I like your tools and love this talk. I have re-watched it a few times. I know the talk is very old. I still would like to point out that the study conducted by Google did not permit internet access for the AV scanners used in the test, which of course plummets the detection rate a lot, not only from the missing cloud features but also because lots of malware relies on Internet to show malicious behaviour. Extracting from that the general statement that AVs detect only 40% of malware is quite a stretch.
agvulpine nailed it and I quote because this would be a major tedium-avoider! : "Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem."
0:02:00 About this Talk 0:02:46 Sysinternals Antivirus - Don't use it!!!! 0:03:25 Malware Cleaning Steps 0:07:20 What are you looking for? 0:08:53 What About Task Manager? 0:09:14 Process Explorer 0:09:59 sysinternals tools 0:10:45 Process Explorer - Process View 0:13:23 Process Explorer - Refresh Highlighting 0:14:21 Process Explorer - Tooltips 0:15:13 Process Explorer - New Features 0:15:43 Process Explorer - Detailed Process Information 0:17:14 Image Verification 0:19:07 Sigcheck and ListDlls 0:20:27 Process Explorer - Strings 0:21:17 Process Explorer - The DLL View 0:21:45 listdlls 0:22:05 Terminating Malicious Processes 0:23:44 Cleaning Autostarts 0:24:03 msconfig in Windows 8 0:24:31 Autoruns 0:27:09 Autroruns - Alternate Profiles and Offline Scanning 0:27:46 Autroruns - New Features 0:28:08 Autrorunsc 0:28:38 Deleting Autostarts 0:28:55 Tracing Malware Activity - Process Monitor 0:30:20 Process Monitor - Filtering 0:31:07 Process Monitor - category is write 0:31:43 Process Monitor - The Process Tree 0:32:19 Real World Analysis and Cleaning 0:32:35 Cleaning Winwebsec Scareware 0:41:13 The Case of the Fake Antivirus 0:42:55 scarewarez 0:42:55 Analyzing and Lockscreen.CT 0:44:45 lockscreen.ct 0:46:45 SAFE MODE with no Shell!!!! 0:48:01 The Case of the Runaway GPU 0:50:51 bitcoin miner malware - Vicenor 0:53:54 The Case of the Unexplained FTP Connections 1:04:58 Conclusion - Analyzing and Cleaning Flame 1:06:13 Stuxnet 1:09:47 Flame 1:13:50 Summary - The Future of Malware 1:15:20 Trojan Horse - A Novel
Aaron Valdes! You and Mark are AWESOME HERO's to humanity, you do valuable things to help others, I admire and appreciate you Hero's, for not being as selfish as we humans often become~!
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on RUclips. Definitely the kind of things I usually do but I have never seen anyone else do until now.
Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem.
1:50 "Show me your browser history" 99.9% of people using Windows don't know or understand the overwhelming amount of telemetry flowing from their computers to Microsoft, including browser and search history.
data redundancy makes the wiping easier, in particular in enterprise envioments, not for the rest of us mortals storing an epic Ultima VII saved stage for years now🥴😅
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on RUclips. Definitely the kind of things I usually do but I have never seen anyone else do until now.
I like your tools and love this talk. I have re-watched it a few times.
I know the talk is very old. I still would like to point out that the study conducted by Google did not permit internet access for the AV scanners used in the test, which of course plummets the detection rate a lot, not only from the missing cloud features but also because lots of malware relies on Internet to show malicious behaviour. Extracting from that the general statement that AVs detect only 40% of malware is quite a stretch.
agvulpine nailed it and I quote because this would be a major tedium-avoider! :
"Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem."
0:02:00 About this Talk
0:02:46 Sysinternals Antivirus - Don't use it!!!!
0:03:25 Malware Cleaning Steps
0:07:20 What are you looking for?
0:08:53 What About Task Manager?
0:09:14 Process Explorer
0:09:59 sysinternals tools
0:10:45 Process Explorer - Process View
0:13:23 Process Explorer - Refresh Highlighting
0:14:21 Process Explorer - Tooltips
0:15:13 Process Explorer - New Features
0:15:43 Process Explorer - Detailed Process Information
0:17:14 Image Verification
0:19:07 Sigcheck and ListDlls
0:20:27 Process Explorer - Strings
0:21:17 Process Explorer - The DLL View
0:21:45 listdlls
0:22:05 Terminating Malicious Processes
0:23:44 Cleaning Autostarts
0:24:03 msconfig in Windows 8
0:24:31 Autoruns
0:27:09 Autroruns - Alternate Profiles and Offline Scanning
0:27:46 Autroruns - New Features
0:28:08 Autrorunsc
0:28:38 Deleting Autostarts
0:28:55 Tracing Malware Activity - Process Monitor
0:30:20 Process Monitor - Filtering
0:31:07 Process Monitor - category is write
0:31:43 Process Monitor - The Process Tree
0:32:19 Real World Analysis and Cleaning
0:32:35 Cleaning Winwebsec Scareware
0:41:13 The Case of the Fake Antivirus
0:42:55 scarewarez
0:42:55 Analyzing and Lockscreen.CT
0:44:45 lockscreen.ct
0:46:45 SAFE MODE with no Shell!!!!
