PowerShell script Archives

Winsage

March 2, 2026

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Cybersecurity experts at Microsoft Threat Intelligence have identified a trend where attackers distribute counterfeit gaming tools that install a remote access trojan (RAT) on users' systems. These trojanized executables, such as Xeno.exe or RobloxPlayerBeta.exe, are shared through browsers and chat platforms. The initial executable acts as a downloader, installing a portable Java runtime environment and launching a harmful Java archive, jd-gui.jar. Attackers use built-in Windows tools to execute commands via PowerShell and exploit trusted system binaries, minimizing detection risk. The embedded PowerShell script connects to remote locations, downloads an executable as update.exe, and executes it. The malware erases evidence of the downloader and modifies Microsoft Defender settings to allow RAT components to function undetected. It establishes persistence through scheduled tasks and a startup script named world.vbs, enabling prolonged access to the compromised device. Microsoft Defender can detect the malware and its behaviors, and organizations are advised to monitor outbound traffic and block identified domains and IP addresses. Users are encouraged to scrutinize Microsoft Defender exclusions and scheduled tasks for irregularities and remain cautious about downloading tools from unofficial sources.

Winsage

February 28, 2026

Microsoft confirms a wider roll out of Windows 11’s new colourful battery icons on the taskbar

Windows 11 users will see colorful battery icons on the taskbar as Microsoft rolls out updates, including the new Start menu, with the update KB5077241. The vibrant battery icons have been in development for nearly two years, with initial testing starting in late 2024. The rollout began last year but was limited to select PCs. An optional update in February 2026 will further expand the availability of these icons and the updated Start menu. The new battery icon replaces the plain white bar with a green icon when charging, featuring a charging bolt during the process. The icon changes color based on battery levels: it turns orange at 30% and red below 6%. Users can display the battery percentage on the taskbar by enabling it in Settings > System > Power & Battery. Recent improvements to the Windows taskbar include the return of drag-and-drop functionality, the ability to resize the taskbar, and potential options to reposition it. Microsoft is also updating Secure Boot certificates, set to expire in June 2026, and distributing new certificates issued in 2023 to more PCs. A tutorial is available for users to verify the application of these new Secure Boot certificates.

Winsage

February 18, 2026

Attackers steal Windows users’ data using fake CAPTCHA checks

Fraudsters are using counterfeit CAPTCHA confirmation pages to deploy StealC, an information-stealing malware targeting Windows systems. Users are tricked into visiting compromised websites where a fake CAPTCHA prompts them to execute a sequence of keystrokes that runs a malicious PowerShell command. This command connects to a remote server, downloads shellcode, and injects the StealC payload into svchost.exe. Once installed, StealC collects sensitive information such as browser credentials, email data, and cryptocurrency wallet details, facilitating fraud and account hijacking. The malware operates primarily in the system's RAM, making detection difficult.

Winsage

February 17, 2026

I’m stuck with Windows for gaming in 2026, but here’s how I’m optimizing it

In early 2026, Windows 11 posed challenges for users, leading to multiple reinstallations. To optimize gaming performance, users can create a restore point, activate Game Mode, adjust power settings to High Performance or Ultimate Performance, enable "Optimizations for windowed games," and activate Hardware-accelerated GPU scheduling. Managing startup apps through Windows Settings or Task Manager, disabling the Virtual Machine Platform and Hyper-V, and using the Win11Debloat PowerShell script can improve system performance. Adjustments in the NVIDIA Control Panel, such as setting the Shader Cache Size to 10 GB and Power management mode to "Prefer maximum performance," enhance gaming experience. Registry edits like changing Scheduling Category to High and modifying NetworkThrottlingIndex can further optimize performance.

Winsage

February 17, 2026

How to Uninstall and Reinstall Chrome on Windows 11 Using Winget CMD

Google Chrome can experience performance issues on Windows due to corrupted profiles, extension conflicts, broken updates, and crashes. A complete uninstall and reinstall often resolves these issues, and the Windows Package Manager (Winget) provides a command-line method for this process. To uninstall Chrome using Winget, open Terminal as an administrator and run the command PLACEHOLDER7836d906c03bd8f1. After uninstallation, verify it with PLACEHOLDER30cf24d62406b8ee, then reinstall using PLACEHOLDER76e40aae6965d719. For a clean reinstall, delete the leftover user data folder at PLACEHOLDER142352b706501488. Commands: - Check installed version: winget list Google.Chrome - Uninstall Chrome: winget uninstall Google.Chrome - Verify removal: winget list Google.Chrome - Reinstall Chrome: winget install Google.Chrome - Silent install: winget install Google.Chrome --silent - Delete leftover data: rmdir /s /q "%LocalAppData%GoogleChrome" Before executing commands, ensure Winget is available and updated, and that you have administrator privileges. Backup data by enabling Chrome Sync. Close Chrome completely before uninstalling to avoid process interference. A clean reinstall involves deleting the Chrome user data folder, which removes bookmarks, passwords, and other stored data. Winget is faster and more suitable for scripting and remote management compared to traditional uninstall methods through the Settings app or Control Panel. Common troubleshooting for Winget includes handling errors related to package recognition, installation blocks, and access issues. If uninstalling fails, terminate any running Chrome processes and retry the command. If unsuccessful, use the Settings app for removal and then Winget for reinstallation.

