What is CxUtilSvc.exe and How to Fix CxUtilSvc.exe Fan Speed Error on Windows

What is CxUtilSvc.exe and How to Fix CxUtilSvc.exe Fan Speed Error on Windows

  March 15, 2021    Riserbo

---

CxUtilSvc.exe is a Conexant SmartAudio process designed to run on Windows computers. This file is not malware, however it can cause several Windows-related issues if it happens to malfunction or is overwritten. In this article, we will explain how CxUtilSvc.exe works and what to do if you notice a connection between this process and unusual fan activity on a Windows PC.

How CxUtilSvc.exe Works

Conexant Systems developed CxUtilSvc.exe as a service program to be supported by Windows OS. Both Conexant software and hardware is commonly used in PCs. CxUtilSvc.exe, otherwise known as the Conexant Utility Service, is associated with Conexant SmartAudio II, a program which allows user access to Conexant audio chipset settings.

If you know CxUtilSvc.exe is essential to your PC or Windows apps, avoid uninstalling it to prevent further problems.

File Info:

Name - CxUtilSvc.exe

Publisher - Conexant Systems, Inc

Version Used - 2.3.0.0

MD5 - 9a59df2ca690019fea3b265d5a7eb619

SHA1 - edcc7a48bd9cee92c792e91fb33e72589233a0e7

CxUtilSvc.exe Fan Speed-Related Error

Some Windows users have discovered a correlation between the Conexant Utility Service and strange fan activity. Symptoms of this problem include higher PC fan speeds while the mouse is being used and when the CxUtilSvc.exe program is active. Follow this step-by-step guide to diagnose and fix the problem.

Step 1 - Identify the CxUtilSvc.exe file location on your computer. You can do this by right-clicking on the application in Task Manager (Ctrl + Shift + Esc) and clicking “Open file location”. Alternatively, you can check the following directories: C:\Windows\System32, C:\Program Files\Conexant, and C:\Windows\CxSvc.

If you find the application under C:\Windows\System32, avoid uninstalling CxUtilSvc.exe as it may be essential to your computer system. If you fail to find CxUtilSvc.exe under any of the aforementioned directories but still see the file running as a process in Task Manager, it’s possible your computer has been infected by malware impersonating the Conexant Utility Service. Software impersonation is a common tactic used by malware developers to extend the lifetime of a virus on an infected PC.

Step 2 - Reinstall the Conexant SmartAudio driver. This can be done via the Device Manager, which can be opened by pressing the Windows key and “R” to open the Run Dialogue and entering “devmgmt.msc”.

Once you’ve successfully run the Device Manager, find the “Audio inputs and outputs” tab and click it. Look for “Conexant SmartAudio” and right-click the text before selecting “Uninstall”. The driver should automatically reinstall the next time you restart your computer.

Step 3 - If CxUtilSvc.exe is still causing fan problems on your PC, try using Microsoft’s system file checker. First, open Command Prompt as an administrator by typing “CMD” in the Windows search box, and clicking “Run as administrator”.

Then, click “Yes” and type “sfc /scannow”. This will execute the SFC (system file checker) tool on your PC. The scan may take some time, but if any Conexant Utility Service errors are identified they will be automatically repaired.

Step 4 - Uninstall the Conexant Utility Service application if the steps above did not resolve your PC fan error. Note: this should only be done if CxUtilSvc.exe is not essential to your computer. Begin by opening the control panel via the Windows search box.

Click on “Uninstall a program” under “Programs” and find the “Conexant Utility Service” label. Select it and click “Uninstall”. This will remove the CxUtilSvc.exe app from your PC and hopefully fix any fan-related issues connected to it. Restart your computer to observe any changes.

More Errors

Other problems associated with CxUtilSvc.exe include System Error notifications and corrupt application data. When approaching these errors, make sure CxUtilSvc.exe is up-to-date. You can check a file’s version by opening PowerShell (via Windows search) and typing “(Get-Command C:\Path\Of\File.exe).FileVersionInfo.FileVersion”. 

If you believe the CxUtilSvc.exe file on your computer is illegitimate, in other words, if you think you're dealing with another program impersonating the Conexant Utility Service, you can always verify the file by calculating a checksum and comparing it to the hashes listed above.

