Showing posts with label KB2876229. Show all posts
Showing posts with label KB2876229. Show all posts

Monday, August 24, 2015

HOWTO Remove KB2876229 - the sneaky Skype 7 Windows "Update"

A ton of Skype users were unhappy with the update from Skype 6.x to 7.x. Most of what I have seen is complaining about a few minor changes to the user interface. In the usual baby/bathwater situation that follows this sort of thing, "Power Users" began circulating guides on how to modify hosts files to prevent TCP connections to skype and msn domains. You know, because making sure you have the correct proportion of whitespace is more important than stupid trivia like patching critical security vulnerabilities.

To address this madness, Microsoft decided to get clever. In addition to sending the Skype 7 update through the Skype application and related packages like Lync, they would push it through as a Windows update - KB2876229. The Skype application updates are pushed through * and *, while Windows updates come from domains like *, * and * The looks over substance crowd hadn't yet reached the levels of derp required to break Windows Update and the Metro app interface in order to preserve their precious outdated GUI. The vast majority of users process Windows Updates automatically; even those who process the updates manually don't look too closely on non-commercial machines.

Adding insult to irritation, Microsoft decided to push this update to machines that did not have Skype installed. The technical term for this sort of distribution is "dick move".

It was through this trickery that Skype found its way onto one of my machines. Unlike those worried about the update, I don't want and never have wanted anything to do with Skype - and not because of how it looks, either. Finding Skype on one of my computers was like finding a lump on one of my testicles: I wished very much that it had never been there, but lacking that I just wanted it to disappear.

I thought the easiest course of action was to just delete the update. Skype announced its poisonous toxic infection almost immediately, and I could see the update easily within "Control Panel\All Control Panel Items\Windows Update\View update history". The typical command for managing Windows Update is "wusa", so I gave the command to burn Skype with righteous fire:

> wusa /uninstall /kb:2876229

Instead of making quick work of Skype, I was presented with an error message that through me through a loop:

Joshua Wieder - KB2876229

I tried to remove KB2876229 through the GUI by navigating to "Control Panel\All Control Panel Items\Windows Update\Installed Updates", but KB2876229 did not appear anywhere in Installed Updates. Just to make sure I wasn't going nuts, I confirmed that this whole thing wasn't some sort of fever dream by double checking the details of the KB in "View update history".

Joshua Wieder Skype Update Error

Now convinced that Windows was the crazy one, it took me a moment to determine why my operating system was fighting me on this.

As I mentioned earlier, Skype had not been installed on my system prior to KB2876229 - the KB was not an update to an existing application, it was an installation of  new program. It dawned on me that I should just uninstall it normally, through the Control Panel's "Add or Remove Programs".

Sure enough, that worked ... to an extent. Uninstalling leaves behind a ton of registry keys and files. A few of these remaining bits of garbage that are particularly troubling are:

     - Firewall rule exclusions for Skype
     - Skype remains in the Startup Approved list enabling an application to run immediately at boot
     - A bunch of parameters are left behind for the SkypeUpdate service
     - Skype remains the default IM provider
     - Calls to two DLLs remain: SkypeIEPlugin.dll & SkypePNR.dll

There is a whole lot of other needless trash that is left behind as well, but registry junk is a fact of life with Windows so a lot of stuff I won't stress too much - like Internet Explorer extension capability, URL associations, spammy entries in browser bookmarks, an application-specific certificate, etc.

Windows behavior continues to get more and more underhanded. Now is a great time for personal users to jump off the Microsoft mothership.

RAT Bastard

Earlier this week, several servers I maintain were targeted by automated attempts to upload a remote access trojan (RAT). The RAT is a simpl...