Windows Utilities Archives

Winsage

February 19, 2026

Ex-Microsoft engineer says this is what Windows’ Task Manager would “probably” look like today — but it’s a “good thing” he stuck to his OS design lane

Dave W. Plummer, a former Microsoft employee, contributed to the Windows ecosystem, notably with the Task Manager, Calculator, and a classic pinball game. He left Microsoft in 2003 and recently expressed on Reddit that "there should be nothing that TaskMgr can't kill." Plummer shared a concept design for a modern Task Manager on his X account, inspired by his Tempest AI project, featuring a cyberpunk theme, various graphs, speedometer-style gauges, and music with a synthwave vibe. He selected Tempest for his AI project due to its challenging gameplay and holds the world record for it. The project utilizes about 75% of the GPU at 30 frames per second on his M2 Mac Pro.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

Winsage

February 10, 2026

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

The Global Group has shifted to a local execution strategy for ransomware, complicating detection and response efforts. Their infection process begins when a user opens a shortcut file with a double extension (e.g., “Document.doc.lnk”), which appears as a legitimate document due to Windows' default settings that hide file extensions. The shortcut icon mimics that of a Microsoft Word file. When executed, the .lnk file activates Windows utilities like cms.exe and PowerShell to retrieve and execute the next-stage payload, effectively bypassing traditional security controls focused on malicious documents or executable attachments.

Winsage

October 30, 2025

Windows event logs are still the most powerful diagnostic tool on your PC

Event Viewer is a built-in diagnostic tool in Windows that logs every event occurring on a PC, helping users troubleshoot performance issues. It categorizes logs into Application, System, Security, and Setup sections, allowing users to focus on relevant categories during troubleshooting. Events are classified as Critical, Error, Warning, and Information, with Critical events indicating potential sources of system crashes. Users can filter logs, research Event IDs, and utilize the Details section for deeper insights. Event Viewer can be paired with Reliability Monitor for a visual overview of system stability. Many third-party diagnostic tools also rely on data from Event Viewer, making it a valuable resource for addressing persistent errors.

Winsage

October 17, 2025

Windows 11 can now automatically switch between light and dark modes. How to do it

Light Switch is a new tool included in the PowerToys 0.95 update from Microsoft, allowing users to transition between light and dark modes based on the time of day. Users can set custom time frames for this transition and choose which components of the operating system will change modes. To use Light Switch, users must download PowerToys and ensure they have the latest version installed.

Winsage

October 13, 2025

RIP Windows 10 – Winux ‘W10EOL’ is the Windows 11 clone that runs on Linux and makes your old PC feel new again

Windows 10 is reaching its end of life, and users will no longer receive security updates, making their systems vulnerable. Winux 11.25.10 “W10EOL” is a Windows-style Linux distribution based on Ubuntu 24.04 LTS, designed to provide a familiar interface for users unable to upgrade to Windows 11. It features a KDE Plasma 5 desktop, a new “Redsand” theme, and an upgraded system kernel 6.14 for better hardware compatibility. Winux includes PowerTools 1.8.3 to replicate popular Windows utilities, supports .exe and .msi installers via Wine, and allows access to Android apps through an integrated PlayStore. It also provides native OneDrive access, Microsoft Teams Preview, the Edge browser, Mozilla Thunderbird for email, and OnlyOffice 9 for document editing. The OS includes live wallpapers, a revamped login screen, and over 1GB of updated packages. Winux 11.25.10 is available for download.

Winsage

September 26, 2025

New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware

A new form of malware exploiting Windows shortcut files (.LNK) has emerged since late August 2025, raising concerns among security teams. This malware is primarily spread through spear-phishing emails and compromised websites, using embedded commands to invoke legitimate Windows utilities for executing additional malware. Victims report unusual PowerShell calls and unexpected network connections as signs of compromise. The attacks target enterprise and consumer endpoints, particularly users with elevated privileges, using emails that mimic IT notifications to lure recipients into clicking on seemingly harmless shortcut attachments. Upon execution, the .LNK file activates Windows Explorer, loading a hidden payload that utilizes built-in binaries like mshta.exe and rundll32.exe to evade detection. The malicious .LNK file contains an OLE object pointing to a remote HTML application script, which, when executed, downloads a payload using Base64-encoded PowerShell commands. The payload is executed in memory to minimize disk writes, and the malware establishes persistence by creating a registry run key to ensure it launches automatically upon user login. Indicators of compromise include network requests to suspicious domains, anomalous process trees involving mshta.exe and rundll32.exe, and unrecognized registry entries.

Tech Optimizer

September 25, 2025

LNK Malware Leverages Windows Binaries to Evade Security Tools and Run Malicious Code

Cybersecurity researchers have identified a malware campaign utilizing Windows shortcut (.LNK) files distributed via Discord to deploy a Remote Access Trojan (RAT). The malicious file, named “cyber security.lnk,” lures users with a fake job offer PDF while executing PowerShell commands in the background. It displays a decoy document titled “Cyber Security.pdf” to distract victims during the infection process. The malware exploits the legitimate Windows utility odbcconf.exe to execute a malicious DLL named Moq.dll without triggering security alerts. A PowerShell script extracts a ZIP file containing the payload and runs it using the command: odbcconf.exe /a {regsvr "C:UsersPublicNugetmoq.dll"}. This approach bypasses standard security measures by utilizing trusted binaries. Moq.dll employs advanced evasion techniques, including modifying the AmsiScanBuffer function to disable the Anti-Malware Scan Interface (AMSI) and altering the EtwEventWrite function in ntdll.dll to prevent monitoring through event logs. The malware ensures persistence by modifying the Windows registry to run with explorer.exe at user login and communicates with its command and control server at hotchickenfly.info. The RAT can capture screenshots, gather system information, and exfiltrate data via Dropbox’s API, using AES encryption for its communications. This threat was first observed in Israel and highlights the trend of malware authors leveraging legitimate Windows tools to evade detection. Security researchers from K7 Labs have identified the malware and recommend application whitelisting and monitoring of LOLBin usage as countermeasures. Indicators of Compromise (IOCs) include specific hash values associated with the Trojan.

Winsage

March 25, 2025

5 Windows tools and apps you can’t find on other operating systems

Certain features remain exclusive to the Windows operating system, offering unique functionalities not available on Mac or Linux. Microsoft has developed tools like PowerToys, which includes nearly 20 utilities enhancing Windows functionality, and Windows Sandbox, providing a secure environment for testing applications. Windows Notepad serves as a basic note-taking and coding app with features like spellcheck and autocorrect. The Snipping Tool allows users to capture screenshots and extract text from images, while the Windows Subsystem for Linux (WSL) enables seamless access to both Windows and Linux environments. These tools are designed to enhance productivity and provide significant advantages for Windows users.

Winsage

February 8, 2025

4 reasons you should still use the Legacy Disk Cleanup utility in Windows 11

Windows includes various legacy utilities, with Disk Cleanup being a reliable tool for reclaiming storage space. Unlike the automated Storage Sense feature, Disk Cleanup allows manual operation to remove old Windows Update files. Users can access it via the Run dialog or Start menu, and it provides options to clear cache and the Recycle Bin. Disk Cleanup can also be scheduled to run automatically using Task Scheduler. It offers a user-friendly interface and a comprehensive view of removable items, making it more efficient than Storage Sense. There are concerns about the potential deprecation of Disk Cleanup, but it remains essential for managing storage on Windows 11.