Windows 10
Microsoft seems to have instilled its Get Windows 10 patches with the ability to behave like malware and circumvent users' attempts at deleting it Getty

Microsoft's Get Windows 10 tool seemingly employs similar techniques to malware in order to promote the latest Windows operating system, making it impossible for consumers to ignore it.

According to a reader for The Register, who conducted a thorough investigation into the various Windows 10 patches that have been released, while it is commonly thought that the patch KB3035583 is behind all the pesky Get Windows 10 ads, in fact, another patch called KB2952664 is actually to blame.

The KB2952664 patch is particularly sneaky as it triggers the KB3035583 patch, which constantly reinstalls itself after removal. The Get Windows 10 tool essentially subverts a channel meant for security hotfixes and uses it to advertise Windows 10, as well as employing "polymorphic techniques" that constantly override users' actions and permissions.

On top of this, the KB2952664 patch apparently mutates over time in order to make all previous attempts by a user to block it from being updated or to uninstall unwanted patches obsolete. So therefore every time that a user uninstalls either the KB2952664 or the KB3035583 patch, the user is only uninstalling just one revision of the patch, and the patch is able to instantly reinstall itself using an alternate revision number because the wily KB2952664 patch is cached in C:\Windows\SoftwareDistribution\Download.

In fact, if you look in your registry, you will likely find numerous registry entries relating to the two patches located in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

So if you're really, really determined to get rid of Get Windows 10 and stop it from bothering you to upgrade from Windows 7 or Windows 8.1, then you will need to download every single instance of the KB2952664 and the KB3035583 patches, and make sure you also search for them in:




ALL registry entries for KB2952664 and KB3035583

You have to remove every single registry entry, as removing the patches themselves only removes the Get Windows 10 blue ad reminder box that pops up in the system tray on your task bar. If you miss any of the related registry entries, which can go up to over 80 depending on how many previous version of the patches have been installed, then the patch just reinstalls itself and you will have to start all over again.

"Customers can choose to not install the Windows 10 upgrade or remove the upgrade from Windows Update (WU) by altering the WU settings. The Get Windows 10 app functions within the Windows 7 and Windows 8.1 notification manager control panel and customers can turn off upgrade notifications in the system tray. The Get Windows 10 app icon can also be removed in the system tray," Microsoft told the Register.

"For IT administrators, it is possible to disable the upgrade using Group Policy settings or by using the DisableUpgrade registry key. All other registry keys are not supported mechanisms for controlling notifications or controlling the upgrade process and are not recommended by Microsoft. Please see KB 3080351 for more information."

Gee, thanks Microsoft. At least Microsoft is responding on this count, but it isn't explaining why the patches keep mutating like malware to stop users from deleting them.

The latest operating system has been mired in controversy since before it was even launched. It was discovered by users that Microsoft is secretly downloading 6GB of Windows 10 files onto machines that haven't upgraded; the Threshold 2 update deletes default programs and freezes during the update; and most recently, Windows 10 updates are forcing PCs to use Microsoft products to open various file formats as a default instead of allowing the user to choose for themselves. Even Internet Explorer seems to have Get Windows 10 ad generators included.