system files Archives

Winsage

January 9, 2026

A Free Script Disables Built-In AI Features Across Windows 11

Windows 11 has integrated AI features, including Copilot, which is pinned to the taskbar and embedded in applications like Notepad and Paint. Users cannot universally disable these features, although individual toggles exist. A community script called RemoveWindowsAI has been created to disable Windows AI features at the system level and modify Windows Update settings to prevent reinstallation. The script targets Copilot, Recall, and their integrations, allowing users to disable all features or select specific components. It operates by making registry changes and aims to eliminate visible AI entry points while maintaining their disabled status across updates. When executed, RemoveWindowsAI removes Copilot from the taskbar, uninstalls the app, and disables AI functionalities in applications. Users run the script through Windows PowerShell 5.1, and it can be rerun to re-enable features. The tool provides a consistent experience but has limitations, as it may not address new AI features or changes from major Windows updates.

Tech Optimizer

December 30, 2025

How to Run an iPhone Malware Scan: Find and Remove Viruses

iPhones do not support traditional antivirus applications due to iOS's app sandboxing feature, which limits apps' access to system-level data. Users can identify potential malware by monitoring for unusual behaviors, such as overheating, fast battery drain, unexpected data usage spikes, unwanted Safari pop-ups, unfamiliar apps, repeated login prompts, and strange messages sent from their accounts. To investigate for malware, users should check device performance, review storage and data usage, monitor battery usage, and look for jailbreak indicators. If malware is suspected, users can take steps such as updating iOS and apps, restarting the device, deleting suspicious apps, clearing Safari data, removing unknown profiles, resetting network settings, restoring from a clean backup, or performing a factory reset as a last resort. iOS includes built-in protections against malware, such as App Store reviews, sandboxing, code signing, and regular security updates. However, iPhones are not completely immune to threats, and jailbreaking increases vulnerability. To protect against malware, users should keep iOS and apps updated, use strong passcodes, avoid jailbreaking, be cautious with links and attachments, use secure browsers, and consider using a VPN on public Wi-Fi. CyberGhost VPN can provide additional security on unsecured networks by encrypting internet traffic. While iPhones do not have built-in malware scanners, they incorporate various protections to prevent malware from reaching the device. Signs of potential malware include overheating, rapid battery drain, unexpected data usage spikes, and unusual app behavior. Malicious apps can occasionally bypass App Store scrutiny, and users should take immediate action if they suspect an infection. Generally, iPhones are considered more secure than Android devices due to stricter app controls.

Winsage

December 29, 2025

Windows 11’s Point-in-Time Restore: A Quiet Safety Net for When Things Go Wrong

Windows 11 Point-in-Time Restore is a recovery feature that captures snapshots of the system's state, including system files, applications, settings, and user data, allowing users to revert to a recent stable state when issues arise. It operates automatically once activated, using Volume Shadow Copy technology for comprehensive backups. The feature can quickly reverse changes made within the last 72 hours, addressing problems like faulty driver installations without requiring a complete reinstallation of Windows. However, it has limitations, such as storing restore points locally for a maximum of 72 hours, not recovering long-deleted files, and requiring significant storage space. To enable it, users must use ViveTool to unlock the feature, configure settings for snapshot frequency and retention, and access restore options through the Windows Recovery Environment if needed. It is particularly useful for casual users who frequently modify their systems but may not suffice for power users needing comprehensive backup solutions.

Winsage

December 2, 2025

5 reasons your PC can feel slow after a Windows update, and how to fix each one

Large Windows updates involve reconfiguring system files, installing components, updating drivers, and initiating post-update tasks, which can temporarily slow down performance, especially on older hardware. The Windows Module Installer (TiWorker.exe) finalizes updates and may trigger cleanup and maintenance tasks, consuming CPU and disk resources. Outdated or incompatible drivers can hinder performance, leading to sluggish boot times and reduced gaming frame rates. The indexing feature may intensify after a major update, increasing CPU and disk usage. Major updates can reset user-defined settings and reintroduce background processes and applications, causing additional resource consumption. Cumulative updates may lead to performance issues due to memory leaks or driver conflicts, and Microsoft provides a "Windows release health" dashboard for tracking known issues. Slowdowns after updates are typically temporary, lasting from a few minutes to several hours, but persistent issues may require further investigation.