Read More

How to Remove Calimalimodunator [Trojan:Win32/Wacatac.DA!ml] + Complete Malware Analysis

How to Remove Calimalimodunator [Trojan:Win32/Wacatac.DA!ml] + Complete Malware Analysis

  March 01, 2021    Riserbo

---

Welcome to a complete removal guide for the calimalimodunator.exe virus (otherwise known as A954E0~1.EXE). This new spyware is specifically designed to steal user credentials and harvest sensitive browser data. An infection should be removed as soon as possible. Click here to skip directly to our removal guide.

By making use of a dangerous arsenal of dropped dynamic link library files (DLLs), Calimalimodunator can change your system policies to compromise your environment and swipe data. Our malware analysis will reveal how Calimalimodunator runs its data-stealing operations on victim computers, how it executes dropped files, and how it can evade antivirus and investigation.

General Info:

Filenames - Calimalimodunator.exe, SecuriteInfo.com.W32.AIDetect.malware1.4821.3208, SECURI~1.exe, A954E0~1.exe

Dropped Filenames - SECURI~1.EXE.dll, A954E0~1.EXE.dll, A954E0~1.EXE.id0, A954E0~1.EXE.id1, A954E0~1.EXE.id2, A954E0~1.EXE.nam, A954E0~1.EXE.til

Total File Size - 6,272,000 Bytes

Possible Malware Origin - Slovakia, Iran

File Hash:

SHA256 - a954e03d2300786bf77ab0caab269c05b75c34d62e0497979bfbb6919befcff5

SHA1 - dfccc553dd00dee74dc212373a82cae24e2648b5

MD5 - 03b1daa2ee50da70c70c779b7471f492

Librarie(s) Accessed (Windows) - kernel32.dll

Test Sample Used - Malware Bazaar

Variants (Disclaimer):

As is common with most malware targeting Windows machines in today’s world, the original Calimalimodunator file will likely join a large list of software variants designed by threat actors to make improvements to the existing source code. Our extensive malware testing analysis is based on the investigation of the test sample listed above. Since our research involves analyzing file properties and data profiles associated with the Calimalimodunator or A954E0~1.exe malware, our antivirus tool is highly likely to flag new variants and remove file systems changes made by those variants as well as the original sample. That being said, malicious variants may vary and exhibit unique behaviors as well as differing structures not listed in this report. Subscribe to this blog to be notified of any updates made on this page. 

Distribution:

Spyware viruses are usually designed to target highly-selective information on infected computers. Distribution methods for this type of malware often differ from those used by ransomware or other types. The Calimalimodunator variant we tested accesses browser data from Chrome. This means that Chrome users are an ideal target for the threat actors behind Calimalimodunator and that their distribution methods may capitalize on this fact.

Direct Download - During our virtual machine testing phase of the Calimalimodunator malware, no fake windows or popups were found, indicating that the virus was attempting to disguise itself as legitimate software. For this reason, it’s possible that Calimalimodunator was developed for a specific target or a group of targets that can be physically accessed. After execution, the software immediately drops its malicious files right into the application’s parent directory. From a victim’s perspective, these files would seem highly suspicious, and the malware would be more effective if it were to modify its environment in a carefully selected, hidden directory. If Calimalimodunator or A954E0~1.exe was transported via flash drive and executed directly on a target computer behind a wall of folders, it could operate largely undetected by the victim.

Malicious Websites - Buying websites to spread malware is a common distribution tactic for threat actors. Some sites can be bought with cryptocurrency, providing malware developers with relative anonymity when making their purchase. Some sites are also stolen for distribution purposes, especially those with serious vulnerabilities. It’s possible that Calimalimodunator itself is spread via malicious websites due to the fact that it makes requests to at least one recently registered website during its infection.

Behavior:

Upon execution, the Calimalimodunator virus immediately drops the following files into its parent directory: A954E0~1.EXE.dll, A954E0~1.EXE.id0, A954E0~1.EXE.id1, A954E0~1.EXE.id2, A954E0~1.EXE.nam, A954E0~1.EXE.til (filenames may vary). Most of these files are not immediately written to and their function is likely to store stolen data harvested from the host computer.

 

 

 
Calimalimodunator then uses PowerShell to write a bypass to the execution policy for a hidden, temporary dropped file. This allows the malware to run its own PowerShell scripts on the targeted system. Windows execution policy normally restricts these scripts from being executed, however, Calimalimodunator finds a way around this to continue its spyware operations. In addition to bypassing PowerShell execution policy, this malware also scans infected computers to identify antivirus engines, a function which allows Calimalimodunator to behave differently depending on its environment and avoid being studied by an antivirus program or the security analysts behind it.

