Completely Uninstall Default Windows Store Apps in Windows 10 (8/8.1 too)

I am NOT a fan of the Windows Store or ‘Charm’ apps. If I want an application – I’ll seek out and get it myself. I don’t like being force fed a bunch of useless stuff I don’t want or need. With the advent of Windows 8 through Windows 10 MS has pushed their default/charm style applications. I use none of them. So I set out to remove them. Here is what I’ve found. Hope it helps.

If you wish to uninstall individual apps in Windows 10, run the following command in an elevated PowerShell window:

Get-AppxPackage | Select Name, PackageFullName

You will be able to see the list of all installed apps and its PackageFullName information.

image

Note down the PackageFullName and replace it in the following command:

Get-AppxPackage PackageFullName | Remove-AppxPackage

So the command to remove some of the apps will look as follows:

Uninstall 3D Builder

Get-AppxPackage *3dbuilder* | Remove-AppxPackage

Uninstall Get Office app

Get-AppxPackage *officehub* | Remove-AppxPackage

Uninstall Get Started app

Get-AppxPackage *getstarted* | Remove-AppxPackage

Uninstall Get Skype app

Get-AppxPackage *skypeapp* | Remove-AppxPackage

Etc…

Run the command to uninstall the particular pre-installed default Windows 10 Store app and then restart your computer.

If you want to uninstall the particular pre-installed app from all user accounts, use the following command format:

Get-AppxPackage -allusers PackageFullName | Remove-AppxPackage

Seems some people lost the Windows Store and wanted/needed it to get Window apps.

Another fully scripted way to remove everything BUT the Windows Store is here:

Get-AppxPackage

-AllUsers | where-object {$_.name –notlike "*Microsoft.WindowsStore*"}

| Remove-AppxPackage

Get-appxprovisionedpackage –online | where-object {$_.packagename –notlike "*Microsoft.WindowsStore*"}

| Remove-AppxProvisionedPackage –online

There are some tools available that will assist users in doing all this via a Graphic Intereface – Notably theWindowsClub’s 10AppsManager for Win10; it’s a freeware that will allow you to easily uninstall and reinstall the default, built-in, preinstalled Windows Store apps in Windows 10. It can be downloaded here.

Using PowerShell to Manage Windows Updates

Using PowerShell to Manage Windows Updates:  PSWindowsUpdate

Often we have to update computers that have not – for whatever reason been updated in a long time. AND we often have to create new deploy images using sysprep. What usually happens is that Windows update will hang at ‘checking for updates’ for a very long time and either error out or never complete. A secret I found to deploying Windows Updates when this happens or from within Audit Mode is an excellent PowerShell module created by Michal Gajda. This module, aptly called PSWindowsUpdate, allows managing Windows Update on any computer running PowerShell 2.0 or higher. This module even enables Windows admins to check for and install updates on remote PCs and servers. PSWindowsUpdate is particularly handy for installing updates on Server Core machines that have no GUI, or in instances such as Sysprep’s Audit Mode where the Windows Update GUI doesn’t work.

· Get started by downloading the latest version of PSWindowsUpdate.zip.

image

· Once downloaded, extract the contents of the zip file to C:\Windows\System32\WindowsPowerShell\v1.0\Modules\.

image

Extracting files from PSWindowsUpdate.zip.

· Click Continue if a UAC prompt appears.

image

· When the files have been extracted into the PowerShell Modules folder, open an elevated PowerShell prompt. Change PowerShell’s Execution Policy to RemoteSigned. The RemoteSigned Execution Policy allows PowerShell scripts downloaded from the Internet to run on a PC as long as they are signed by a trusted publisher.

· Type Set-ExecutionPolicy RemoteSigned and press Enter. When prompted, confirm the change by pressing Y and then Enter.

image

Changing PowerShell’s execution policy

This completes the one-time configuration of the module! Now it’s time to put PSWindowsUpdate to use!

· If running PowerShell v2.0, type Import-Module PSWindowsUpdate and hit Enter. This isn’t necessary in PowerShell v3 and higher, but it doesn’t hurt anything either. This step simply guarantees that the modules cmdlets will be available to the PowerShell v2.0 session.