0:48:01 The Case of the Runaway GPU
0:50:51 bitcoin miner malware - Vicenor
0:53:54 The Case of the Unexplained FTP Connections
1:04:58 Conclusion - Analyzing and Cleaning Flame
1:06:13 Stuxnet
1:09:47 Flame
1:13:50 Summary - The Future of Malware
1:15:20 Trojan Horse - A Novel
Aaron Valdes! You and Mark are AWESOME HERO's to humanity, you do valuable things to help others, I admire and appreciate you Hero's, for not being as selfish as we humans often become~!
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on RUclips. Definitely the kind of things I usually do but I have never seen anyone else do until now.
whats it got to do with autismm ?
You have a vaccine scar tissue injury and it’s really curable. Learn your way out of it.
@@novianindy887he is a bot and he is trying to make it seem like everyone has autism
I'm a big fan of your work Mark. Now even more I saw you also like DaftPunk.
that part was hilarious
Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem.
Mr Mark , Is there any book or site give more practical to use the tools.
It’s amazing how much help Microsoft gave to the virus developers
Who's here from the TryHackMe Sysinternals room?
Awesome conference by the way!
This was made when Windows 7 was a thing... It would be nice to have an update, with newer tools...
Same stuff going on.
Make an updated presentation on malware detection and cleaning with pdf of slides please.
It’s the same shit
hey so i wanted to know if sysinternals suite from microsoft store is completely safe. Thank you
Is not this exact recorded lecture about 5-7 years old now?
It's from 2013
1:50 "Show me your browser history" 99.9% of people using Windows don't know or understand the overwhelming amount of telemetry flowing from their computers to Microsoft, including browser and search history.
more like 99.99% of people using any form of computer or smart phone
Woooooow! Just 2 minutes in and I already like the guy.. where have you been all my life😂
Yeah, 2 min. in and I'm going to switch to Linux...
What do you think about McAfee? I have LOTS of things to say about it, but nothing nice, since IT'S malware TOO~
Oh my old friend bitcoin if i knew what I know now.
wow this guys good
How to cloning Aplikasi in explorer..?? pleasee...
Great presentation
It's from 2013 - 10 yrs late | I wanted somthiing from 2023
没有字幕
Mark, you’re a legend, I love your work but, for gawds sake, why are saying “processes” like that? It’s driving me nuts!
There was an time that malware was signed with Microsoft CERT!
Great great talk! loved it!
@1:11:30 you mean Microsoft developed it. Not the cia
why is this 3 year old video from 2013 😭
its not in cyber you able to modify the date as well
Thank you very much. Really helpfull upload.
Can you make a webshell hunting tool forensic compromise seeking tool.
Can you help with reverse engineering CTF
data redundancy makes the wiping easier, in particular in enterprise envioments, not for the rest of us mortals storing an epic Ultima VII saved stage for years now🥴😅
Next time worry about Ur own life..dnt look so deep into mine...maybe we should start calling u 007
Polo Ralph Lauren internals
Where's all Ur processors now lol😅😂? Mr know it all
holy crap he is friggin hilarious
Awesome!
Yeah no I are the man aren't you...u just know it all ...well done brother...u carry on sitting there ending processes
this is easy... don't use windows, or any products from Microsoft
⭐⭐
Legend ❤
I was in trouble..... And... I.. Used... Process Monitor!
And her is the Post-mortem :
ruclips.net/video/eVE5ULHEyzo/видео.html
Scareware????is that what u call urself..lol license to kill I don't think so
Thats what its called, fake software trying to scare you into buying their useless malicious product
Wow
hehehehehe
busy busy busy
For everybody else, half-pie serious about security, there's htop
Half-pie install method; sudo apt install htop
only for linux 💔
Run RKILL and TRON rather then this crap! They automate every step and DON'T require intervention!! Another way for Microshaft to make money! 👎
Alright, jeet.
these tools are free
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on RUclips. Definitely the kind of things I usually do but I have never seen anyone else do until now.