Help identify this Windows popup please

[Wolfmancatsup]

‘Morning all
A good friend of ours died late last year. His widow now wants to use his laptop. I’ve managed to remove a lot of malware and ‘bloatware’, and set up email for her, but this popup appears on every boot. The only options are to click ‘refresh’ or to close it. I’d like to work out what it is.

 

[Darth Vader]

Why not just reset Windows you can keep the data if you wish.

As to your question Windows is trying to connect to a server. Check the start up apps and look in File Explorer under This PC for server connections.

DV

 

[Wolfmancatsup]

Why not just reset Windows you can keep the data if you wish.

As to your question Windows is trying to connect to a server. Check the start up apps and look in File Explorer under This PC for server connections.

DV

She doesn’t want to reset it yet. My suspicion is the popup’s a browser hijacker. I removed a few of those but partly because it’s an old laptop (c. 2011) and also I suspect because of the huge amount of unnecessary stuff installed on the machine at purchase it’s currently incredibly slow, and removing and even looking through stuff to track things down is an arduous task, one which I’m gradually chipping away at when we visit her. I gave her her own login as her husband’s login is just so cluttered, and that’s working ok if very slowly, but there’s just this one popup that she’d like removing.

 

[garyi]

Could it be a local server, perhaps there is a nas somewhere or something?

 

[Darth Vader]

What i would do is remove the HDD and put it in a USB case and install an SSD - they are quite cheap today. Then download and install Win 10. Provided you install the correct version Home or Pro Windows can be activated with the original key thats stuck on the machine somewhere.

All the old data will be accessible on the original HDD via a USB port. Saves a lot of time and effort without some nasty springing up

DV

 

[Pete MB&D]

Run malwarebites if that doesn’t sort it see what’s running at startup.

Pete

 

[Wolfmancatsup]

What i would do is remove the HDD and put it in a USB case and install an SSD - they are quite cheap today. Then download and install Win 10. Provided you install the correct version Home or Pro Windows can be activated with the original key thats stuck on the machine somewhere.

All the old data will be accessible on the original HDD via a USB port. Saves a lot of time and effort without some nasty springing up

DV

From the sticker beneath, it originally had 7 on it, but Mike updated it to 10 at some point, so it would be straightforward to reinstall. I may try pulling the HDD but at the moment I only get a little while on each visit to look at it. I’m hoping she’ll let me take it away at some point so I can spend more time with it, but she’s not yet happy for us to do that, so I’m just chipping away at it when I can.

 

[Wolfmancatsup]

Run malwarebites if that doesn’t sort it see what’s running at startup.

Pete

I have a long list of antivirus/malware/rootkit stuff I want to run when I get time, but as I said to DV, I only get a short while to fiddle on each visit. Once I’ve run all those, the next thing I want to do is get rid of the outdated McAfee antivirus and get Defender going again.
it’s so sluggish, though, that when I uninstalled just one program yesterday it took twenty-eight minutes…

 

[Darth Vader]

I have a long list of antivirus/malware/rootkit stuff I want to run when I get time, but as I said to DV, I only get a short while to fiddle on each visit. Once I’ve run all those, the next thing I want to do is get rid of the outdated McAfee antivirus and get Defender going again.
it’s so sluggish, though, that when I uninstalled just one program yesterday it took twenty-eight minutes…

I've had three machines like that on my bench. One belonged to my daughter who was begging for a new machine as her Macbook Air was 'dying' so she claimed. Basically it (and another Windows machine) was full of crap that was calling home over the Internet. Its now back in use as her portable to take on site visits. The third machine did have some crap but the main culprit was McAfee.

All of these took several hours to fix due to the snails pace of the machines.

DV

 

[Tumeni Notes]

If it has Win 10 on it, and you can get to a web browser, then go to MS downloads area of their website, and download a fresh W10 install onto a USB stick. Back up any data to be kept, format the disk, and install W10 fresh from the USB

 

[Darth Vader]

If it has Win 10 on it, and you can get to a web browser, then go to MS downloads area of their website, and download a fresh W10 install onto a USB stick. Back up any data to be kept, format the disk, and install W10 fresh from the USB

This is unnecessary in a normal Windows install. As I mentioned above there is a Reset this PC option under the restore options. This will re -install Windows from the recovery partition with the option to keep your files or wipe everything. Always provided that the recovery partition hasn't been deleted!

DV

 

[gez]

Doesn't look like a Windows notification to me. What server exactly would Windows be trying to connect to? Windowstime maybe, but I'd have thought that would fail quietly in the background and stick something in the event log. Certainly, I've never seen Windows put something up on the desktop to indicate it was unable to set the time - at least not unless you requested a sync manually.

As has been said, I'd do a reset. At worst it'll result in you possibly needing to reinstall some software and recofigure email etc. But at least you'd know you have a correctly working system as a base.

 

[vacuum_tubes]

Agree that looks very apple/mac like.

Is iCloud for windows installed?

With the pop up open If you open task manager and look under apps you may get a name there, expand the arrow and it will normally tell you the program running the pop up

 

[Wolfmancatsup]

Doesn't look like a Windows notification to me. What server exactly would Windows be trying to connect to? Windowstime maybe, but I'd have thought that would fail quietly in the background and stick something in the event log. Certainly, I've never seen Windows put something up on the desktop to indicate it was unable to set the time - at least not unless you requested a sync manually.

As has been said, I'd do a reset. At worst it'll result in you possibly needing to reinstall some software and recofigure email etc. But at least you'd know you have a correctly working system as a base.

I agree - definitely not a Windows popup. If I could spend more time with it I’m sure I could track it down, but I’m only getting to play with it for an hour every week or two so just wondered if someone had seen it before.

 

[Wolfmancatsup]

Agree that looks very apple/mac like.

Is iCloud for windows installed?

With the pop up open If you open task manager and look under apps you may get a name there, expand the arrow and it will normally tell you the program running the pop up

iCloud isn’t installed. I will try tracking this popup down via task manager but when I tried to run TM up yesterday it took an absolute age for it to appear - so long that I ran out of time. I think I can get the machine running a lot faster but it will take time to get to that state.

 

[vacuum_tubes]

Might be safer to do a clean install. I did a google of that message and image and it came back with nothing so it looks "unique"

I'd copy any stuff she wants off to a USB stick, sheep dip it and then reinstall windows from scratch.

 

[garyi]

This isn't just the load screen/bing wall paper having a freak out is it?

 

[vacuum_tubes]

Think that's the boggo win10/11 background, remember when I upgraded and thought it looked like the apple mountain backgrounds

Didn't win10 give you different backgrounds with links to where it was taken.

 

[Wolfmancatsup]

This isn't just the load screen/bing wall paper having a freak out is it?

I don think so. I would imagine anything that was tied in with those would be able to find any server it was trying to contact. It looks a bit fancy for a regular Windows dialogue.

 

[gez]

I don think so. I would imagine anything that was tied in with those would be able to find any server it was trying to contact. It looks a bit fancy for a regular Windows dialogue.

Have you had a look at the event log? See if there's any log that matches the timestamp (give or take obviously) of when the popup occurs? You may get lucky and find a log that explicitly states an error contacting a server. That should give some indication about what is trying to make the connection

Also you can use process monitor (sysinternals) to monitor network traffic (with an appropriate filter).

Process Monitor - Sysinternals

Monitor file system, Registry, process, thread and DLL activity in real-time.

learn.microsoft.com

A video showing how to set a filter, they're filtering on tcp specifically but there are other options available that may help see what's accessing the network up to the point you get the window.