· Display a list of all the module’s available cmdlets by typing Get-Command –module PSWindowsUpdate and hitting Enter.

image

Using Get-Command -module PSWindowsUpdate.

· Possibly the most important function for getting and installing updates is Get-WUInstall. Help for each cmdlet is available, so to see full help for Get-WUInstall type Help Get-WUInstall –full and press Enter.

image

Looking at help for Get-WUInstall.

When applying updates, I prefer connecting to the Microsoft Update servers. Using these instead of the standard Windows Update servers allows installing updates to Office and other Microsoft products in addition to the normal Windows updates. Unfortunately, trying to connect to the Microsoft Update servers using the PSWindowsUpdate module from a fresh Windows installation will produce an error, as shown below.

image

· The reason for this error is because Windows is registered to use only the standard Windows Update servers by default. To use the Microsoft Update servers, the Microsoft Update Service must be registered on the computer. In the GUI, this is done by selecting the checkbox for Give me updates for other Microsoft products when I update Windows from the Control Panel – Windows Update – Change Settings applet.

· In the PSWindowsUpdate module, the same process is completed by using the Add-WUServiceManager cmdlet with the ServiceID for the Microsoft Update service specified. Type Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d and press Enter. When prompted, confirm registering the service by typing Y and pressing Enter one more time.

image

Registering the Microsoft Update servers.

· List available updates from the Microsoft Update servers by typing Get-WUInstall –MicrosoftUpdate –ListOnly and pressing Enter. After a few moments, the system will return a list of the available updates for the current machine. No error this time!

image

· The same results are produced by typing Get-WUList –MicrosoftUpdate and pressing Enter.

image

· Type Get-WUInstall –MicrosoftUpdate and press Enter to go through the available updates, confirming installation of each one manually.

image

PSWindowsUpdate and Parameter Support

Another awesome feature of the PSWindowsUpdate module is its support of parameters. For example, using the –AcceptAlland the –AutoReboot parameters with the Get-WUInstall cmdlet changes the manual process into an automated one. Type Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot and press Enter. The system will download and install all available updates and then automatically reboot if any of the updates require a reboot.

image

Retrieving updates and installing automatically.

Don’t want a particular update to be installed? No problem! Use Hide-WUUpdate. Selection parameters such as –Title or –KBArticleID narrow in and hide specific updates. Feel free to use wildcards with these parameters. As an example, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –Confirm:$false and press Enter to hide the Bing Bar 7.3 update.

image

Hiding an unwanted update.

Notice that I used the –Confirm parameter, along with the $false switch, to automatically confirm hiding the selected update. In the future the update won’t appear when listing available updates.

Did you make a mistake and hide the wrong update? No problem! Hide-WUUpdate can unhide an update by using the –HideStatus parameter with the $false switch. To unhide the update hidden earlier, type Hide-WUUpdate –Title “Bing*” –KBArticleID “KB2673774” –MicrosoftUpdate –HideStatus:$false –Confirm:$false then press Enter. As before, I used the –Confirm:$false parameter to keep everything streamlined.

image

Unhiding a previously hidden update.

Once all the updates are complete make sure to open PowerShell (as Administrator) and set the Execution Policy back to ‘restricted’:

Type Set-ExecutionPolicy Restricted and press Enter. Then exit

Delete all trash in Google Voice

Delete all trash in Google Voice

I’ve have been using Google Voice since its inception in 2007. I have plenty of spam rules and other delete immediately rules.

This has all led to a massive trash folder.

Google’s method to delete the trash only allows for you to select 10 items at a time, then delete them then select another and so on. For me this was 3000 pages of crap!

I went on a search or method to empty this garbage once and for all. The responses from Google on their forums were pretty much ‘tough luck’ we’re not going to add that functionality. Even though for them that would be, programmatically, an INCREDIBLY simple adjustment.

I finally found a simple and working method!! Thought I’d share.

Here’s how to delete all Google voice messages in trash!

Install Tamper monkey extension in either Chrome or Firefox.

[I had best luck using Chrome for this instead of Firefox]

http://tampermonkey.net/

Then grab the script from here:

Download the script .zip and extract the file "gv-delete.user.js"

Then Open with text editor and copy all.

