That's blind faith: in today's world, I'd rather ask for proof of such claims. Also, if that was really the case, they should have shoved it to the users' face before encouraging consumers to upgrade. Ask Google what Microsoft is doing with Skype
I think tweaking windows is maybe the wrong approach to stop the spying, microsh*te will just apply a 'security' update to circumvent any tweaks and keep on spying. I would have thought it better to stop outgoing traffic elsewhere, not in the hosts file but somewhere that ms cannot control, probably in the internet router firewall. If this could be done then we just need a sticky that can be updated with found ms (and other) url's so they can be blocked at the router.
BTW: If somebody can post the log when the program finished I'd greatly appreciate it. I gave a couple of removal tips but maybe I can try with this one. Thanks!
Ok let me know how it goes also please post logs from v1.4 so I can see if I can make a reversal script the other one that you gave me I didn't understand it
Code: Microsoft Windows [Version 10.0.10240] (c) 2015 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>dism /mount-image /imagefile:J:\sources\install.wim /index:1 /mountdir:C:\offline Deployment Image Servicing and Management tool Version: 10.0.10240.16384 Mounting image [==========================100.0%==========================] The operation completed successfully. C:\WINDOWS\system32>Dism /Online /Cleanup-Image /RestoreHealth /Source:c:\offline\Windows /LimitAccess Deployment Image Servicing and Management tool Version: 10.0.10240.16384 Image Version: 10.0.10240.16384 [==========================100.0%==========================] The restore operation completed successfully. The operation completed successfully. C:\WINDOWS\system32>Dism /Unmount-Image /MountDir:C:\offline /commit Deployment Image Servicing and Management tool Version: 10.0.10240.16384 Saving image [==========================100.0%==========================] Unmounting image [==========================100.0%==========================] The operation completed successfully. C:\WINDOWS\system32> And no changes, feedback app not working, Diagnostics Tracking Service still missing...
Did you execute the powershell script I gave to get the default apps back? And I need to take a look at the log from v1.4 of the program
Oops Okay next post the destroyer program logs so I can try to make script to reverse it. And attempt a system restore (rstrui.exe)
Tried downloading 1.4 from the rghost and it's coming up with eset nod32 that it may be infected. I'm not sure what code nummer has changed since 1.3 / 1.4, but I didn't get this flag with 1.3.
Its a false positive. I also updated the change log for v1.4 what's the name of the virus eset giving you?
Ok, so you want me to destroy it again here Code: Starting: 05-Aug-15 18:57:25. ------------------------------- Product Name: Windows 10 Pro Build: 10240.16393.amd64fre.th1_st1.150717-1719 ------------------------------- ===================================== ------------------------------- [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. ------------------------------- [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. ------------------------------- [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. ------------------------------- Start cmd | args: /c echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl ------------------------------- Disable feedback ------------------------------- Error host add ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" have been changed. ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" have been changed. ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" have been changed. ------------------------------- INFO: Scheduled task "Microsoft\Windows\Shell\FamilySafetyMonitor" has already been disabled. SUCCESS: The parameters of scheduled task "Microsoft\Windows\Shell\FamilySafetyMonitor" have been changed. ------------------------------- INFO: Scheduled task "Microsoft\Windows\Shell\FamilySafetyRefresh" has already been disabled. SUCCESS: The parameters of scheduled task "Microsoft\Windows\Shell\FamilySafetyRefresh" have been changed. ------------------------------- Start SCHTASKS | args: /Change /TN "Microsoft\Windows\Application Experience\AitAgent" /disable ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Application Experience\ProgramDataUpdater" have been changed. ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Application Experience\StartupAppTask" have been changed. ------------------------------- INFO: Scheduled task "Microsoft\Windows\Autochk\Proxy" has already been disabled. SUCCESS: The parameters of scheduled task "Microsoft\Windows\Autochk\Proxy" have been changed. ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" have been changed. ------------------------------- SUCCESS: The parameters of scheduled task "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" have been changed. ------------------------------- Start SCHTASKS | args: /Change /TN "Microsoft\Office\OfficeTelemetry\AgentFallBack2016" /disable ------------------------------- Start SCHTASKS | args: /Change /TN "Microsoft\Office\OfficeTelemetry\OfficeTelemetryAgentLogOn2016" /disable -------------------------------
My bad, I mistook FireFox of actually blocking a download for a change for eset detecting it. I disabled a few options FireFox and seen that it downloaded fine, eset didn't complain after that. I wonder what the change was in the code that Mozilla is not liking.
I'm about ready to release the code to revert changes in still stuck though on that etl file and the hosts file...
Trace Log and hosts file? what do you mean? here is a clean hosts file Code: # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. #127.0.0.1 localhost #::1 localhost
Saw you use 127.0.0.1 to block in hosts file. This will slow down the process so better use new 0.0.0.0, same effect but drastically faster .
Programs like this are, in my opinion and actual reality, very useful. Why? Because they are for the people who do want them. There are crappy movies, tv shows, books and music out there. To the people who want that, however? It's not useless.