[EP_X0FF]

Below is the list of "updates" that delivered by Windows Update as "telemetry and customer experience improvements". If you don't want upgrade to Win10 or send your "telemetry" to MS - remove them and do not install again.

Microsoft claims this is "telemetry" and customer expirience blah-blah-blah. Well I call this simple - spyware.

https://support.microsoft.com/en-us/kb/3021917 - "Performance tracker update"
https://support.microsoft.com/en-us/kb/3035583 - "Get Windows 10 App" (delivers ready to use UAC backdoor as bonus)
https://support.microsoft.com/en-us/kb/2990214 - "Upgrade to Windows 10"
https://support.microsoft.com/en-us/kb/3044374 - "Upgrade to Windows 10"
https://support.microsoft.com/en-us/kb/2952664 - "Compatibility update for upgrading Windows 7"
https://support.microsoft.com/en-us/kb/3022345 - "Customer experience and diagnostic telemetry"
https://support.microsoft.com/en-us/kb/3068708 - "Customer experience and diagnostic telemetry"
https://support.microsoft.com/en-us/kb/3080149 - "Customer experience and diagnostic telemetry"
https://support.microsoft.com/en-us/kb/3075249 - "Telemetry points to consent.exe" !!!WARNING!!! this update add spyware functionality to UAC

Run cmd.exe elevated and use this

Code: Select all

wusa.exe /uninstall /kb:ID /norestart

where ID is number of KB to remove.

If KB3035583 failed to completely remove files - go to %systemroot%\System32\GWX and delete GWXUXWorker.exe manually (this is important as this is UAC backdoor file), file and folder is owned by TrustedInstaller see how take ownerships of it https://technet.microsoft.com/en-us/lib ... 53659.aspx

This list is incomplete. If you have more suspicious/spyware KB to add feel free to post.

Updates maybe masqueraded as "important" or as part of Windows Update itself. In future they maybe a silent part of critical fixes.

Edit:

@bartblaze excellent addition:

Disable Windows 10 telemetry
http://pastebin.com/CwKT4Qh5

[slipstream-]

Has anyone reversed completely the telemetry stuff yet?

[Apocalypse]

http://pastebin.com/raw.php?i=LjxW3yAA

[EP_X0FF]

Has anyone reversed completely the telemetry stuff yet?

http://arstechnica.co.uk/information-te ... microsoft/

Now silimar wonderful spyware/zombification functionality from win10 delivered to win7/8.1, for example KB3075249 include updated version of appinfo.dll and consent.exe used to report back to Microsoft about applications YOU elevate. It is just a beginning.

[360Tencent]

https://theblogpirate.wordpress.com/201 ... py-on-you/

[tigerite]

Some updates since August to remove: http://techne.alaya.net/?p=12499

[h00key]

Besides going through the list of bad updates, is there an easy way to check the existence of the spy features? At least these can be done:


1. Check the existence of GWXUXWorker.exe as instructed by EP_X0FF (Windows 7/8/8.1):

If KB3035583 failed to completely remove files - go to %systemroot%\System32\GWX and delete GWXUXWorker.exe manually (this is important as this is UAC backdoor file), file and folder is owned by TrustedInstaller see how take ownerships of it https://technet.microsoft.com/en-us/lib ... 53659.aspx

2. Check if the DiagTrack service is installed:

Code: Select all

sc query diagtrack

Is there anything else to do?

[h00key]

Looks like the November 2016 cumulative security update for Windows 7 (KB3197868) installs the diagtrack service.

To check:

Code: Select all

sc query diagtrack

To disable:

Code: Select all

sc config diagtrack start= disabled

(Note the space after "=")

Or, delete:

Code: Select all

sc delete diagtrack

Has anyone found out if it brings other nasty stuff?


Also, there are "preview" updates which are apparently not important and even not recommended:
http://www.infoworld.com/article/314219 ... tches.html