OR

Copy the entire script in the github script window.

clip_image002

clip_image004

Open Tampermonkey interface from Chrome browser (it’ll be on the tool bar)

clip_image006

Click on the ‘+’ next to the ‘Installed userscripts’

Copy over (or backspace over) any code

clip_image008

Paste the copied script into the window

clip_image010

Then press Save

Now

Navigate to your Google Voice page (stay on the Inbox – don’t go to the Trash folder) :

https://www.google.com/voice

And you’ll now see a two new buttons.

One says “Delete ALL” the other “Empty Trash”

clip_image012

Clicking on the Empty Trash will kick off the script and begin emptying all of the items in your Trash folder of Google Voice. It will take some time if you trash is large BUT it will finish. Just minimize the window and have a cup of tea or coffee or whatever.

And viola’ all gone!

SERIOUS OpenID and OAth2.0 flaw revealed

skull

Okay folks ANOTHER security issue you should be aware of.
A bug has been found in OpenID and OAuth 2.0, two authentication programs that let you log into web sites using your Google, Facebook, and other major accounts. Read here and here too

OAuth—and its alternative OpenID—let you log into sites or apps using your Google, Twitter, Facebook, or other credentials, without having to create yet another account or give the app more permission than necessary. OAuth and OpenID, in essence, authenticate you with the site or tell the site you are who you say you are and let you log in without having to enter a username and password.

For example; logging into LinkedIn you are asked if you’d like to use your Google or Facebook account credentials. Then you enter said credentials (FB or Google) and you can then get on because they then ‘authenticate/use’ your other credentials. You see this all the time on news sites and blogs – if you’d like to comment or post you’re asked for some sort of ‘authentication’ usually Google, Yahoo, Hotmail or Facebook etc..

THAT’S why I live by the mantra – use different credentials (username AND passwords) for EVERY site you login to!! AND NEVER ‘LINK’ ANY ACCOUNTS!
Though this may seem difficult given the amount of our lives that are now ‘online’ it is not that hard if you use an app/service like LastPass or KeePass. I NEVER use any ‘other’ account to login to any services – ever. Every account gets it’s own credentials. That way if one is compromised no other one will be.

Please be safe out there folks!

OS X Mavericks Update and Security Fixes

apple-logo

I recently wrote about the major security whole in the latest version of OS X – read my last post. It appears Apple has released the fix finally. Although the ‘fix’ comes not in a simple ‘patch’ but in an entire Operating System upgrade!

After several months of testing, Apple has released OS X version 10.9.2. The MAJOR (and very dangerous) SSL bug isn’t mentioned in the release notes that appear in Software Update, but the bug is mentioned on Apple’s security page for the update. Seems Apple is being their usual shity selves when it comes to security – hide or lie about it, sort of hiding the fact that this is so important.

To be a ‘little’ fair, this update does add some features but over all is really a bug fix of many major issues with the new Operating System. In Windows terms it would be called a full Service Pack.

As with any large Operating System upgrade/update you should of course back up your system – Use Time Machine or any other method I’ve described in previous posts.

Run the Software Update to update your system to 10.9.2 and if any other software shows updates available, select them too. If you’d like you can grab the full Combo update here.

If you have Mountain Lion it too has an update available – run Software Update to get it.

Please make sure if you run an Apple desktop or laptop computer that you update as soon as possible.

Be safe, Peace.

Serious OS-X and iOS Security Vulnerability Completely Opens Up Your ALL Your Secure Communications

Rotten_plus_GreenApple

It had been know for MONTHS that there was a serious security flaw in iOS and possibly the latest version of OS X that could allow attackers to surreptitiously circumvent the most prevalent Internet security protocol – TLS/SSL and and Security Certificate validations. The issue is a “fundamental bug in Apple’s SSL implementation,” This can allow attackers to view ANY of your ‘secure’ Web communications. This includes e-mail, banking sites. Facebook etc..

Apple finally released an ‘emergency patch’ to the latest version of iOS last week, but it appears that the flaw affects more than just Apple’s mobile platforms. It actually affects the latest versions of OS X – Apples latest desktop Operating System too!!

If you have an iDevice I’d recommend backing it up; via iTunes or any of the other methods I’ve previously recommended. Then checking for any System Updates. Tap Settings > General > Software Update. Then download and Install to download the update. [Updates might download automatically while your device is connected to Wi-Fi and a power source.]

