hacked windows and/or windows update server?

[esaj]

however my Explorer is the only thing acting strange right now - but there  is something persistent about this "update" because I deleted it yesterday as a running "job" - and now it apparently re-downloaded itself at 6:52 PM - 9/30/2015  and now cannot be accessed or deleted now as "being used by another process" - and I cannot tell which process of course. 

As for stopping processes and figuring out which processes are using it perhaps @esaj might know more and hopefully he can chime in.

I've found Process Explorer to be handy for this. Here's some instructions:

http://superuser.com/a/399660/180303

 

[Kevin]

@Kevin I just wonder why a Test Update wouldnt be clearly labeled as Test everywhere, Title, Description, more info etc. so everybody inside MS can identify it on first sight. At least thats what I do on my systems and all colleagues i know in IT do it similarly. Why use some random character generated urls if you dont have to hide something?
Also: call it a conspiracy or coincidence but the first "more Info" link to the .gov URL starts with the characters "hck".

It's fairly common practice in automated testing to use randomly generated data so that you can catch weird issues that you wouldn't normally find. An update looking like this looks is probably intended to run inside a sandbox, where a new virtual machine gets set up with maybe a fresh install of windows, this update applied, and then the whole thing wiped and started over.

That said, it's clear that this update is doing bad things to people's systems. My guess is that it's overwriting some system files with more randomly generated data. 

[Bygodzombie]

i had actually made that post on 
MS page about my laptop thats why that post was so similar to mine on here. i was just trying to spread the word. im honestly thinking some secondary event has messed up my laptop. but the timeline fits to where it was totally fine before the update. but after "failed" install everything hit the fan.

[John Eucist]

i had actually made that post on 
MS page about my laptop thats why that post was so similar to mine on here. i was just trying to spread the word. im honestly thinking some secondary event has messed up my laptop. but the timeline fits to where it was totally fine before the update. but after "failed" install everything hit the fan.

Have you managed to get everything back to normal now?  Since you probably are more up to date with this event than me, do you know if Microsoft have actually addressed this issue besides just pulling the update from their system?

[wilburunion]

It is genuine.  I made the mistake of allowing the attempted installing of it before looking at it.  It failed the install allegedly.  The process using it is wuauserv - the Windows Update Service - and when I do a "net stop wuauserv" to  stop that service I can delete it but it simply returns.  I cannot hide it - it will not allow me to..  I have turned automatic updates OFF to even check - and I am doing it manually now.  The system is running normally enough now - and now only occasionally will Windows Explorer simply stop responding.- usually on a right click command to do something.  That dodgy - wonky update is in my update history now - and I believe that is where it keeps downloading from - and the only way I know of to stop that is to delete the SoftwareDistribution folder as stated in https://support.microsoft.com/en-us/kb/2509997 at method 10 - which I just did, and on the next check for updates - it should build a new directory structure inside the new SoftwarreDistribution folder I created and abandon the old  one.  Since Microsoft has allegedly removed this from their servers - it should stop trying now - to re-download - but that begs the question - where isit coming from anyway if that is the case.  I too am concerned it might be a "sleeper" file of some sort