Winsage

November 19, 2025

Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools

Microsoft introduced two recovery features for Windows 11 at the Ignite developer conference: Cloud Rebuild and Point-in-Time Restore (PITR). PITR allows users to revert a Windows 11 system to a previous stable state in minutes by capturing comprehensive snapshots of the system, restoring the operating system, settings, and files. This feature will enter preview with an upcoming Windows 11 Insider preview build. Cloud Rebuild enables complete reinstallation of Windows 11 from the cloud for devices with persistent issues, using the Intune portal for selection of the Windows release and language. It employs Autopilot for zero-touch provisioning and streamlines user data restoration through OneDrive and Windows Backup for Organizations, reducing downtime significantly. Both features will be integrated into Microsoft Intune in the first half of 2026, allowing remote recovery actions and management of Windows Recovery Environment functionalities. Additionally, Microsoft is testing an updated version of Quick Machine Recovery (QMR), which helps resolve Windows boot failures without physical access. QMR engages the Windows Recovery Environment during boot failures, analyzes crash data, and allows Microsoft to implement remote fixes. The latest version improves the boot-repair process by conducting a single scan to resolve issues.

Winsage

November 18, 2025

Microsoft fixes Windows 10 update flaw

Jack Bicer, the director of vulnerability research at Action1, advises IT leaders to ensure the latest servicing stack update (SSU) is installed before reapplying a patch after Microsoft’s patch release on November 17. He recommends troubleshooting steps for system file corruption, including: 1. Temporarily disabling non-Microsoft services and startup applications through a Clean Boot. 2. Manually installing the update by downloading the .msu package for KB5068781 from the Microsoft Update Catalog and using the command wusa.exe .msu /quiet /norestart. 3. Verifying the build number with the winver command, targeting build numbers 19045.6575 (22H2) or 19044.6575 (21H2).

Winsage

November 8, 2025

Windows 11 issue shows “Edit in Notepad” for all file types, including .exe and images

Windows 11's File Explorer context menu includes the "Edit in Notepad" option for various file types, which is intended only for plain text files. Users can remove this option by editing the Windows Registry. Notepad now registers as a general-purpose text editor, causing it to appear for all file types, including images. To remove "Edit in Notepad," users can create a subkey in the Registry Editor under Shell Extensions and add the specific GUID. Other Shell Extensions can also be removed using a similar method by adding their respective GUIDs. Microsoft is reportedly working on improvements for the context menu.

Winsage

November 4, 2025

Hackers Use Hyper-V to Deploy Linux Malware on Windows Systems

The Russian-aligned APT group Curly COMrades has been using hidden Alpine Linux virtual machines (VMs) on compromised Windows hosts via Microsoft Hyper-V to evade detection and maintain covert access. This technique was uncovered in mid-2025 through an investigation by Bitdefender and the Georgian CERT, which traced suspicious activities to a compromised Georgian website. The attackers activated Hyper-V on the infected machines, downloaded a disguised VM image, and named it “WSL.” The VM, operating on Alpine Linux, had a small disk footprint and low RAM usage, minimizing alerts from security systems. Within this environment, they deployed two malware implants: CurlyShell, a reverse shell for command execution, and CurlCat, a reverse proxy tool for SSH traffic. Both implants were designed to maintain a low forensic footprint. The attackers also used a PowerShell script to inject encrypted Kerberos tickets into LSASS for lateral movement and employed various tunneling tools for communication. Artifacts from their operations were stored in directories that blended with legitimate Windows files. Security teams are advised to audit Hyper-V usage, monitor for hidden VMs, and enable host-based network inspection.

Winsage

November 3, 2025

Windows 11 Finally Fixes “Update and Shut Down” Functionality After a Decade

Microsoft has released Windows 11 25H2 Build 26200.7019 (or 26100.7019 for 24H2), which addresses the issue of the "Update and shut down" option not properly shutting down PCs after updates. This problem has persisted since Windows 10, causing users to be returned to the login screen instead of shutting down. The update resolves the underlying issue that may have been caused by a race condition or complications within the Windows Servicing Stack. Many users, particularly laptop owners, have experienced inconvenience due to devices remaining powered on after expected shutdowns, leading to drained batteries.

Winsage

October 31, 2025

Veteran Windows insider creates Windows 7 install measuring just 69MB in size — system boots, but has been pruned so severely ‘virtually nothing can run’ for now

A bootable version of Windows 7 has been created that occupies 69MB of disk space, developed by Xeno, a Windows Insider. This version requires users to provide their own system files for basic functionality and is described as a "fun proof of concept" rather than a fully functional operating system. The installer is a 7zip compressed file of 40.4MB hosted on Archive.org, containing a compact VMware virtual disk and configuration file. The current version has limited functionality due to missing critical files, but Xeno has received encouragement to refine it into a more usable version. There is potential for further optimization, as many included files may be unnecessary.