As for you Desktop computer, well there lies the rub. Apple appears to have at first done the usual – deny, then downplay, then finally admit there is a serious problem and ‘promise a quick fix/patch’. [It’s really crazy that they are able to get away with this so often; I guess those reporting are too busy licking Apple sack….but I digress]

So what to do..

If you use the Desktop Apple Operating System – OS X you should always use the latest versions of Chrome or Firefox for internet browsing to help mitigate some of the possible exposure. [I NEVER use Safari and always recommend to all my clients that they don’t either]. Even if you’ve take the latest update on your iDevice I’d still recommend I’d recommend Chrome for iOS.

Here one of the latest articles I’ve found with a VERY good explanation. You should at least read this! But I’d recommend hitting all my sources.

Be safe folks!

Sources to read 1, 2, 3

Zero Day Adobe and Microsoft Exploits

Adobe has released (for the second time this month) an emergency update for its widely used Flash Player to combat active attacks that exploit a previously unknown security bug that hackers are actively exploiting to surreptitiously install malware on end-user computers.

Attackers are already exploiting it!

Please apply this patch and stay secure.
If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. The version of Chrome that includes this fix is v. 33.0.1750.117 for Windows, Mac, and Linux. To learn what version of Chrome you have, click the stacked bars to the right at of the address bar, and select “About Google Chrome” from the drop down menu (the option to apply any pending updates should appear here as well).

The most recent versions of Flash are available from the Adobe download center here, but beware potentially unwanted add-ons, like McAfee Security Scan, Chrome browser etc..). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

AND..

Microsoft has released a stop-gap fix for a previously unknown zero-day vulnerability in Internet Explorer versions 9 and 10 to combat a separate zero-day campaign. IF possible (many users cannot because of other ‘line of business software’ that requires versions 9 or 10) to update to version 11 of IE, since it contains exploit mitigations not available in earlier releases. Those who are prevented from running version 11 should install the Microsoft fix as soon as possible.

Microsoft site explanation is here

Actual ‘Fix-It tool is here

If you run it make sure you ‘right-click’ on the file after it’s downloaded and ‘Run As Administrator’

Be safe folks, Peace.

CryptoLocker news

Okay folks, here we go again. More ransomware is spreading and it can hit you. [Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.]

Ransomware/Malware that encrypts your data and tries to sell it back to you, or else, is not new. In fact, one of the earliest pieces of malware that was written specifically to make money, rather than simply to prove a point, was the AIDS Information Trojan of 1989. That Trojan scrambled your hard disk after 90 days, and instructed you to send $378 to an accommodation address in Panama.

Enter the latest Menace – CryptoLocker. If you have become seriously infected and do not take IMMEDIATE remedial steps, there is, sadly, not much you can do [unless you have full ‘offline’ backups as I am always ranting about] but pay up!

This is getting some recent much needed attention by the press. Here is a recent short article. A Google search will turn up hundreds more.

The endgame is the same in all cases: if you have a reliable and recent backup, you’ll have a good chance of recovering without too much trouble.

Prevention, in this case, is significantly better than cure:

  • Stay patched. Keep your operating system and software up to date.
  • Make sure your anti-virus is active and up to date.
  • Avoid opening attachments you weren’t expecting, or from people you don’t know well.
  • Make regular backups, and store them somewhere safe, preferably offline.

Don’t forget that services that automatically synchronise your data changes with other servers, for example in the cloud, don’t count as backup!!

They may be extremely useful, but they tend to propagate errors rather than to defend against them.

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

How do you become infected with CryptoLocker

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. An unsuspecting computer user will either get an email purporting to be from their bank, friends, Facebook or a host of other fake senders or be asked to click on a pop up in a Website. The person thinks it’s legitimate, clicks on it and before they know it the virus is installed on their computer which encrypts their data. The person will be given a time period, for instance 72 hours, to make a payment in exchange for the key to decrypt all the data. Refuse and the data on the hard drive will be gone forever.

These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please make sure that your antivirus/malware software and systems are up to date. And for Pete’s sake do NOT open attachments from the likes of those listed. IF you think you need to track something go to the ‘front door’ of the shipping company or bank and login/track there.

