Home > Computing > New version of malware uses ‘God Mode’…

New version of malware uses ‘God Mode’ to hide from Windows users

Many PC users will have a ‘God Mode’ folder sitting on their desktop — it’s a neat Windows tweak that allows immediate access to a whole host of different controls that come in handy every now and again. However, new information from McAfee suggests that malware could be taking advantage of the same functionality.

Dynamer is a piece of malware that’s been around for several years, but a new version riffs on “God Mode” to hide away on your system. A few devious tricks have been used in an attempt to prevent users from getting rid of the problem.

The malware installs itself in the AppData directory, creating a registry run key value so that it can survive a reboot. However, when users click on the folder created by Dynamer during this process, they’ll simply be redirected to an unrelated area of the control panel.

Related: McAfee report sees ransomware surge, praises Adobe for its response

Worse yet, the folder uses a ‘com4’ string in its name to gain some extra protection from Windows. This tricks the OS into treating the folder like a device, which prevents the user from deleting it as they might normally, according to a report from Extreme Tech.

However, Dynamer’s defenses are thankfully not completely impervious. Users can rid themselves of the malware by first ending the associated process via Task Manager, before opening up a command prompt and entering the following string, specially crafted by the security experts at McAfee:

rd “\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}” /S /Q

That should remove the offending malware from your computer and return your system to its previous state. This fix will be a huge help for anyone who has been targeted by Dynamer, but anyone already protected by McAfee products can safely ignore it — according to the company, its antimalware defenses won’t be fooled by this particular trick.