Skip to main content

New version of malware uses ‘God Mode’ to hide from Windows users

new version of malware uses god mode to hide from users
Image used with permission by copyright holder
Many PC users will have a ‘God Mode’ folder sitting on their desktop — it’s a neat Windows tweak that allows immediate access to a whole host of different controls that come in handy every now and again. However, new information from McAfee suggests that malware could be taking advantage of the same functionality.

Dynamer is a piece of malware that’s been around for several years, but a new version riffs on “God Mode” to hide away on your system. A few devious tricks have been used in an attempt to prevent users from getting rid of the problem.

Recommended Videos

The malware installs itself in the AppData directory, creating a registry run key value so that it can survive a reboot. However, when users click on the folder created by Dynamer during this process, they’ll simply be redirected to an unrelated area of the control panel.

Please enable Javascript to view this content

Worse yet, the folder uses a ‘com4’ string in its name to gain some extra protection from Windows. This tricks the OS into treating the folder like a device, which prevents the user from deleting it as they might normally, according to a report from Extreme Tech.

However, Dynamer’s defenses are thankfully not completely impervious. Users can rid themselves of the malware by first ending the associated process via Task Manager, before opening up a command prompt and entering the following string, specially crafted by the security experts at McAfee:

rd “\\.\%appdata%\com4.{241D7C96-F8BF-4F85-B01F-E2B043341A4B}” /S /Q

That should remove the offending malware from your computer and return your system to its previous state. This fix will be a huge help for anyone who has been targeted by Dynamer, but anyone already protected by McAfee products can safely ignore it — according to the company, its antimalware defenses won’t be fooled by this particular trick.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Is macOS more secure than Windows? This malware report has the answer
A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Read more
Nullmixer is a nasty, new Windows malware dropper
Windows shows a malware warning on a Dell laptop.

Nullmixer is a nasty, new malware dropper that gives us another reason to avoid questionable Windows downloads. Your computer can become infected with malware after downloading and running the dropper, which is disguised as illegal, cracked software or some other app that might prompt you to ignore warnings from your antivirus software.

The horrific thing about Nullmixer is how thoroughly your computer can be hacked by this app. According to the computer security and antivirus company Kaspersky, several families of malware are installed, amounting to dozens of apps that get busy stealing credentials and data, hacking into crypto wallets, and showing black-hat advertising. Every type of malware will begin running on an infected PC, crippling performance and plaguing its owner.

Read more
Hackers are using stolen Nvidia certificates to hide malware
Nvidia logo made out of microchips.

Nvidia code-signing certificates that were extracted from a recent hack of the chip maker are being used for malware purposes, according to security researchers.

Hacking group LAPSUS$ recently claimed to have stolen 1TB of data from Nvidia. Now, sensitive information has appeared online in the form of two code-signing certificates that are used by Nvidia developers to sign their drivers.

Read more