Winsage

February 16, 2026

De-Enshittify an Existing Install of Windows 11 ⭐

Win11Debloat is a tool designed to enhance the Windows 11 experience by allowing users to remove unwanted elements while keeping desired features. It operates via a PowerShell script and offers a user-friendly graphical interface. Users can uninstall applications, adjust Windows 11 features, and specify whether changes apply to the current user or all users. Key functionalities include: - Uninstalling applications like Microsoft Edge, OneDrive, and various bundled apps. - Adjusting privacy settings, including disabling telemetry and targeted advertisements. - Modifying Windows Update settings to prevent automatic restarts. - Disabling Bing web search in the Start menu. To use Win11Debloat, users must follow specific instructions on GitHub, execute a script, and navigate through three main screens to make selections. The tool allows for the creation of a system restore point and offers options to apply changes to all users or just the current user. Users are advised to update apps before using Win11Debloat to prevent the Microsoft Store from reinstalling removed applications. If some apps remain after using the tool, they can be uninstalled manually. The tool's changes are reversible, and most removed apps can be reinstalled, except for the Microsoft Store app. Users are encouraged to take their time with the options available and can reapply settings if future updates from Microsoft alter their configurations.

Tech Optimizer

February 11, 2026

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

MicroWorld Technologies confirmed a breach of its eScan antivirus update infrastructure, allowing attackers to deliver a malicious downloader to enterprise and consumer systems. Unauthorized access was detected, leading to the isolation of affected update servers for over eight hours. A patch was released to revert the changes made by the malicious update, and impacted organizations were advised to contact MicroWorld for assistance. The attack occurred on January 20, 2026, when a compromised update was distributed within a two-hour window. The malicious payload, introduced through a rogue "Reload.exe" file, hindered eScan's functionality, blocked updates, and contacted an external server for additional payloads. This rogue executable was signed with a fake digital signature and employed techniques to evade detection. It also included an AMSI bypass capability and assessed whether to deliver further payloads based on the presence of security solutions. The malicious "CONSCTLX.exe" altered the last update time of eScan to create a false sense of normalcy. The attack primarily targeted machines in India, Bangladesh, Sri Lanka, and the Philippines, highlighting the rarity and seriousness of supply chain attacks through antivirus products.

Winsage

January 6, 2026

ClickFix attack uses fake Windows BSOD screens to push malware

A new social engineering attack campaign called ClickFix is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into executing malware. Initially identified in December by Securonix as "PHALT#BLYX," the campaign involves phishing emails that appear to be notifications from Booking.com, often mentioning significant refunds to create urgency. Victims are directed to a counterfeit Booking.com site that mimics the legitimate one and displays a fake error message prompting them to execute a malicious command. This command launches a PowerShell script that downloads and compiles malware known as DCRAT, a remote access Trojan that allows attackers to control infected devices, exfiltrate data, and spread within networks.

Winsage

January 5, 2026

Microsoft’s Windows AI Features Lack Official Disable Options, Forcing Users To Third-Party Tools

Microsoft's latest Windows 25H2 builds have introduced AI features, but users cannot easily disable them through the interface, leading many to use third-party tools like the RemoveWindowsAI PowerShell script to eliminate components such as Copilot, Recall, and Input Insights. Windows Recall captures screenshots for AI-driven searches, raising privacy concerns due to the creation of a local database of full screenshots. Microsoft has also disabled phone activation for Windows 11, requiring internet connectivity for activation. The RemoveWindowsAI tool removes appx packages associated with AI, ensuring they cannot be reinstalled. Microsoft has announced the discontinuation of support for Windows 11 SE by October 13, 2026, impacting schools that rely on this version. Virtualization, such as using Proxmox, is recommended for users wary of telemetry practices. The RemoveWindowsAI project is evolving to enhance its capabilities in response to Microsoft's AI feature additions. Enterprise deployments are advised to test removal strategies in controlled environments, though some antivirus programs may flag the tool as malicious. Privacy advocates are concerned about the implications of Microsoft's changes on user control and data collection.

Winsage

December 19, 2025

Automatically Remove AI Features From Windows 11

The 'Remove Windows AI' project on GitHub, developed by zoicware, aims to simplify the process of disabling AI features in Windows 11 for users who find them unwelcome. It requires a Windows 11 system running at least version 25H2 and a PowerShell script with Administrator privileges to manipulate the Windows Registry and prevent Windows Update from reversing changes. The script automates the disabling of features such as Copilot, Recall, AI Actions, and integrations within applications like Edge and Paint. A graphical user interface (GUI) is also available for easier toggling of settings. The project includes a custom package to prevent the reinstallation of removed components and provides a list for manually toggling settings that cannot be disabled automatically. Alternatives for further customization include Winaero Tweaker and Open-Shell, which offers a Windows 2000-style start menu.