that: Fail(?!o)(?!.*805)

[Rapport d’erreurs Windows]

Usually contains lots of helpful detail.

You didn't give a different link for the Sys Events log so nothing to report for that either.



HTH

Robert

---

 

How to find the source of the anniversary update fail ?

Please provide more information so that the cause of your problem may be diagnosed.



Please restart your computer and allow 20 minutes for the system to run before uploading information required to help me investigate your problem. When examining Event Viewer log files many, not all, problems show in the period immediately after
the computer has been booted.



Please provide a copy of your System Information file. To access your System Information file select the keyboard shortcut
Win+R, type msinfo32
and click OK . Place the cursor on
System Summary. Select File, Export and give the file a name noting where it is located. Click Save.
Files in the txt file format are preferred.Do not place the cursor within the body of the report before exporting the file.The system creates
a new System Information file each time system information is accessed. You need to allow a minute or two for the file to be fully populated before exporting a copy. Please upload the file to your OneDrive, share with everyone and post a link here. If the
report is in a language other than English, please state the language.



Please upload to your OneDrive and share with everyone a copy of your
System log file from your Event Viewer and post a link here. Please remove any earlier copies of the logs from your OneDrive.



To access the System log select the keyboard shortcut Win+R, type
eventvwr.msc and press the ENTER key. From the list in the left side of the window select Windows Logs and System. Place the cursor on System, select Action from the Menu and
Save All Events as (the default evtx file type) and give the file a name. Do not provide filtered files.
Do not place the cursor in the list of reports before selecting Action from the menu. Do
not clear logs whilst you have a continuing problem.



For help with OneDrive see paragraph 9.3:

gerrys template

 

Could be its captured your router...kill in Task Manager, shut down computer, disconnect router.
Restart router and computer to verify if cleared.

 

Do not kill it, right click on it and select Open File Location. Then go up and remove the whole folder.

 

Can I remove "C:\Windows\SysWOW64"? It looks like a system folder and, by all accounts, it looks like it's supposed to be there. Also, as I said, it doesn't look like it's been touched since manufacture.

As for unplugging my router, that's a no-go. I don't have a router, I'm plugged directly into Ethernet (the reason why is a long story).

 

What does your Ethernet cable connect to if its not a router, supplied by your internet supplier, enabling you to use their service.
Do you have an Ethernet cable connection from your computer, other end plugged into a box of some kind.....that box is a router.

 

I'm living in a dorm room, so the Ethernet port in my room is connected to some router somewhere, but it is very unlikely that it has been compromised. I have a wireless router, but I've had some trouble lately with the firmware, so I'm just bypassing it for the present.

 

Welcome to TenForums @SpadeAndArcher

This is a known bit of malware. Probably came hidden in something you recently downloaded and installed. Run all the usual checks, ADWCleaner, Malwarebytes, etc..
Malwarebytes | AdwCleaner
Malwarebytes | Free Anti-Malware & Malware Removal

This Buzzfeed post has a picture of the same popup as your screenshot ...

Way To Remove “There Is A Recommended Update For This PC” Pop-Up

 

Thank you. The problem is that I ran antivirus and couldn't find anything. Also, I didnt download anything that was suspicious, so I have nothing to go on to find out how to remove it. I know I have a virus, I just can't find it.

 

"I ran antivirus and couldn't find anything"

FWIW, I recently had a similar problem. I ran 5 different virus and malware scanners before the sixth one finally found and eliminated my problem. The winner was HitmanPro. Lesson learned: Be persistent.

C.B.

 

Just one? If so, which? Defender? Some malware is good at hiding, running several different scanners is often required before you can catch them all. If you have not used it yet, run ADWCleaner for a second opinion. It doesn't require an install, just download and run it.

You could also try Windows Defender Offline which scans without the OS running - malware processes can't hide if they're not loaded.
Windows Defender Offline Scan in Windows 10