 

 

When it comes to its data-stealing capabilities, Calimalimodunator selects a very particular browser to swipe information from: Chrome. The malware will scan through an infected computer’s Chrome log files to look for browser settings, internet history, cookies, and login data. If this information is sent back to threat actors, it could potentially place all of the victim's online accounts at risk of being hacked. Cookie stealing (or session hijacking), which involves swiping cookie data and injecting it on another computer to login using saved sessions, is a common tactic hackers use to break into emails. From a compromised email, hackers may then find sensitive banking information or reset some online passwords. For this reason, spyware is extremely damaging to victims and profitable for cyber-criminals. Calimalimodunator is also known to schedule tasks, meaning it can execute its own files or more malicious activities at preset times.

 

Finally, Calimalimodunator or A954E0~1.exe also accesses the Windows registry during its infection and makes a connection request to the following address: hxxp://pesterbdd.com/images/Pester.png

This domain was registered this January in Hong Kong, and may be linked to Calimalimodunator’s operation, particularly the data transfer stage of its information-stealing endeavors. However, our testing did not confirm this and it is possible that the connection was formed to obfuscate other attempts at transferring data to the threat actor.

Removal:

Removing the Calimalimodunator virus, A954E0~1.exe, or its other files and variants is very easy to do with the malware removal tool built into our antivirus app, Malscope. Differing removal methods may exist but the following steps are our tested instructions for Calimalimodunator malware removal:

1. Purchase or download the Malscope Antivirus from our webpage and unzip the installer. If you purchase a yearly plan, you can use the code “calimali” to get 30% off Malscope, an app that is equipped to detect Calimalimodunator along with its possible variants and highlight any malicious files it discovers. The discount code will expire in 30 days, so be sure to use it as soon as possible!

 

 
2. Run the “Malscope” app and enter the product key you received after your purchase (check your email). If you already have a product key, you may skip the purchasing steps and enter it now.

 

3. Wait for Malscope to set up its environment. Once controls for the app are loaded, you can begin removing the Calimalimodunator infection.

4. Click the drop-down box under “Virus Removal” on Malscope to select a malware type to remove. Click “Calimalimodunator [Trojan:Win32/Wacatac.DA!ml]” and then press remove. If the Calimalimodunator virus is or was active on your computer, Malscope will automatically remove all dropped files and reverse damages to your system’s settings and execution policies.

5. If you downloaded Calimalimodunator.exe by mistake, be sure to scan the directory you saved it to with the “Scan Directory” button. This will prompt you to select a folder which you can click and wait for Malscope to scan. Malscope will automatically mark suspicious files and print them onto the usage log for you to read. You may then choose to delete the files either manually or through Malscope’s “Scan File Now” data removal option.

Prevention:

Since Malscope Antivirus is equipped with the ability to detect Calimalimodunator and its variants, we recommend using this tool to prevent an infection as well as removing it. Downloaded executable files should be regularly scanned with Malscope to ensure their safety.

Additional Notes:

-The Calimalimodunator malware was written in Delphi, a dialect of Object Pascal programming languages.

-The compilation system language of Calimalimodunator and A954E0~1 is Slovak, indicating that this virus likely originated from Slovakia.

-”Vsekdag” is the internal legal copyright name of the software used to run Calimalimodunator. This name may refer to a threat actor or malware author, as it has also been used in association with a more infectious spyware known as Calanilimodumator or m8kdtboA0T.exe.

-The image below is the app icon attached to the Calimalimodunator virus.

Read More

How to Remove/Prevent 4_ico.exe (Trojan.Win32.Packed) "Thermida" Virus on Windows - Complete Malware Analysis Guide

How to Remove/Prevent 4_ico.exe (Trojan.Win32.Packed) "Thermida" Virus on Windows - Complete Malware Analysis Guide

  December 27, 2020    Riserbo

---

This is a complete guide for the removal/protection from 4_ico.exe (Trojan.Win32.Packed) virus, a general Windows trojan threat reported on 12/25/2020.

Also known as Thermida, this older malware can still cause serious issues on new Windows computers and an infection should be removed as fast as possible. In this article, we will discuss our analysis of the file as well as the malware’s behavior and you will learn how to prevent and remove this virus. Please click here or scroll down below to find our recommendation and removal tips.

