Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs

[hazelnut]

Quote

HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.

Quote

To fully mitigate all flaws Demirkapi found, you will need to uninstall the vulnerable software by removing both HP Support Assistant and HP Support Solutions Framework from your computer.

https://www.bleepingcomputer.com/news/security/windows-pcs-exposed-to-attacks-by-critical-hp-support-assistant-bugs/

[login123]

I intend to remove it soon. Have known it to be a chatty software. It MAY? affect the OEM backup system, not sure, but Macrium has that covered anyway. 

Thanks for the heads up. 

[Andavari]

Seems like all those OEM tools at some point are prone to it. When they stop feeding the system updates they aren't really worth having installed anymore anyway, and some seem more like spyware anyways.

[login123]

Right, and this computer is too old to benefit anyway.

[login123]

Update. 
I am going to wait a bit before removing that HP software.
On this win 7 computer that software seems to be tightly integrated with some funcions I want to keep.
Not sure exactly how much stuff will be disabled.
Just don't know enough about the issue to proceed yet.
Might be a bit over my head.

 

[login123]

Well, that was a chore! 

I remember now that those softwares were useful at first, helped to check & troubleshoot. No use now, of course. 

There might be a quicker way, but I investigated each software separately before uninstalling it. They are indeed tightly bundled. Many odd glitches during the removal process, but nothing crashed and all seems well now.

I tried it w/ shadow defender on at first, to save me from my own mistakes, but eventually just gave that up and made a macrium differential image at each critical stage. Five or six minutes for each.

Fwiw, using the control panel with shadow defender on increases the time required to remove each software from 2 or 3 minutes to over 30 minutes.  During that time the uninstall popup just sits there. Everything else works, but it won't budge & won't cancel. It always did eventually finish. 

Anyway, thanks for the heads up. This win 7 box now boots and shuts down faster.
The registry is a mess, but I'll get to that later.  lol

 

[Andavari]

That's why with Win10 some people just do the required first run "setup", and then just reinstall Win10 from scratch to get rid of OEM installed tools that aren't necessarily required if the OEM allows downloading and installing them manually, and at the same time it gets rid of the OEM installed bloatware trial versions of software and the crappy trial versions of antivirus they include.

When I got my Acer laptop some people were egging me on the do a fresh Win10 install (read about it enough online over the years so I didn't need that egging on), although with tools like Geek Uninstaller Free and Revo Uninstaller Free, and even the antivirus companies removal tools and my ability to manually edit the registry without making a mess it wasn't necessary at all. Plus I liked the ability to first use the installed Acer OEM tool to make an OEM USB Flash Drive to reset the system to factory default just in case I ever decide to sell the laptop - after which I nuked all the crapware.

[nukecad]

AdwCleaner from Malwarebytes can now quickly remove OEM bloat, (and even some MS bloat). Best of all it's free.
https://www.malwarebytes.com/adwcleaner/

@login123 I'm not sure if it can clean up your left over reg entries now, but it may be worth a try.
https://support.malwarebytes.com/hc/en-us/articles/360038520114

[login123]

AdwCleaner from Malwarebytes  . . .running it, thanks.

It's done.  Fast.  It found the ebay link and hp sotware, including one which I thought was gone.
Says it found 41 items but only lists 9. Is 41 the number of registry entries, you suppose?

Will run it again when SD is off and see what happens.

Thanks again. 

[nukecad]

11 hours ago, login123 said:

Says it found 41 items but only lists 9. Is 41 the number of registry entries, you suppose?

It's not found anything on my machine for a wile, I run it about once a month just to check that nothing has sneaked on my computer.

If I remember correctly it's like CCleaner's Advanced Report in that if you click on one of the found entries then it will expand to show more inside that entry.

It also creates logfiles of what it found which should show all 41 so you can look at that.
The log(s) can be found in the folder where AdwCleaner.exe is located. Usually C:\AdwCleaner\logs

PS .Those logs can build up over time, you may want to make that folder an include in CCleaner if you are going to use Adw regularly.

[login123]

Thanks again, nukecad.  ADW cleaner did indeed work just as you said.
I was afraid it would run before I was ready, but it waits for you to "say go". 

Still, fwiw, I make a trial run with software like that just in case.
Macrium reflect images make that easy.
As I recall, Hazelnut recommended Macrium.
What would I do wihout you guys? 

This computer runs much better without all that stuff.

[Andavari]

Some of the OEM bloatware runs from Task Scheduler, so worth looking in there too.

[login123]

OK, will do.

[nukecad]

5 hours ago, Andavari said:

Some of the OEM bloatware runs from Task Scheduler, so worth looking in there too.

AdwCleaner should get rid of those when removing the bloat app.

But even if the scheduled task should somehow get left behind, if the app itself has been removed then there is nothing for scheduler to run anyway.

ADW is not a fix all and there is some OEM bloat that it can't yet clear, (they are working on that), and of course you may even want to keep some of it.
It's just a quick option for getting rid of most of the useless OEM junk.

[login123]

I did delete those tasks. Maybe no need, but afaik no harm either. Will run it a bit to see what happens.

On 07/04/2020 at 15:05, Andavari said:

Seems like all those OEM tools at some point are prone to it. When they stop feeding the system updates they aren't really worth having installed anymore anyway, and some seem more like spyware anyways.

 

Quite so.  Should be easier to get rid of when they expire. 

[Andavari]

Since they're network aware the OEM's should just send out a killbit to disable them when a system will no longer get any updates; BIOS, Drivers, OEM Utilities, etc. Although with that stated Dell seems very good at feeding their older systems updates, I notice my mother's 2014 Dell Inspiron business laptop gets regular enough updates to not even warrant manually looking for any of them.