We have recently experienced a power slow down on our PC with Windows 7. We checked the task manager and there was a process running named GWXconfigmanager.exe. This process is signed by Microsoft and if you check the MS site, you will see that it was a part of the update KB3035583.
However, the file that was running on our PC looks very suspicious – it could not be killed and the process priority could not be changed as ell. We used “Autoruns” to see when/where this process started. However, not a sign of how this process starts.
If you check other websites found on google, many of them claim that it is a malware and they immediately offer you some kind of “removal software”. This looks even more suspicious than the file iteself. Be very careful and do not use these online removal features unless you are sure what you are doing and the app is from a trusted source.
It seems that a malware program uses the name of a standard MS file and they even use the MS signature.
How to get rid of GWXconfigmanager.exe?
Restart your PC and enter the Safety Mode without netwrok. If you don’t know how to do this, check in google. Simply – pres F8 several times right after bios finishes loading.
If possible, go to Start/Control Panel/Programs and remove the Windows update KB3035583.
In the safemode, search for the GWX folder inside C:\Windows\system32. Delete the whole folder. Then click to start menu/run and type regedit. Search for GWX within the folder Local_Machine. Delete the folder(s) named GWX. Be careful, the three characters ‘gwx‘ might be included in other keys/register folders. Delete only those named GWX or pointing to C:\Windows\System32\GWX.
Restart the computer and check the task manager to see if the process disappeared. If you uninstalled the update, check for MS updates again and reinstall the update.
We hope this helps a little bit. Please, share your experience in the comments.