Windows Utilities

Winsage
June 30, 2026
The 'file in use' error in Windows indicates that a file is currently being accessed by a program, preventing deletion or renaming to avoid data corruption. This error can persist even after closing an application due to reasons such as antivirus software scanning the file, network references from other devices, or files loaded as Dynamic Link Libraries (DLLs) that remain in memory. To identify the process causing the error, Mark Russinovich developed the command-line tool Handle, which shows all open file handles, and Process Explorer, which provides a graphical interface to find and manage these handles. Microsoft is integrating Sysinternals tools into PowerToys for easier access, including the File Locksmith tool that allows users to unlock files directly. A recommended workaround for the error is to rename the file instead of deleting it, as Windows permits renaming even when a file is open.
Tech Optimizer
February 16, 2026
A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.
Winsage
February 10, 2026
The Global Group has shifted to a local execution strategy for ransomware, complicating detection and response efforts. Their infection process begins when a user opens a shortcut file with a double extension (e.g., “Document.doc.lnk”), which appears as a legitimate document due to Windows' default settings that hide file extensions. The shortcut icon mimics that of a Microsoft Word file. When executed, the .lnk file activates Windows utilities like cms.exe and PowerShell to retrieve and execute the next-stage payload, effectively bypassing traditional security controls focused on malicious documents or executable attachments.
Winsage
October 30, 2025
Event Viewer is a built-in diagnostic tool in Windows that logs every event occurring on a PC, helping users troubleshoot performance issues. It categorizes logs into Application, System, Security, and Setup sections, allowing users to focus on relevant categories during troubleshooting. Events are classified as Critical, Error, Warning, and Information, with Critical events indicating potential sources of system crashes. Users can filter logs, research Event IDs, and utilize the Details section for deeper insights. Event Viewer can be paired with Reliability Monitor for a visual overview of system stability. Many third-party diagnostic tools also rely on data from Event Viewer, making it a valuable resource for addressing persistent errors.
Winsage
October 17, 2025
Light Switch is a new tool included in the PowerToys 0.95 update from Microsoft, allowing users to transition between light and dark modes based on the time of day. Users can set custom time frames for this transition and choose which components of the operating system will change modes. To use Light Switch, users must download PowerToys and ensure they have the latest version installed.
Search