scheduled tasks

Winsage
July 10, 2026
Microsoft has unveiled a destructive Windows backdoor named GigaWiper, which allows operators remote control over compromised systems to execute irreversible damage. GigaWiper originated from cyberattacks in October 2025 and is a composite of code from at least three malware families. It maintains its presence through a scheduled task disguised as “OneDrive Update,” executing at startup and every minute. GigaWiper can obliterate partition information, overwrite physical drives, and restart systems. It also mimics ransomware by encrypting files with the .candy extension, using randomly generated keys that are not stored, making recovery impossible. The malware has connections to the Crucio ransomware and resembles FlockWiper, with rewritten code in Go. GigaWiper features 20 command codes for various functions, including executing PowerShell instructions, managing processes, capturing screenshots, and remote access similar to VNC. It can remain on a system for surveillance until its destructive functions are activated. Microsoft Defender includes detection capabilities for GigaWiper, and users are advised to enable tamper protection and monitor for suspicious activities.
Winsage
June 19, 2026
Microsoft has identified a Windows-based cryptocurrency clipper campaign that has been active since February 2026. This campaign uses clipboard-intercepting malware with self-spreading capabilities and operates through the Tor network. The clipper malware employs Windows Script Host and ActiveX to launch a Tor proxy and connect to a hidden command-and-control server. It focuses on stealing clipboard data, particularly cryptocurrency wallet addresses, and can exfiltrate screenshots. The malware is distributed via malicious Windows Shortcut (LNK) files on USB drives, which activate a worm that checks for existing infections and fetches the payload from a remote server. The clipper monitors the clipboard every 500 milliseconds for sensitive information and can replace copied wallet addresses with those controlled by attackers. Microsoft recommends behavioral detections, disabling AutoRun for removable media, blocking LNK execution from drives, and monitoring clipboard-related activities as mitigations against this threat.
Winsage
June 17, 2026
The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.
Tech Optimizer
June 8, 2026
OneLaunch is a software application that creates a personalized dock and desktop environment on Windows computers, often pre-installed or bundled with other software. It has received mixed reviews, with concerns about system slowdowns and its legitimacy. OneLaunch.exe is a background process supporting the OneLaunch application, which provides quick access to applications and updates but can consume system resources. The OneLaunch browser, installed alongside the main application, can alter browser settings and redirect searches, potentially leading to unwanted advertisements. While OneLaunch is not classified as traditional malware, it is often categorized as a Potentially Unwanted Program (PUP) due to its bundled installation and ability to modify system settings. It can monitor browsing habits and share data with third-party advertisers. Users report intrusive behavior, such as altering default browser settings, and it can negatively impact system performance. To remove OneLaunch, users should end the running process, uninstall the application, delete leftover folders, remove startup entries, and reset browser settings. OneLaunch may reappear due to accidental reinstallations, active browser extensions, lingering scheduled tasks, or hidden companion programs. Preventative measures include downloading from official sources, reading installation screens carefully, keeping systems updated, and performing regular system checks.
Winsage
May 17, 2026
The utility created simplifies Windows management by consolidating various settings and diagnostics into a single interface. It provides an overview of system metrics such as DNS latency, system uptime, and temporary file accumulation. The application includes dedicated pages for health checks, network insights, services, scheduled tasks, drives, drivers, power plans, gaming toggles, privacy settings, and taskbar configuration. Each diagnostic is executed through PowerShell scripts, with results displayed in a user-friendly format. The utility maintains transparency by creating .reg backups before modifying the registry and allows users to revert changes easily. It is open-source, lightweight, and designed for personal use rather than debloating. The program's structure enables users to inspect and modify scripts, ensuring clarity and control over system adjustments.
Winsage
May 16, 2026
The utility developed streamlines access to Windows diagnostics and tweaks, consolidating functionalities typically spread across various settings panels into a single interface. It features an overview page with key system metrics and organized sections for health checks, network details, services, scheduled tasks, drives, drivers, power plans, gaming settings, privacy options, and taskbar adjustments. Each diagnostic is executed via PowerShell scripts that output JSON data for display. The application ensures transparency in registry changes by creating .reg backups before modifications and allows users to revert changes easily. It focuses on practical tweaks rather than debloating, maintaining a lightweight design without extensive features. The tool is open source and available on GitHub.
Search