Malware Taps Windows' 'God Mode'

Reader wiredmikey writes: Researchers at McAfee have discovered a piece of malware dubbed "Dynamer" that is taking advantage of a Windows Easter Egg -- or a power user feature, as many see it -- called "God Mode" to gain persistency (warning: annoying popup ads) on an infected machine. God Mode, as many of you know, is a handy tool for administrators as it is essentially a shortcut to accessing the operating system's various control settings. Dynamer malware is abusing the function by installing itself into a folder inside of the %AppData% directory and creating a registry run key that persists across reboots. Using a "com4" name, Windows considers the folder as being a device, meaning that the user cannot easily delete it. Given that Windows treats the folder "com4" folder differently, Windows Explorer or typical console commands are useless when attempting to delete it.Fortunately, there's a way to remove it. McAfee writes: Fortunately, there is a way to defeat this foe. First, the malware must be terminated (via Task Manager or other standard tools). Next, run this specially crafted command from the command prompt (cmd.exe): > rd "\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}" /S /Q.

Payload?

[The+New+Guy+2.0]

Nice that Macaffe found the uninstall instructions for this... but what is the payload they were trying to deploy. The God Mode install of a file device is a way to get in that must be closed. but what did this do if left installed? Knowing what this does if left alone leads to who to blame.

Re:How to remove ANY special filename in Windows

Backwards compatibility is important. Why drop it? 16-bit support is finally gone, but I suspect only because everything anyone still uses (games) has been virtualized already.

16 bit is only gone if you are running the 64 bit version of Windows. if you are running the 32 bit version, which for some bizaare reason still exists, even in Windows 10, then you can still run 16 bit programs.