infections Archives

Tech Optimizer

December 1, 2025

How To Use the Windows Malicious Software Removal Tool

The Windows Malicious Software Removal Tool (MSRT) identifies and eliminates specific high-risk malware families on Windows devices. It is updated monthly by Microsoft and is integrated into all supported versions of Windows 10 and Windows 11. MSRT functions as a cleanup utility, scanning for known active malware infections. Users can run the tool manually by pressing Windows + R, typing mrt, and selecting a scan type. MSRT is recommended for use after installing software from unfamiliar sources, when a PC shows unusual behavior, for quick secondary scans, or in response to Windows Defender alerts. Manual downloads of MSRT are available for offline systems. The tool maintains a detailed log of scans in the Debug folder. MSRT targets malware such as MyDoom, Blaster, and Sasser, and while it removes infections, it does not provide real-time monitoring. Microsoft updates the tool monthly, and it runs automatically after updates but can also be launched manually.

Tech Optimizer

November 26, 2025

We’ve tested the best antivirus software to protect your computer and these are the 6 we recommend

Norton 360 Deluxe is recognized as the best overall antivirus software, offering a user-friendly interface, minimal performance impact, and robust malware protection. Bitdefender Total Security is noted for its comprehensive features, while McAfee+ Ultimate is recommended for families with multiple devices. Other notable antivirus solutions include Microsoft Defender as the best free option, Avast Premium for banking security, and Malwarebytes Plus as a budget-friendly choice. When selecting antivirus software, consider effectiveness, system impact, compatibility with devices, desired features, and budget. Free antivirus options like Microsoft Defender provide basic protection, while paid versions offer advanced features and support. Antivirus software works by scanning for malicious code and blocking threats, and it is essential for safeguarding against evolving cyber threats.

Winsage

November 25, 2025

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity experts have identified a new campaign that combines ClickFix tactics with counterfeit adult websites to trick users into executing harmful commands under the guise of a "critical" Windows security update. This campaign uses fake adult sites, including clones of popular platforms, as phishing mechanisms, increasing psychological pressure on victims. ClickFix-style attacks have risen significantly, accounting for 47% of all attacks, according to Microsoft data. The campaign features convincing fake Windows update screens that take over the user's screen and instruct them to execute commands that initiate malware infections. The attack begins when users are redirected to a fake adult site, where they encounter an "urgent security update." The counterfeit Windows Update screen is created using HTML and JavaScript, and it attempts to prevent users from escaping the alert. The initial command executed is an MSHTA payload that retrieves a PowerShell script from a remote server, which is designed to deliver multiple payloads, including various types of malware. The downloaded PowerShell script employs obfuscation techniques and seeks to elevate privileges, potentially allowing attackers to deploy remote access trojans (RATs) that connect to command-and-control servers. The campaign has been linked to other malware execution chains that also utilize ClickFix lures. Security researchers recommend enhancing defenses through employee training and disabling the Windows Run box to mitigate risks associated with these attacks.

Tech Optimizer

November 24, 2025

Ditching Antivirus: Why One Tech Writer’s PC Got Safer Without It

A writer from MakeUseOf uninstalled all third-party antivirus programs from his Windows PC and found that the system performed better and appeared more secure with Microsoft’s built-in Windows Defender. The experiment highlighted Defender's effectiveness, showing fewer false positives, improved performance, and no noticeable decline in protection. Independent tests ranked Defender highly in real-world protection, and it achieved perfect scores in recent AV-TEST evaluations. The removal of third-party antivirus software led to a significant decrease in CPU and RAM usage, with idle consumption dropping from 15-20% to under 5%. Despite 121 million Americans still using third-party tools, there is growing consideration for Defender due to its free and efficient nature. While Defender excels in many areas, experts caution that it may not fully protect against zero-day vulnerabilities, and layered defenses are still recommended. The antivirus market may face disruption as integrated protection becomes more common, and user feedback indicates a preference for free alternatives that match or exceed the performance of paid solutions.