 

General Info:

File Size - 51,200 Bytes (without overlay), 5,560,102 Bytes (with overlay)

Filenames - 4_ico.exe, 6_ico.exe, vpn_ico.exe, lv.exe, Thermida, 55eef1be7b19e0f52556a646368aefc2.exe

Target Machines - Intel 386 / Compatible / Later

File Hash:

SHA256 - 23b038034753de2b160a1039ad4f724f0cb75d57d0f73af56d592850c82a20cb

SHA1 - ebe90b7d6f1758ec5ba37ac4790ea218b40acda6

MD5 - 55eef1be7b19e0f52556a646368aefc2

Libraries accessed (Windows) - user32.dll, version.dll, kernel32.dll, advapi32.dll, shell32.dll

Test Sample - Malware Bazaar

Distribution:

4_ico.exe is commonly run as a package along with vpn_ico.exe and 6_ico.exe, two separate portable executable files which perform different tasks to help this malware extract data from a compromised system. You might receive a 4_ico package through any of the following mediums:

Emails - A preferred method of distribution among malware developers - spam emails are known to carry malicious software hidden underneath links or attachments. 4_ico.exe itself can be smuggled through compressed files or document macros. Do not attempt to download files or navigate links sent by suspicious emails.

Fake Software - 4_ico’s start behavior suggests an intent to deceive its victims by imitating a legitimate app. The error message (shown above) which appears upon execution is fake, meaning 4_ico.exe is likely duplicating real error messages from similarly named software, such as the Oreans Thermida Protection app. Online downloads can contain the 4_ico.exe payload while pretending to run entirely separate programs.

Distribution Websites - Upon investigation, we discovered an array of online sites 4_ico.exe sends HTTP(S) requests to during its cycle of infection. This article will discuss these websites in more detail below, however it is likely that 4_ico.exe samples themselves also spread across sites built and designed solely for malware distribution.

Behavior:

Upon opening the malicious app, 4_ico.exe will immediately run a UAC prompt asking the user for admin privileges. If this request is accepted, 4_ico.exe displays a “Thermida” error message which reads: “A monitor program has been found running in your system. Please unload it from memory and restart your program.” The error message will then duplicate three times, and three separate applications will open and run in the background.

As previously mentioned under “Distribution”, these error messages are likely designed to imitate legitimate software. This is a fairly common tactic, and in this case it even encourages a victim to restart their computer (an action that possibly results in more payload activation). The three programs that run alongside the Thermida windows include “4_ico.exe”, “6_ico.exe”, “vpn_ico.exe”.

Out of these three files, 4_ico.exe results in the most lasting changes on a victim computer. The other two files, 6_ico.exe and vpn_ico.exe, make HTTP(S) requests to the IP-logging websites ip-api.com, 2no.co, and iplogger.org. These websites allow users to capture the IP address of any machine accessing a particular link, which can be dangerous only when used for nefarious purposes. An IP address will reveal information about a network/machine and pinpoint a victim’s general location. The fact that all three of these sites are used in succession suggests that 4_ico.exe is some form of data mining software, although they are also often utilized by threat actor(s) to keep track of infected machines and their locations.

6_ico.exe and vpn_ico.exe also make requests to separate, directly malicious sites in order to download more payloads. While these two scripts run HTTP(S) requests, 4_ico.exe does the heavy lifting for this malware. The sole program can search for, move, and delete files while accessing special folders after receiving administrative privileges on a target Windows computer. Whether or not 4_ico.exe can encrypt files in a ransomware-like fashion is currently unknown. Further tests will be performed, so be sure to subscribe to the blog to be notified of any updates.

System information and clipboard data can also be modified/extracted by 4_ico.exe, making it especially dangerous for individuals storing passwords or sensitive plaintext on their computer.

Finally, 4_ico.exe can make edits under Control Panel settings and escalate privileges for other files. Even after the application it is launched from appears to have ended, malware can still be active as a system process behind the scenes. Windows registry keys will also be affected, so victims of a 4_ico.exe attack will likely face lasting damage to their computers even after initial removal.

