Dynamer Malware Exploits Microsoft’s God Mode

May 6, 2016 | By K. Joseph Breheny
1 Star2 Stars3 Stars4 Stars5 Stars
Loading...

Since nearly a decade now, Microsoft Operating Systems (OS) have this unique feature called “God Mode” that allows users to create a folder with a certain name and access the control panels from within a single folder.

But Microsoft is being stripped off of its God complex after a malware found a loophole and has been exploiting Windows OS that carry this feature.

According to reports, an already-existing malware identified as Dynamer (which is known to most Windows antivirus) installs itself in Windows PCs and makes its way into the AppData directory of the OS. Once it takes root in the master control panel directory, it establishes itself as a shortcut files that are not easily accessible by Windows Explorer.

Dynamer Malware

 

Despite being a known threat, most Windows antivirus programs cannot detect the Dynamer malware because of its stealthy way of operation.

Because of God Mode’s unique mode of operations, Windows antivirus and other application are incapable of accessing files present inside the folder, which makes it a safe haven for malwares to take shelter.

The default God Mode feature in the older version of Windows OS is symbolized with an Easter egg icon and allows users to access multiple functions at once. The most frequently used and most prominent control panel options are automatically placed in the God Mode, which is why it used to be a popular feature among the Windows power users.

The God Mode is a system tweak that was developed for user efficiency; however, it is not yet officially documented by Microsoft despite being a commonly used feature that’s been around for many years now.

If a user finds Dynamer malware running in the system and decides to track down its location, the malware is so built that it shrewdly connects to the Desktop Connections control panel and RemoteApp items. This makes it even harder for any Windows antivirus software to scan and detect the malware presence.

Additionally, the malware folder name uses the “com4” moniker so that the security tools identify it as a Windows command and doesn’t single it out as a threat.

If you happen to trace the presence of Dynamer malware in your PC, follow the below steps to delete the malware from spreading further:

1. Open the Task Manager and remove the malware from the program list.
2. Use command prompt and enter “rd “\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}” /S /Q.”

The command will delete the said directory and the malware in it. To ensure further protection, keep your Windows antivirus switched on or perform a system scan to eliminate all unnecessary programs from the PC.

Antivirus for Windows

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>