Spyware, Viruses, & Security forum

General discussion

How to stop a Windows update install at power down time.

by Scallywagging / January 31, 2009 10:29 PM PST

This will sound pretty bizarre and I won't go into all the details, but first of all here is the goal that I'm seeking technical assistance with.

When I go to power down my laptop, the power down button has that little shield and says it will now power down and install the Windows updates.

What's my goal? Clearing out that software and not allowing it to be installed. Of course, I know there is that little option that you can click on to power down without installing and that's what I did. But that isn't a long-term option as I will certainly forget sometime and power down the normal way.

Now,here is the bizarre part. I've been using it here at home offline for several days and have turned it off numerous times without it indicating that it had any updates to install. And then I was online for a bit with it last night. But I have Windows update set to "Notify me but don't automatically download to or install them."

But, it never notified me and asked for permission during that short time that I was online with it, and I didn't give it any permission to download any. However, I have a portable hard drive that I have had plugged into it during the last couple of days. And that portable drive has also been plugged into my desktop which suffered some kind of difficult to get rid of attack.

Since my desktop has been attacked by a very clever virus or malware, I believe that baddies have been transmitted to the laptop by my portable drive and are now residing in that shield on the shutdown button (figuratively speaking) waiting for me to click that button and spread the problem further.

Of course, that may or may not be true, but I think better safe than sorry is the right adage here.

So, that is the reason that I'm seeking technical feedback about this goal: how to disable that download that is getting ready to happen when I click the Windows shutdown button.

I know this sounds weird, but I've been having some pretty weird experiences with a virus problem that I've been having on my desktop.

I'm really not expecting there to be a solution to disableing this "update ready to install problem" short of reformatting the hard drive, but thought I'd at least ask around.

Thanks for your time listening.

Cheers.

Discussion is locked
You are posting a reply to: How to stop a Windows update install at power down time.
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How to stop a Windows update install at power down time.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
You can stop it by enabling a policy
by Donna Buenaventura / February 1, 2009 5:01 AM PST

By using the group policy editor in Windows:

Start>type gpedit.msc in run box>hit ok

At the left pane, navigate to the following "tree"...User Configuration>Administrative Templates>Windows Components>Windows Update

Double-click "Windows Update" then bring-up the properties for "Do not adjust default option to Install Updates and Shut Down in Shut Down Windows dialog box"

Change the settings to "Enabled"

Click Apply or OK to apply your new settings.
Close the group policy editor windows.
Restart and observe if your goal has been attained.

If not, please post back.

Have you scan the system with several antimalware products?
Try Superantispyware, A2 or Malwarebytes scanners. These are free software.
Or you can try online scanner.

Collapse -
That worked great but I didn't state my goal correctly.
by Scallywagging / February 1, 2009 10:37 AM PST

Hey Donna,
That was great. I wasn't sure what that was going to do but I followed your excellent instructions and here's what happened. It took the install updates shield off of the button. It moved that command option to a link line below the shutdown button so now I can click the shutdown button as I normally would without installing those updates.

You did a great job of explaining to me how to achieve my goal. But I didn't do such a good job of stating my goal. What my real goal is is to flush (delete) those suspect update files out of the system. I will, of course, want to do updates in the future. It's just the update files that are there currently waiting to be installed that I want to get rid of. Do you know of how I can locate and delete them?

Once again, thanks for your excellent advice.
Cheers.

Collapse -
OK.. try this:
by Donna Buenaventura / February 1, 2009 11:35 AM PST

First, you need to stop the "Windows Update" service in Windows Vista.(Automatic Update service for XP)
Start>run then type services.msc
Hit OK
Stop the said service. Close the Services Console window.

NOTE: Please ensure that you have backup before deleting anything Wink

Next, do any of this:
1. Go to C:\Windows\SoftwareDistribution\Download
Delete the content of Download folder or
2. Go to C:\Windows
Delete the SoftwareDistribution folder

Restart the system. The Windows Update service should auto-start itself.

See if the above will achieve your goal. If not, please let us know.

BTW, if you plan to get check and update manually, you should configure Automatic Updates to disable. Notify settings in AU will continue to download any pushed update. Example: Update to Windows Update agent software.

Happy

Collapse -
this sound like it.
by Scallywagging / February 1, 2009 11:56 AM PST
In reply to: OK.. try this:

Hi Donna,

Thanks. This sounds like the solution. After I get rid of the suspect files, I will set up the update the same way that I've always used it - asking it to notify me of any updates and let me say yes or no regarding whether I want to download and install them.

