WMIC Archives

Tech Optimizer

December 24, 2024

‘Fix It’ social-engineering scheme impersonates several brands

Malicious actors are increasingly exploiting web browsers to deliver malware, often bypassing conventional antivirus defenses through sophisticated social engineering. A notable tactic involves copying harmful commands into the clipboard, allowing victims to execute them unknowingly. Recent investigations revealed a campaign using malicious advertisements and counterfeit pages that mimic reputable software brands, leading victims to a fake Cloudflare notification that prompts them to execute specific key combinations. This process triggers PowerShell code that retrieves and installs malware. The investigation began with a suspicious advertisement for a 'notepad' application, which redirected users to a Cloudflare-like page asking them to verify they are human. Instead of a standard CAPTCHA, users encountered a prompt instructing them to follow steps that would inadvertently execute a malicious command. By clicking a 'Fix It' button, the harmful command is copied to the clipboard, and users are led to paste and run it, initiating a download from a remote domain. The campaign targeted several brands, including Microsoft Teams, FileZilla, UltraViewer, CutePDF, and Advanced IP Scanner. The same domain linked to the malicious PowerShell command for Notepad++ also appeared in another campaign. Indicators of compromise include various malicious domains and URLs associated with the malware and its command and control server. Malwarebytes provides protection against these threats.

Winsage

December 16, 2024

How to rename the User folder on your Windows 11 PC

Microsoft's Windows 11 requires an active internet connection for installation and mandates the creation of a Microsoft account, which has raised privacy concerns. The User folder is automatically named using the first five letters of the associated email address, leading to issues for users with longer names. To rename the User folder, users can follow a complex process involving the Registry Editor, including creating a new user profile, switching to a local account, noting the SID of the user account, modifying the ProfileImagePath in the registry, renaming the folder in Windows Explorer, and creating a link between the old and new folder names using Command Prompt. Alternatively, users can create a new Microsoft account with the desired User folder name.

Winsage

November 1, 2024

How to use Windows 11 Volume Shadow Copy for backing up files

Windows 11 includes a feature called Shadow Copy, which allows users to create backups of files and maintain a history of previous versions. To set up Shadow Copy, users must use Task Scheduler to automate backups. The process involves creating a new task, configuring triggers and actions, and ensuring specific settings are enabled. Backed-up files are stored in a hidden folder and can be accessed through the Previous Versions feature in File Explorer. Users can also utilize System Restore and File History for additional backup options. Shadow Copy has been part of Windows for over two decades and is designed to protect against accidental deletions or modifications, but not against hardware failures or theft.

Winsage

September 27, 2024

Step-by-Step Solutions to Fix the IRQL NOT LESS OR EQUAL Error on Your Windows PC – PUNE.NEWS

The “IRQL NOT LESS OR EQUAL” error in Windows 10 and 11 indicates potential issues with system file integrity, often due to corrupted data on storage drives, damaged Windows OS files, or faulty RAM. To address this error, several methods can be employed: 1. Repair corrupted system files using DISM and SFC commands. 2. Perform a System Restore to revert to a previous state. 3. Update Windows and device drivers. 4. Run a memory test to check for faulty RAM. 5. Check the health of the storage drive and consider replacing it if failing. 6. Clean install graphics drivers. 7. Disable third-party services that may cause conflicts. It is advised to back up data before making significant system changes and to seek professional help if issues persist.

Winsage

September 23, 2024

Microsoft to Depreciate Windows Server Update Services with Windows Server 2025

Microsoft will deprecate Windows Server Update Services (WSUS) with the release of Windows Server 2025, as part of an initiative to streamline server functionalities. Other features being removed include: - IIS 6 Management Console - WordPad - SMTP Server - Windows PowerShell 2.0 Engine Additionally, several functionalities will cease to be actively developed, including: - Computer Browser service - NTLM protocols (LANMAN, NTLMv1, NTLMv2) - Remote Mailslots - TLS versions 1.0 and 1.1 - WebDAV Redirector service - WMIC tool Organizations using WSUS will need to find alternative solutions, aligning with Microsoft's cloud-first strategy.

Winsage

July 12, 2024

Microsoft explains how to install WMIC on Windows 11 before its upcoming removal

Microsoft announced plans to turn off WMIC in Windows 11, but it will still be available as a feature-on-demand. Users can continue using WMIC and Microsoft provided a guide on how to make it work. Windows 11 version 24H2 will have WMIC disabled by default, but users can enable it through the Settings menu. Microsoft's roadmap for WMIC removal is still "to be determined."