• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

Windows ‘God Mode’ Feature Exploited by New Malware to Avoid Identification

May 5th, 2016 Waqas Security, Malware, Microsoft 0 comments
Windows ‘God Mode’ Feature Exploited by New Malware to Avoid Identification
Share on FacebookShare on Twitter
Researchers have identified a new malware taking advantage of Windows God Mode and infecting users.

Malware in a Window OS is not a new thing but Microsoft claimed that apps in Windows 10 will automatically detect the presence of malware — However, the Dynamer malware breached Windows OS security by exploiting God Mode.

God Mode is a uniquely labeled feature that has been part of the Microsoft Windows OS for almost a decade. This feature appears like an Easter egg and lets users access numerous functions quickly. It doesn’t develop additional improvements in the computer but creates a folder containing a collection of most frequently used and most useful control panel options. This folder is an extremely important one because unlike other folders it does not display a folder icon after being created and turns itself into a God Mode link. It also treats system directories in a completely different manner.

windows-god-mode-feature-exploited-new-malware-avoid-identification

But, according to the analysis of McAfee researchers, God Mode feature contains a malicious code that uses the similar name as the God Mode folder to evade detection. Considering the importance of this folder, this revelation is indeed unsettling that Windows God Mode is being exploited by a malware. God Mode is although a very integral and commonly known system tweak from Microsoft but as of now it hasn’t been officially documented. This is why a number of applications and tools cannot access items that are contained in this particular folder and hence, the folder presents the perfect opportunity for a malware to penetrate and hide into a system.

[q]Don’t worry there is a way to get rid of this malware[/q]

As per McAfee researchers, the feature is plagued by a new version of the already existing malware Dynamer. Once it is installed in a device it quickly deploys itself in the AppData directory of Windows OS and then easily establishes its presence in a master control panel directory, which is identical to God Mode.

If the user suspects the presence of this malware and even manages to track down the location of the executable, the modified folder would again connect to the Desktop Connections control panel and RemoteApp item because the malware’s developer has taken extreme care in making it irremovable. The malware uses folder name “com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}”, which is a master stroke because in Windows OS anything that has Com4 in its name will be given special privileges. So, Internet Explorer and cmd.exe also consider this folder as a device and thus, the fake folder becomes immune to file management and console commands.

[must url=”https://www.hackread.com/windows-10-is-spying-on-you/“]Windows 10 is spying on you, but there’s a way out[/must]

[fullsquaread][/fullsquaread]

[must url=”https://www.hackread.com/hackers-sending-windows-10-ransomware-email/“]Hackers Sending Fake Windows 10 Upgrade Ransomware Email, Encrypts Every File[/must]

Solution:

However, don’t lose heart because it is only named as God Mode but there is no divinity involved in this case and it can be removed easily since the malware only uses some exploitable vulnerabilities of Windows. You can easily delete it by killing all the processes from Task Manager and then on the command prompt entering this command: “rd “\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}” /S /Q.”

This command will delete the malware by deleting the directory. But this issue has highlighted the main problem at hand, which is that Microsoft has to do something to stop directories from being created so easily. Otherwise, several other malware will emerge and make use of Windows features.

There’s more on this malware on Mcafee’s blog.

  • Tags
  • Computers
  • Malware
  • Microsoft
  • OS
  • Privacy
  • security
  • Windows
  • Windows 10
Facebook Twitter LinkedIn Pinterest
Previous article Microsoft's Word Flow Keyboard for iPhone Makes Texting Easy
Next article OpIcarus: Hacktivists Shut Down Central Bank of Cyprus with DDoS Attack
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

59
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

93
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

111

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us