Removal:

Removing the 4_ico.exe virus entirely from a computer system might be difficult, but not impossible. Several removal methods may exist but the following steps are our tested instructions for 4_ico.exe removal:

1. Purchase or download the Malscope Antivirus from our webpage and unzip the installer. If you purchase a yearly plan, you can use the code “4ico” to get 50% off Malscope (discount will expire on January 25). This app is equipped to detect 4_ico.exe along with its variants and will highlight any malicious files as viruses.

 

 

2. Run the “Malscope” app and enter the product key you received after your purchase (check your email). If you already have a product key, skip the purchasing steps and enter it now.

3. Wait for Malscope to set up its environment. Once the controls for the app are visible, you can begin removing 4_ico.exe 

4. Click “Scan File Now” to select any file and scan it for viruses. If a virus is found, Malscope will prompt you to remove it. After clicking yes, “yes” the data for the malicious file will be wiped before it is permanently deleted. Begin doing this for the first file(s) which ran 4_ico.exe - these are most likely in your Downloads folder.

5. Click “Scan System” and wait for Malscope to scan through your entire system. Malscope will automatically filter through files most likely to introduce threats and warn you if they are associated with 4_ico.exe. Remove all files confirmed to be malware.

Prevention:

Preventing a 4_ico.exe infection on your computer is also possible with Malscope. Antivirus may be used to check downloaded files and ensure they are safe to use. As aforementioned, Malscope is equipped with data from our 4_ico.exe analysis, meaning it can detect any files associated with the virus.

VirusTotal

Additional Notes:

-The behavior of this malware indicates that 4_ico.exe was designed for data mining. The files 4_ico.exe creates contain unreadable data which might include system information or specifications that can then be sent to threat actors later with an extraction tool. Access to and modification of the clipboard are also common features of most data mining-related malware today.

-The 4_ico.exe package includes a massive Nullsoft file overlay (over 99% of file ratio). This points to the idea that 4_ico.exe was created with NSIS (Nullsoft Scriptable Install System).

-This virus has reportedly been active since February of 2012, with recent variants hitting target machines around December of 2020.

-All of this malware’s known processes are run from a single thread. A multithreaded performance would indicate a ransomware operation as the culprit behind 4_ico.exe, so it is unlikely that it can encrypt your files on its own. However, 4_ico.exe can still download ransomware payloads via HTTP(S) requests, and this should be taken into account in a prevention plan. Fortunately, you can scan files for ransomware with the Malscope Antivirus, which also happens to be armed with modern ransomware-detection features.

Read More

List of Fixes for Slow Internet Speed on Windows Computers

List of Fixes for Slow Internet Speed on Windows Computers

  August 06, 2020    Riserbo

---

Having a slow internet can be one of the most frustrating issues for new PC users, and unfortunately it can also stem from problems within your computer as well as your network. In this list, we included five possible solutions for your slow internet issues on a Windows computer.

1. Limit Background App Usage:

The most common reason for having slow internet on a Windows computer despite having a decent connection is too many internet-reliant background apps. Although you may only have a couple visible applications open at a time, there are hundreds of other services running in the background. To check these services open Task Manager (Ctrl + Shift + Esc) and scroll down to 'Background Processes'

Check all of your background apps and make sure nothing unnecessary is running. If you find a service you'd like to stop, select it's name and click the 'End task' button at the bottom.

2. Disable Extra Services from Resource Monitor

If you would like to view and disable background apps that use the most bandwidth, you must access Resource Monitor. To do this, open Task Manager (Ctrl + Shift + Esc) and click 'Performance'. Then, click the 'Open Resource Monitor' at the bottom. The following application should open:

Resource Monitor should automatically order your background services by network usage. Check the top apps and make sure they are necessary before stopping or uninstalling them.

3. Disable Large Send Offload

Large Send Offload (LSO) is a Windows feature designed to allow background apps and services utilize more bandwidth. Stopping this might improve your internet speed drastically. Start by pressing Windows Key + X.

Then, click 'Device Manager' to open the Device Manager.

Once you've opened Device Manager, click the 'Network adapters' menu and find the device you use. Right click on this device and select 'Properties'. From the Properties menu, click on the 'Advanced' tab and scroll down until you see 'Large Send Offload'. There will be one for IPv4 and IPv6. Click each and select 'Disabled' on the right.

Click 'OK' and Large Send Offload should be disabled.

4. Background Updates

By default, Windows 10 may automatically download updates before prompting you to install them. This can have a significant impact on your internet speed. To change this, open the Settings app and click on 'Update & Security'. This will show your current update settings and allow you to manage download/installation from there.

