Malware Taps Windows’ ‘God Mode’

Reader wiredmikey writes: Researchers at McAfee have discovered a piece of malware dubbed “Dynamer” that is taking advantage of a Windows Easter Egg — or a power user feature, as many see it — called “God Mode” to gain persistency (warning: annoying popup ads) on an infected machine. God Mode, as many of you know, is a handy tool for administrators as it is essentially a shortcut to accessing the operating system’s various control settings. Dynamer malware is abusing the function by installing itself into a folder inside of the %AppData% directory and creating a registry run key that persists across reboots. Using a “com4″ name, Windows considers the folder as being a device, meaning that the user cannot easily delete it. Given that Windows treats the folder “com4″ folder differently, Windows Explorer or typical console commands are useless when attempting to delete it.Fortunately, there’s a way to remove it. McAfee writes: Fortunately, there is a way to defeat this foe. First, the malware must be terminated (via Task Manager or other standard tools). Next, run this specially crafted command from the command prompt (cmd.exe): > rd âoe\.%appdata%com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}â /S /Q.

Share on Google+

of this story at Slashdot.

    

Posted in Uncategorized