Question Possible hacker download attempt ?

[Cpt Snake]

OS: Windows 10

About every seven to ten days, I get a message that states:

"Sorry need to update your computer", and starts to download from [to?] my computer. The message is on a light blue background, with a tilted sad face in a block. I immediately shut down my computer and restart.
Is this a hacker attempting to gather information? It does not appear to be a MS update. It's only when I am on the internet. Any advise is appreciated. Thanks

 

[Cpt Snake]

We can end this question. Just now it did it's download when I was distracted. So well see if damage was done.

 

[Ralston18]

I will make the suggestion to look in Reliability History/Monitor and Event Viewer.

Either one or both tools may be capturing some error code, warning, or even an informational event just before or at the time those messages appear.

Start with Reliability History/Monitor. It has a time line format that you can use to identify any 7 -10 day patterns.

Also look in Task Scheduler: There may be some task pre-scheduled or triggered that originates the messages.

Especially since "things/download" just happened.

 

[Cpt Snake]

OK, the Download hacker is back. Installed Bitdefender yesterday and I keep getting this alert message below multiple times an hour.

Suspicious connection blocked
34 minutes ago
Feature:Online Threat Prevention
msedge.exe attempted to establish a connection relying on an untrusted certificate to wpad. We blocked the connection to keep your data safe since untrusted certificates are issued by unrecognized Certificate Authorities.

What I don't understand is my Win 10 allows this download. Nothing is allow to be downloaded without my permission.

 

[kanewolf]

OK, the Download hacker is back. Installed Bitdefender yesterday and I keep getting this alert message below multiple times an hour.

Suspicious connection blocked
34 minutes ago
Feature:Online Threat Prevention
msedge.exe attempted to establish a connection relying on an untrusted certificate to wpad. We blocked the connection to keep your data safe since untrusted certificates are issued by unrecognized Certificate Authorities.

What I don't understand is my Win 10 allows this download. Nothing is allow to be downloaded without my permission.

Edge can be a problem. What I would recommend is that you look at the sites that have requested permissions. The URL is edge://settings/content/all
If there is anything that looks odd, I would wipe out the cached data. You can get to that by clicking on the three dots on the top right. Click on History, then click on the trash can at the top. That will bring up the delete browsing data. SCROLL DOWN and make sure that "Site permissions" is checked. Make sure the time is set to "All Time". delete the data. See if that clears up your warning.

 

[Cpt Snake]

OK, Thanks to all first. I know it's a pain. Update, the download hack attacks my computer on or off the internet. I does it's download then restarts my computer without a prompt. I've got the internet quick disconnect set up. I can save to the clipboard. I can access the clip board, but having problems saving the "PINNED" image.

 

[COLGeek]

Did you ever scan this system, as previously suggested with Malwarebytes and/or Hitman Pro>

 

[Cpt Snake]

Yes scanned with Glary Malware, Bitdefender Plus, Windows anti virus. Nothing showed. Windows defender states, no action required. Ran Command, sfc/scannow today showed nothing.

 

[COLGeek]

That is good, but those tools were recommended for a reason. Up to you, but it will cost you nothing but time.

 

[Cpt Snake]

Just downloaded Malware.bytes...running now

 

[COLGeek]

Okay. Are you backing up anything to any cloud services, by the way? Including anything from Microsoft?

 

[Cpt Snake]

The only cloud service is Steam Gaming. Malware gave me a clean score of 90. 😀

 

[COLGeek]

What threats were identified? Did you delete them?

 

[hussaj]

You say downloads from my computer
Is delivery optimization on?
It is in setting update and security advanced options

 

[Cpt Snake]

Malwarebytes, gave me 100% clear of problems.

Under delivery optimization "allow downloads from other PC" is currently on, I just turned it off.

 

[JeffreyP55]

OK, Thanks. I had to ordered a internet cable splicer for a quick disconnect. No rush, this will take time. Thanks for all the help. When I get more info, I'll release it. 👍

Unless you need cookies and site data. Firefox/settings/Privacy and security/delete cookies and site data when firefox is closed.

 

[Cpt Snake]

OK, Thanks, You guys on Tom's Hardware are great...Really! Thanks for helping an old guy that was born before TV was invented. I do my best, but thanks to you guy, it makes it easier. I really appreciate the help.

 

[Cpt Snake]

Well, I thought I was done with the Hack Thing, but not so. I just cleaned my computer today and before I could connect the Internet quick disconnect, it got me in the middle of a game on Steam. I am convinced it's coming from Microsoft. The little time I had I read the message, "microsoft/windows/stop code". This started with my last windows update on 5/16/25. After the interruption, I installed the New Provisional Windows Update. Maybe that will fix the problem. It took over 40 min to install. Anyway, I'll be back.

 

[COLGeek]

Well, I thought I was done with the Hack Thing, but not so. I just cleaned my computer today and before I could connect the Internet quick disconnect, it got me in the middle of a game on Steam. I am convinced it's coming from Microsoft. The little time I had I read the message, "microsoft/windows/stop code". This started with my last windows update on 5/16/25. After the interruption, I installed the New Provisional Windows Update. Maybe that will fix the problem. It took over 40 min to install. Anyway, I'll be back.

Are you using your Microsoft account when you sign into Windows? Or are you using a local account?

What you have been describing is not a Windows Update sort of thing. It could be (as previously asked) a backup, if you are indeed using Onedrive, for example.

 

[Cpt Snake]

Thanks, I am using the Window 10 Microsoft account with local drive, not one drive. We need more info, I'll try to get it. I am using Malwarebytes, which did not stop it.

 

[Cpt Snake]

OK,finally got to read the hack thing. Something about a problem with my windows and it had to repair it. I gave up and restored an image with Macrium from 3/1/25. Lets see what happens

 

[COLGeek]

Thanks, I am using the Window 10 Microsoft account with local drive, not one drive. We need more info, I'll try to get it. I am using Malwarebytes, which did not stop it.

Local drive does not equal local account.

MS account refers to one you signed up for with Microsoft, to access their stuff, like Windows registration and the Microsoft Store, for example. Heck, to play Flight Simulator 2020 you have to be signed into your MS account.

A local account does not reach out to the network when you sign in. It is only on your system. Many users use a local account for day to day use. Only signing into MS accounts when absolutely needed. That is what I do and have both types on my PCs.

Your Macrium comment suggests you do perform backups locally and that you aren't using MS for their backup service. Correct?

By the way, aside from the 3/1/2025 image restore, is Windows fully updated? Do you have Windows Update running in its default mode? Are you using any applications to update drivers or other applications?

 

[Cpt Snake]

What macriun does is delete everything ahead of 3/1/25. So I must update widows to date which is what I want. Time will tell, but it should be fine.

 

[USAFRet]

What macriun does is delete everything ahead of 3/1/25. So I must update widows to date which is what I want. Time will tell, but it should be fine.

Macrium only does what you tell it to do.

 

[Cpt Snake]

Yes, It takes an image of the date, saves it to a local hard drive, then one can re-image from the local hard drive to that date. Pretty easy, I keep my C drive almost bare, My games are on the D drive, E drive is a junk drawer.

 

[USAFRet]

Yes, It takes an image of the date, saves it to a local hard drive, then one can re-image from the local hard drive to that date. Pretty easy, I keep my C drive almost bare, My games are on the D drive, E drive is a junk drawer.

Ya know...you can keep multiple Images.