5. Additional Problems

If you're using third-party firewall software or custom firewall settings, they could also be limiting your internet speed. Try reconfiguring your firewall and testing your internet to find a desirable balance between security and speed. Finally, ensure your network adapter drivers are correct and up-to-date.

Read More

How to Fix Windows Error - Graphics card not detected

How to Fix Windows Error - Graphics card not detected

  July 14, 2020    Riserbo

---

Graphics is an important part of the Windows PC experience, especially when it comes to gaming, so it can be frustrating when the graphics card you spend hundreds of $ on isn't being detected. There can be several issues that are causing this and we'll walk you through all of them.

1. Graphics card is not enabled. In most cases, the "graphics card not detected" error can be resolved by simply enabling it manually. It's possible that your computer has automatically set a default display adapter and that all you need to do is change it. To do this, open Device Manager by pressing the Windows key + X and clicking 'Device Manager'.

Once you've opened Device Manager, navigate to 'Display Adapters' and click it. Under Display Adapters you will likely find your graphics card. Make sure it is enabled by clicking it and checking the black arrow at the top of Device Manager. If the arrow is pointing downwards, your graphics card is already enabled. If it isn't, click the arrow now and enable it.

2. Outdated drivers. Another common issue which may cause your graphics card to be undetectable is an outdated driver. If the card is visible under 'Display Adapters' on Device Manager, you can check for updates by clicking the green arrow at the top. If it isn't, you may have to visit your graphics card vendor's website and manually install their most recent software or update.

3. Driver not detecting graphics card. After ensuring your drivers are updated, if your computer is still failing to detect your graphics card, you can run a command which forces it to be detected by its drivers. Start by opening Command Prompt (type cmd in Windows search, right-click 'Command Prompt' and select 'Run as administrator')

On Command Prompt, type 'bcdedit /set pciexpress forcedisable' and hit Enter.

After this operation completes, you can re-install your drivers, reboot, and test for errors.

4. Discrete graphics are disabled. If the solutions above didn't work for you, it's possible that "discrete graphics" are disabled. This means that your computer is forcing integrated graphics instead of accepting your card. You will need to access BIOS in order to fix this. The process for accessing BIOS depends on your computer but it usually involves pressing the Del key or F10 while rebooting. Once you're in BIOS, look for a 'dGPU' settings. This should be set to 'Enabled'.

Read More

How To Fix The Windows 10 Start Menu Critical Error

How To Fix The Windows 10 Start Menu Critical Error

  July 08, 2020    Riserbo

---

Are you experiencing a Windows "Critical Error" which warns you that your Start Menu isn't working? This error often occurs after certain security updates and can be very bothersome. Luckily, there is an easy fix for this:

Updating. Have you updated your computer recently? This problem mainly occurs after an update, but it can also be a sign that you're missing one.

1. Start by pressing the Windows key + R to open the Run dialog. Then type 'cmd' and click Ok.

2. Once you've opened Command Prompt, type 'wuauclt /detectnow /updatenow' and press Enter.

Creating a new Admin Account. If the problem persists after an update, you can try making an admin account on your computer. When you create a new user profile with an admin account, your Start Menu will typically begin working normally. This can be easily done through Task Manager:

1. Open Task Manager using the Ctrl + Shift + Esc shortcut or Ctrl + Alt + Delete -> Task Manager.

2. On Task Manager click File -> Run new task. Type 'net user [username] [password] /add'. Before clicking Ok, check the 'Create this task with administrative privileges' box.

3. Log out of the current account and log into the brand new net user. The Start Menu should now be operating correctly.

Restarting Application Identity Service. Since the Start Menu Critical Error could be connected to your Windows account, you can also try disconnecting it entirely from your computer's start-up process.

1. Open the run dialog by pressing the Windows key + R. Type 'services.msc' and click Ok.

2. Double click on 'Application Identity'.

3. Set the Startup type to 'Automatic' and click 'Start'. Reboot.

4. If you're still getting a "Critical Error" open your Settings -> Accounts -> Sign-in Options -> Privacy and set 'Use my sign-in info to automatically finish setting up my device and reopen my apps after an update or restart' to Off.

Start Menu Troubleshooter. If nothing else works, you can always give the Windows 10 Start Menu Troubleshooter a try. Microsoft made this service available so that these errors can be fixed automatically.

Read More