Tech Optimizer

November 20, 2025

Windows Has Another Hidden Malware Scanner Tool – How and When to Use It

Microsoft Defender is the primary security tool for Windows systems, while the Malicious Software Removal Tool (MSRT) serves as an additional defense against malware. MSRT is updated monthly through Windows updates and operates in Quiet Mode, targeting common malware infections such as trojans, rootkits, and worms. It enhances its capabilities with each update by adding new malware families and removing outdated ones. MSRT not only eliminates infections but also aims to reverse any damage caused by malware. MSRT is beneficial in several scenarios: it can be used alongside third-party antivirus programs to enhance security, it can undo changes made by malware, and it remains effective even when other security tools are compromised. By default, MSRT runs monthly but can also be initiated on demand by typing "mrt" in the Run dialog. Users can choose from Quick, Full, or Customized scans, and the tool automatically addresses any detected infections. After scanning, a report detailing the findings is available for review.

AppWizard

November 16, 2025

Google U-Turns on Plan to Lock Out Unverified Android Developers

Google has revised its approach to mandatory identity verification rules for Android developers, which were initially announced in August. The rules required all Android developers to authenticate their identities through official identification and a fee, impacting app installations from unverified developers on certified Android devices. This announcement led to petitions and criticism from the developer community, including F-Droid, which argued that the rules aimed to consolidate power rather than enhance security. Google defended the initiative as a measure against Android malware, citing risks posed by malicious actors. In response to community feedback, Google announced plans for a "new advanced flow" allowing experienced users to accept risks associated with unverified software installations. The company also intends to create a dedicated account type for students and hobbyists to share their creations without full verification. Despite existing ID verification for Play Store developers, malware challenges persist in the Android ecosystem, highlighted by recent campaigns like ClayRat in 2025.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

TrendTechie

November 3, 2025

RuTube и VK Видео изменили правила игры на пиратском рынке контента

The volume of pirated video content in Russia decreased by over 14% in the first half of 2025, with a reported decline to approximately 0.6 million instances. The amount of blocked pirated content surged by 42% in 2024, reaching 12.5 million instances, and the number of blocked pirate domains rose to 110,000. Russia is the third-largest consumer of pirated content globally, following the United States and India. The peak of Russian online piracy occurred between 2015 and 2018. Torrents are becoming obsolete, particularly among younger generations, who prefer legal access to content. Users face risks from hackers when visiting sites offering free content, with warnings about potential viruses and data theft.

Winsage

October 31, 2025

Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

A cyber espionage campaign targeting European diplomatic institutions has been attributed to the Chinese-affiliated threat actor UNC6384, which exploits the ZDI-CAN-25373 vulnerability in Windows shortcut files. The campaign, noted for its use of social engineering tactics that mimic legitimate diplomatic events, has specifically targeted entities in Hungary, Belgium, and surrounding European nations between September and October 2025. The attack utilizes spearphishing emails with malicious LNK files related to European Commission and NATO meetings, leading to the deployment of PlugX, a remote access trojan. The attack chain involves a weaponized LNK file that executes PowerShell commands to unpack a tar archive containing a malicious DLL and an encrypted payload. UNC6384 employs advanced techniques to evade detection, including dynamic loading of Windows API functions and anti-analysis measures. The malware allows extensive espionage activities and creates hidden directories for persistent access. Recommendations for organizations include disabling automatic LNK file resolution, blocking known command and control domains, and enhancing user training to defend against such threats.

Winsage

October 31, 2025

Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

A cyber espionage campaign has been launched by the Chinese-affiliated threat actor UNC6384, targeting European diplomatic institutions using a vulnerability in the Windows shortcut (LNK) user interface, identified as ZDI-CAN-25373. This vulnerability was disclosed in March 2025. Between September and October 2025, entities in Hungary, Belgium, and neighboring European nations were specifically targeted. The attack utilizes spearphishing emails with conference-themed LNK files that exploit the Windows vulnerability to execute PowerShell commands, leading to the deployment of the PlugX remote access trojan (RAT). The attack sequence involves a weaponized LNK file that unpacks a tar archive containing a legitimate Canon printer assistant executable, a malicious DLL, and an encrypted payload. The Canon binary, despite being digitally signed, loads the malicious DLL which injects the PlugX payload into memory. The malware employs anti-analysis techniques and creates a hidden directory for persistent access. Recommendations for organizations include disabling automatic LNK file resolution, blocking known command and control domains, and monitoring for DLL side-loading attacks.