ISSUE 18.17 • 2021-05-10 SAFETY By Ben Myers Things are not always as they seem. What might appear to be a devastating, PC-destroying piece of malware
[See the full post at: Anatomy of a malware]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Anatomy of a malware
Home » Forums » Newsletter and Homepage topics » Anatomy of a malware
- This topic has 11 replies, 8 voices, and was last updated 3 years, 12 months ago.
AuthorTopicViewing 6 reply threadsAuthorReplies-
erbkaiser
AskWoody PlusMay 10, 2021 at 1:57 am #2363815For the record, the ‘new’ way to get to the Folder Options and make it so that Windows shows hidden files and extensions is to click File on top of a file explorer window, then selecting Change folder and search options.
This will bring up the same Folder Options dialog where you can opt to show everything.
I also recommend turning at least Hide protected operating systems back on after it is no longer needed for any casual user, as otherwise they will see multiple files and folders they cannot and should not interact with.1 user thanked author for this post.
-
anonymous
Guest -
anonymous
GuestMay 10, 2021 at 8:07 am #2363863This is the infamous Micro Soft Tech Support scam. One of many internet scams out of India. For more information please go to You Tube and search Scam Baiting, also see: Jim Browning, Kitboga, scammer payback. Yes, there is a group of people fighting back. Also see: Scammer.info . Billions have been lost to these scammers.
-
RetiredGeek
AskWoody_MVPMay 10, 2021 at 9:20 am #2363885You forgot to mention the No. 1 tool (IMHO) in the fight against malware/ransomeware Image Backups. You never have to fear if you have recent Images of your drives. Just boot from a USB drive and restore the C: drive done! HTH
-
Ben Myers
AskWoody PlusMay 13, 2021 at 9:07 am #2364700As in many cases when a client’s system shows up here, they did not ever do any backup. And, doing regular image backups are often beyond the abilities of many people who simply think of their computers as appliances to do what they need to do and no more. To put it less delicately, the level of know-how for many computer owners is pretty low.
2 users thanked author for this post.
-
-
bmeacham
AskWoody Plus -
PKCano
ManagerMay 10, 2021 at 10:14 am #2363899If you can get to it with Admin privileges in the Command Prompt, and you can’t get to it with File Explorer using your ID, I have to ask – Is your ID a Standard User or a member of the Administrators Group?
If you right click on Explorer and “Run as Admin,” can you access it?
1 user thanked author for this post.
-
-
ve2mrx
AskWoody PlusMay 10, 2021 at 12:56 pm #2363948WARNING: Improperly editing file rights can trash your system, make sure you have a backup or other recovery methods before doing the following!
One tip for harder to remove malware processes: Remove SYSTEM rights from the bad files after adding your user full rights. Reboot!
After booting, Windows won’t have access to the bad files, but you can go back and then delete them! I’ve used this trick a few times in the past.
Today, I prefer to wipe the system as what you see could only be the tip of the security iceberg: There could be multiple layers of malware installed and you can’t always see all of them. Technology makes it easy to make custom malware on-the-fly, making such malware undetected by normal security software.
I prefer to see security malware as an alarm system: If you see something, the system is now compromised and under someone else’s control. Only a complete forensic analysis can reveal the extent of the compromise, something most users can’t do.
So, if you find something, burn it and start over!
Martin
-
This reply was modified 4 years ago by
ve2mrx. Reason: Clarity
1 user thanked author for this post.
-
This reply was modified 4 years ago by
-
anonymous
GuestMay 10, 2021 at 3:40 pm #2364007Thank you for this post. I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them (Word files, music files like “la Tempesta di Mare”…)
1 user thanked author for this post.
-
Ben Myers
AskWoody PlusMay 13, 2021 at 9:10 am #2364702The temp string is not an issue. I cannot ever recall an issue with doing a Select All followed by a Delete from the %temp% folder. If a file is in use, the Delete function will tell you and you can skip its deletion.
Further, one needs to ask how music, Word, Excel or other files have found their way into %temp%, and whether or not there are more permanent files elsewhere. After all, the %temp% folder is for files and folders that are temporary.
-
b
AskWoody_MVPMay 13, 2021 at 9:32 am #2364707I’d be more cautious about using Select All and deleting the files that appear after searching for %temp% files. I found many music and other files with the “temp” string in them
It’s not a filename search. %temp% is a folder, as the article explains.
-
Viewing 6 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Blocking Search (on task bar) from going to web
by
HenryW
5 seconds ago -
Windows 10: Microsoft 365 Apps will be supported up to Oct. 10 2028
by
Alex5723
3 hours, 18 minutes ago -
Add or Remove “Ask Copilot” Context Menu in Windows 11 and 10
by
Alex5723
3 hours, 24 minutes ago -
regarding april update and may update
by
heybengbeng
4 hours, 54 minutes ago -
MS Passkey
by
pmruzicka
58 minutes ago -
Can’t make Opera my default browser
by
bmeacham
12 hours, 34 minutes ago -
*Some settings are managed by your organization
by
rlowe44
1 hour, 51 minutes ago -
Formatting of “Forward”ed e-mails
by
Scott Mills
11 hours, 28 minutes ago -
SmartSwitch PC Updates will only be supported through the MS Store Going Forward
by
PL1
1 day, 7 hours ago -
CISA warns of hackers targeting critical oil infrastructure
by
Nibbled To Death By Ducks
1 day, 16 hours ago -
AI slop
by
Susan Bradley
6 hours, 16 minutes ago -
Chrome : Using AI with Enhanced Protection mode
by
Alex5723
1 day, 17 hours ago -
Two blank icons
by
CR2
5 hours, 11 minutes ago -
Documents, Pictures, Desktop on OneDrive in Windows 11
by
ThePhoenix
2 days, 2 hours ago -
End of 10
by
Alex5723
2 days, 5 hours ago -
Single account cannot access printer’s automatic duplex functionality
by
Bruce
1 day, 2 hours ago -
test post
by
gtd12345
2 days, 11 hours ago -
Privacy and the Real ID
by
Susan Bradley
2 days, 1 hour ago -
MS-DEFCON 2: Deferring that upgrade
by
Susan Bradley
3 hours, 30 minutes ago -
Cant log on to oldergeeks.Com
by
WSJonharnew
2 days, 15 hours ago -
Upgrading from Win 10
by
WSjcgc50
1 day, 3 hours ago -
USB webcam / microphone missing after KB5050009 update
by
WSlloydkuhnle
1 day, 6 hours ago -
TeleMessage, a modified Signal clone used by US government has been hacked
by
Alex5723
3 days, 7 hours ago -
The story of Windows Longhorn
by
Cybertooth
2 days, 18 hours ago -
Red x next to folder on OneDrive iPadOS
by
dmt_3904
3 days, 9 hours ago -
Are manuals extinct?
by
Susan Bradley
9 hours, 23 minutes ago -
Canonical ditching Sudo for Rust Sudo -rs starting with Ubuntu
by
Alex5723
3 days, 18 hours ago -
Network Issue
by
Casey H
3 days, 5 hours ago -
Fedora Linux is now an official WSL distro
by
Alex5723
4 days, 6 hours ago -
May 2025 Office non-Security updates
by
PKCano
4 days, 6 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.