Jump to content


Photo

Windows 8.1: Trojan like behavour not limited to Win10 - NCSI service


  • Please log in to reply
3 replies to this topic

#1 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18642 posts

Posted 20 April 2017 - 05:21 PM

Evening

 

Switched the PC on this eve when I got home today and Firefox being my default web browser loaded.  Note I had NOT clicked on it, something had requested a URL which resulted in being presented with the MSN website.

 

Thought I had been infected or had my home hijacked but no, it turned out to be a known M$ bloody service (Active internet probing service - NCSI) that tried to access a blocked (by pi-hole) url (http://www.msftncsi.com/ncsi.txt).  NCSI then for whatever reason requested the bloody MSN page. What I don’t understand is why open the MSN page when access to the other URL was blocked, what could M$ gain from that?

 

As I despise bing & msn, I have just blacklisted both of them in pi-hole.

 

More info about this  -



#2 kano

kano

    Member

  • Member
  • PipPip
  • 181 posts

Posted 20 April 2017 - 09:43 PM

But on the bright side, they're no longer sabotaging the update process for Windows 7 by making it run slow as shit. It was messed up for more than a year... But now it behaves as it should.



#3 Aosys

Aosys

    Member

  • Member
  • PipPip
  • 181 posts

Posted 20 April 2017 - 11:39 PM

Is KB3035583 still a thing or have they finally yanked it from the roster? If it's safe to update Windows 7 again I might finally do so after more than a year of avoiding it...



#4 Bikerdude

Bikerdude

    Mod hero

  • Member
  • PipPipPipPipPip
  • 18642 posts

Posted 21 April 2017 - 02:30 AM

Is KB3035583 still a thing or have they finally yanked it from the roster?

Dosent appear to be - https://support.micr...us/help/3035583






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users