Support for Ukraine



Blog Archive



God Mode Being Used to Hide Malware

Full Story Blog Post Friday, April 29, 2016 in Security   View No Comments No Comments
Security
According to McAfee Labs/Intel Security, hackers are exploiting the 'God Mode' admin feature in Microsoft Windows to hide their malware.

God Mode is an undocumented feature built into all versions of Windows since Vista. With it, users can get quick access to all Windows control panels and settings.

Craig Schmugar, McAfee research architect, says: "Attackers are now using this undocumented feature for evil ends."

McAfee has found an instance of the Dynamer Trojan hidden inside a shortcut folder. However, when a user clicks on the folder, it is empty.

"To make matters worse," Schmugar says, "the malware author has attempted to give this directory eternal life, by pre-pending the name 'com4'. Such device names are forbidden by normal Windows Explorer and cmd.exe commands and Windows treats the folder as a device - thus preventing users from otherwise easily deleting the folder with Explorer or typical console commands."

If you find you are infected with this malware, the solution is to terminate the malware via Task Manager or similar then run this command from the command prompt (cmd.exe):

> rd ".%appdata%com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}" /S /Q

Source: SCMagazine



No Comments