Your instructions were great. I'll post later today and let you know how it went.

Then perhaps I'll tell you about the virus/malware/whatever that was on my desktop and the rather thorough methods I used to get rid of it and how even after that I saw something slightly surreal that made me think I hadn't quite succeeded yet. Though the event only lasted less then 2 seconds, it was so bizarre that I hesitate to tell anyone about because if someone told it to me, I would probably think they were hallucinating. (I have no history of hallucinations, by the way.)

Cheers.

Collapse -
You're welcome!
by Donna Buenaventura / February 1, 2009 12:53 PM PST
In reply to: this sound like it.

>>Then perhaps I'll tell you about the virus/malware/whatever that was on my desktop and the rather thorough methods I used to get rid of it and how even after that I saw something slightly surreal that made me think I hadn't quite succeeded yet.

OK. Let us know also what tools you use so we don't recommend what you have and run already Happy

>>Though the event only lasted less then 2 seconds, it was so bizarre that I hesitate to tell anyone about because if someone told it to me, I would probably think they were hallucinating. (I have no history of hallucinations, by the way.)

They should not think you are hallucinating as such happens.
In a blink of an eye... things can happen especially if it's programmed to do that way Grin

Collapse -
OK. Here's some more of my virus/malware mystery.
by Scallywagging / February 2, 2009 1:06 AM PST
In reply to: You're welcome!

Hey Donna,
You're instructions were spot on. And when I got to the Software Distribution Downloads folder what I saw there confirmed my suspiciions and also bore a striking resemblance to one of the digital villains in my "hallucination." That was a bit of a relief.

I'll backtrack in my story now and explain more of this. I was infected by some baddies on my desktop computer. My antivirus at the time (I had AVG Pro on a 30-day trial) caught some of these and destroyed them but they didn't succeed completely. Some of the symptoms that told me that I still had a diseased computer:

1. Some functions were extremely slow. For example, I might click on a Word document and it might take a couple of minutes before the file would open. And I might click on the close button for Word and it might take a couple of minutes for it to respond. I might click on control panel, and it might take a minute or so to respond. However, any of these that I accessed through my Excutor file launch utility came up immediately.

2. To try to cure this, I sought to set a Restore Point to a previous time when the computer was performing normally. None of the restore points worked. All efforts to change to a preceding restore point were failures. And going to My Computer>right click>System Restore, I saw that System Restore was turned on and all drives were being monitored.

I had already, at that point gone through very extensive cleaning and removal efforts on my main drive based on the prescriptions of an expert technical site and all the programs told me that eveything was cleaned up and fine. I've since lost some of that info because of a complete reformatting of my disk drive, but some of the better known programs in that process Spybot Search and Destroy, Hi Jack This, probably 8 or so others.

Then, after having done a complete disk clean, full install of Windows on my main drive, I went to one of my external drives (connected via USB) where the baddies had first appeared. Lo and behold, I immediately saw some strange things that led to my hallucination-like experience. This was a Western Digital Passport Elite portable drive. On the root directory I saw the regular list of programs that came with the drive, but at the very top I saw something that I'd never seen before. It was a file folder with a name that was about 20 or 30 characters long consisting entirely of seemingly random numbers.

I immediately recognized this as something new. Clicking on this critter to see what was inside, I saw a lot of folders all beginning with the letters "SP" followed by some other numbers and maybe letters or such. Then, in less than 2 seconds these sub-folders and their parent folder all vanished into thin air (er, cyberspace). What the hell? I am hallucinating or something? This vanishing before my very eyes was not something I'd ever observed in 20+ years of using computers.

So, that was when I knew that I still must have problems even though I'd done a full Windows install on my main disk. At that point I did a disk format on that offending external drive without bothering to save any of the files on it. They were't that important.

So, that's where it stands at the moment. I haven't deleted the files in the Software Distribution Downloads folder on my laptop yet. I thought I'd first inquire if there are ghost hunters, er, I mean virus/malware hunters who would be interested in studying these suspects, and if so getting the suspects to them for "questioning."

And now, also, I will do a complete Windows install on my desktop again now that I've re-formatted the disk where the baddies were hiding out before their mysterious disappearing trick. Then I will install Trend Micros Internet Security Suite on 30-day trial.

I have a couple of other external hard drives. Not sure what to do to ensure their safety. I don't want to trash all the data on them. Too valuable to me.

Any thoughts on all this?

Time for bed.
Cheers.