Once YOU infect yourself (yes, it is an action taken by the user that starts the infection!!) [Like any other piece of malware, common sense goes a long way. The critical thing is it’s not going to install files by itself. You have to initiate some action.] you will soon probably see a screen that looks like this:

CryptoLocker-thmb

Examples of known CryptoLocker email subjects include:

USPS – Your package is available for pickup ( Parcel 173145820507 )

USPS – Missed package delivery ("USPS Express Services" <service-notification@usps.com>)

USPS – Missed package delivery

FW: Invoice <random number>

ADP payroll: Account Charge Alert

ACH Notification ("ADP Payroll" <*@adp.com>)

ADP Reference #09903824430

Payroll Received by Intuit

Important – attached form

FW: Last Month Remit

McAfee Always On Protection Reactivation

Scanned Image from a Xerox WorkCentre

Scan from a Xerox WorkCentre

scanned from Xerox

Annual Form – Authorization to Use Privately Owned Vehicle on State Business

Fwd: IMG01041_6706015_m.zip

My resume

New Voicemail Message

Voice Message from Unknown (675-685-3476)

Voice Message from Unknown Caller (344-846-4458)

Important – New Outlook Settings

Scan Data

FW: Payment Advice – Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]

Payment Advice – Advice Ref:[GB2198767]

New contract agreement.

Important Notice – Incoming Money Transfer

Notice of underreported income

Notice of unreported income – Last months reports

Payment Overdue – Please respond

FW: Check copy

Payroll Invoice

USBANK

Corporate eFax message from "random phone #" – 8 pages (random phone # & number of pages)

past due invoices

FW: Case FH74D23GST58NQS

Symantec Endpoint Protection: Important System Update – requires immediate action

What should you do when you discover your computer is infected with CryptoLocker

When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

Users who are infected with the malware should IMMEDIATELY consult with a reputable security expert to assist in removing the malware. And should NOT attempt to mitigate or in anyway try to ‘fix’ the issue themselves – this will only insure the loss of data!!

It is not advised that you remove the infection from the %AppData% folder until you decide if you want to pay the ransom. If you do not need to pay the ransom, simply delete the Registry values and files and the program will not load anymore. You can then restore your data via other methods.

It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again. Instead use a program like Process Explorer and right click on the first process and select Kill Tree. This will terminate both at the same time.

Is it possible to decrypt files encrypted by CryptoLocker?

Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. There are methods that can/may be used to recovery you ‘Shadow Copies’, but this often times requires an expert.

If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.

So to summarize the very first line of defense is to have good computing common sense and usage. Second if my usual mantra FULL IMAGE BACKUPS ON A REGULAR BASIS TO EXTERNAL/REMOVABLE MEDIA. I can’t say this enough. And I’m sure to get the calls from folks who are screwed. I sympathize, a little anyways.

Okay end rant. Be safe. Peace all.

Windows 8.1 is here

Windows 8.1 is here just a year after Windows 8. This update—free to existing Windows 8 users. The update is simple and hassle free through MS update.

I’d recommend it to anyone who has Windows 8 to make it more easily navigable and user friendly. Especially those of us in the business desktop world.

Some reasons to update can be found here.

Another pretty good review article is here.

Terrifying new Ransomware

This is here some scary sh%t.
I know I sound like this guy

the-sky-is-falling-2

about backing up your entire systems to ‘offline/removable’ media but I’ll keep on saying it.

This nasty is spreading fast on corporate networks. Scary thing is it still uses social engineering and poor user training/safety methods to launch/install. It usually arrives as an email attached archived zip file with an executable inside that should have been a dead giveaway that this message was malicious and was in no way legitimate. But sadly most people have not been properly educated on computer safety or are just plain lazy and don’t think to look at what they are doing. But once installed it can wreck havoc on a company.

Please develop and use some kind of offline full system backup plan for your personal and especially your business.

Do not think or rely on ‘cloud based’ backup system to protect you from this type of attack. Think about it, your now encrypted files would be uploaded to the cloud and overwrite your original/good ones.

I’ve written so many times about the need for offline backups you can just look through my blog and find more info about that.

Be safe folks!