Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Taps Windows' 'God Mode'

Posted by msmash on from the bad-guys-getting-smater dept.

Reader wiredmikey writes: Researchers at McAfee have discovered a piece of malware dubbed "Dynamer" that is taking advantage of a Windows Easter Egg -- or a power user feature, as many see it -- called "God Mode" to gain persistency (warning: annoying popup ads) on an infected machine. God Mode, as many of you know, is a handy tool for administrators as it is essentially a shortcut to accessing the operating system's various control settings. Dynamer malware is abusing the function by installing itself into a folder inside of the %AppData% directory and creating a registry run key that persists across reboots. Using a "com4" name, Windows considers the folder as being a device, meaning that the user cannot easily delete it. Given that Windows treats the folder "com4" folder differently, Windows Explorer or typical console commands are useless when attempting to delete it.Fortunately, there's a way to remove it. McAfee writes: Fortunately, there is a way to defeat this foe. First, the malware must be terminated (via Task Manager or other standard tools). Next, run this specially crafted command from the command prompt (cmd.exe): > rd "\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}" /S /Q.

6 of 114 comments (clear)

  1. Re:How to remove ANY special filename in Windows by 93+Escort+Wagon · · Score: 2, Insightful

    dir /x will show the associated "short" filename, e.g. co~123 instead of COM4

    Wait a minute... Windows is still using that bastardized dual naming system, 20 years in?

    God help you a Windows users...

    --
    #DeleteChrome
  2. Fix Only From Command Prompt? by organgtool · · Score: 5, Insightful

    Next, run this specially crafted command from the command prompt (cmd.exe): > rd âoe\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}â /S /Q.

    What? Clearly windows is not ready for the desktop!

  3. Bad security as a result of paradoxical goals by bretts · · Score: 3, Insightful

    Designing a computer for the "average person" makes as much sense as designing chainsaws for children. Every "butt wiper" that Microsoft crams into the OS to make it more "user-friendly" ends up being some kind of security hole eventually, at which point the users shrug and keep on clicking CUTE_CAT_VIDEO.EXE shortly before they throw up their hands and proclaim that computers are too hard.

  4. Re:How to remove ANY special filename in Windows by lgw · · Score: 5, Insightful

    Backwards compatibility is important. Why drop it? 16-bit support is finally gone, but I suspect only because everything anyone still uses (games) has been virtualized already.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  5. "warning: annoying popup ads" by Gojira+Shipi-Taro · · Score: 3, Insightful

    Next time, let's just squelch any story that we have to use this disclaimer for. Starve sites that do that to death and they will go away.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
  6. Re:How to remove ANY special filename in Windows by yuriklastalov · · Score: 5, Insightful

    spaces in paths are an abomination any way