Collapse -
My thoughts...
by Donna Buenaventura / February 2, 2009 6:24 AM PST

Hi,

After you cleaned and wiped the disk, I believe your hard-drive are now free from malware of any type. See answers below.

>>>Then, after having done a complete disk clean, full install of Windows on my main drive, I went to one of my external drives (connected via USB) where the baddies had first appeared. Lo and behold, I immediately saw some strange things that led to my hallucination-like experience. This was a Western Digital Passport Elite portable drive. On the root directory I saw the regular list of programs that came with the drive, but at the very top I saw something that I'd never seen before. It was a file folder with a name that was about 20 or 30 characters long consisting entirely of seemingly random numbers.

I immediately recognized this as something new. Clicking on this critter to see what was inside, I saw a lot of folders all beginning with the letters "SP" followed by some other numbers and maybe letters or such. Then, in less than 2 seconds these sub-folders and their parent folder all vanished into thin air (er, cyberspace). What the hell? I am hallucinating or something? This vanishing before my very eyes was not something I'd ever observed in 20+ years of using computers.


My thoughts on the above is that Windows installed a driver for detected hard-drive when you plug-in the device. And the SP and random character files that you've seen are temporary files added then removed by Windows.
This is true whenever a software or driver is being installed and the installer/setup will remove once the device is ready to use or the needed files are installed already.
What I'm wondering and would like to ask you is:
When you plug-in the USB external drive, did you see the balloon tip by Windows that it detected a new device and Windows is installing the driver to it?

I don't have on to WDPE portable drive but my external drive will sometimes show those items (random characters) whenever I will install some updates and Windows found my external device as "temporary place" to put the stuff then it removed it. There was a time it failed to remove the temporary files and it is safe to delete those.

I hope I'm making sense though Grin but if you suspect that your drive is still infected, I suggest to have the software and utilities that came with WDPE portable drive store in another location then wipe again the drive using DBAN http://dban.sourceforge.net/ or similar tool. You might want to check also with Western Digital website if they have similar tool.

>>>So, that's where it stands at the moment. I haven't deleted the files in the Software Distribution Downloads folder on my laptop yet. I thought I'd first inquire if there are ghost hunters, er, I mean virus/malware hunters who would be interested in studying these suspects, and if so getting the suspects to them for "questioning."
Smart move because I want to suggest another Grin
Or shall I say, I would like to suggest to not to delete the entire Software Distribution folder if you want to keep the "history" of installed updates.

And since you want to get rid of the 'downloaded updates and ready to install updates', you can just delete the "download" folder under Softwaredistribution folder.

>>And now, also, I will do a complete Windows install on my desktop again now that I've re-formatted the disk where the baddies were hiding out before their mysterious disappearing trick. Then I will install Trend Micros Internet Security Suite on 30-day trial.
Good luck!

>>I have a couple of other external hard drives. Not sure what to do to ensure their safety. I don't want to trash all the data on them. Too valuable to me.

Since you have couple of external HD, why not use one of them as backup location?
Backup regularly so you can quickly restore to the full and good state of the system in minutes without losing data.

I'm using Acronis True Image by acronis.com and this has saved me from starting from scratch (which I used to do often.. last time).

Hope this helps.

Donna

Collapse -
One more question
by Scallywagging / February 2, 2009 2:15 PM PST
In reply to: My thoughts...

Thanks Donna,

One more question. When I try (logged in as administrator) to open a System Volume Information file I get an Access Denied message. Should that be happening?

Cheers.

Collapse -
It's normal :)
by Donna Buenaventura / February 2, 2009 7:32 PM PST
In reply to: One more question
Collapse -
Thank you Donna!! I had the same issue.
by guitarrez / November 4, 2009 2:06 AM PST
In reply to: It's normal :)

Automatic updated were inadvertently set to "automatic" in my control panel on a desktop that I don't always use. There were some updates, for example, IE 8, and some others that I DID NOT want to install. I stopped the service, and deleted the c:\Windows\SoftwareDistribution folder like you indicated and VOILA!! I've now set Automatic Updates to "Notify Me Before Downloading or Installing". I know this is an old post. Hope you get it!! Thank you very much!!

Collapse -
typo
by guitarrez / November 4, 2009 2:14 AM PST

First two words should read: "Automatic updates" Thanks again!!

Collapse -
(NT) Glad you sorted it out, Guitarrez :)
by Donna Buenaventura / November 5, 2009 12:45 AM PST
In reply to: typo
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!