Especially when instead all that deleting and cloning it would've been a lot more productive to make a snapshot of the clean state and then just revert to that.
A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.
Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.
This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters. Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.
QEMU/KVM is rarely detected, because VirtualBox and VMware are the most popular VMs out there. btw, even in VBox & VMware you can via Registry Editor, I believe, edit sys info so that it would look like to malware that it's a real PC
9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).
Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.
I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.
More than infecting your router they can take the public IP from the internet connection of the pc, taking public informations. Most "routers" that we use in our houses do not have any computation power and decision making capabilities, everything is done by the ISP. In general yes tho, it's better to disconnect the internet connection from a virus testing virtual machine
@@norav69 The greatest risk I see is if you have a router with the default password the malware might be able to log into it and turn on port forwarding on your devices, then send your IP to an attacker, so if you then ran a service thinking it'd only be accessible locally, you might end up exposing yourself to the internet
@@norav69 Oh no they can take my PUBLIC ip whatever are they gonna do Yeah nothing that's right Network access might start becoming dangerous if you have fully unprotected devices like a camera or a washing machine on your network But let's be honnest most viruses you get are just interested in grabbing your passwords and access token
Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!
Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you. I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it. I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in? I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!
"Now imagine if I opened this on my actual computer, not a virtual machine." Your Windows Defender on your actual computer would have blocked and quarantined it as well.
As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.
good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!
@toreopp this is true, he ran the file on his vm. But he didn't completely isolate his vm from his host machine by disabling all network connections. Most viruses can escape the vm by hopping to the host machine through the network.
Windows has a optional feature called "Windows Sandbox". It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine. Its pretty good & safe and doesn't use as much space as VirtualBox.
protip: don't keep cloning the machines, use snapshots! you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple
Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM. *Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort. Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.
@@uzzybuzzy-t5h Polish domain (.pl) doesn't require you to have a polish citizenship. Also the information provided by WHOIS is supplied by the owner of the domain (it's whatever was used on domain's purchase), VPN has nothing to do with that.
nie wiem dlaczego, ale byłem przekonany, że oglądam Polski film a nie angielski, więc mnie to nie zdziwiło, czy ja już naprawdę nie odróżniam Polskiego od Angielskiego?! 😂 POLSKA GUROM 🇵🇱
this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting
I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.
you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later
well, just an upload to VT showed it's AMOS stealer (not 100% sure, maybe wrong detection & could be something different). So it seems that it's nothing incredibly new, but still interesting
If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.
Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....
you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner
I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code
I almost lost my steam account by some person pretending to be a steam admin and that I was about to get banned. I didn’t fall for it I only gave him my email and he wanted verification code, but when I checked email to change password. Which made me suspicious. He has my email though and is that a problem?
From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox
Thank you for making this video. It was educational and entertaining whilst giving us advice and warning through your experience. I'm glad you knew all of this earlier and didn't slip up. Once i got my computer infected with malware, trust me it was hard and a long process, even with my Kaspersky antivirus. Eventually, I also had to reset all my passwords. Back then i was careless, but these types of videos can prevent from others doing the same mistake. It was also nice of you to learn something and on the go shared it with us. 😊
I cannot understand why some people would put such a nasty malware inside there. It a nightmare and I am glad I watched this as my lecture did mention about a nasty Trojan that hides itself and false-sense the antivirus-windows defender into thinking it removed, when it copies itself all over register, and other c\32 files to cause mayhem. Thanks for reminding me off the dangers.
When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM. A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.
You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.
4:05 Not always. There are some out there that can jump to the host machine. There are also plenty out there that will detect if they are in a VM and not actually do anything to hide what they really are.
vegas is NOT an editing software. it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.
@@FlushDesert22 yeah fair, I use resolve lmao. But in all seriousness, at least other softwares are stable most of the time... And dont require you pay an obscene amount every time you upgrade. Also Vegas just... Doesn't have much support anymore
It used to be great until whatever they screwed up. Anything I render on vegas either is littered with black frames or extremely pixely. Sticking with pirated premiere that runs on any machine post 2013 lol
Additional advice: When using VMs to open shady files, absolutely cut off the network adapter in the VMs settings. A lot of advanced trojans are able to replicate themselves over your local network (basically all devices that are accessible throughout your home network, including your router) and aren't just limited to the machine they are executed on.
I just had the weirdest ad play before this video, basically it's a guy that's gonna jump off a really small hill and someone was trying to stop him by saying "You can still learn how to code while making money" or something along the lines of that then this guy just walks up to the camera person and says "BUT I'M STILL A JANITO-" and that's when I skipped the ad, that was a truly deep story and a weird ad 😭😭
there is inbuild windows virtual machine, which cleans everything as soon as you shut it down it is in "turn windows features on or off" and virtual machines hope it helps!!
@@WindowsDestroyerIf you're thinking of exploits capable of escaping a network isolated VM, yea, no, those exploits go for millions, they ARE NOT going to be used on a YTber
OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!
Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.
"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽
This is actually something ive thought about over the last like 4 years, when I was getting into streaming and doing YT on another channel I started to wonder how RUclipsrs/streamers/people on social media keep their accounts safe when companies or people email them for promo or to collab, or even just send a link to a YT video that might redirect them if they dont know better to check the link. Some of the people I follow on IG have posted "Email this email videos or a written statement to why you should" and so on, and I thought what if someone just hates that person and sends a fake word document and they just open it on their PC or phone and they just start stealing their shit?
Last year, i was on my 10 year old laptop, and i was playing minecraft. I was always so into minecraft, however, i was watching a youtuber by the name of ecosoldier and he told me if i went to a site then i could get a specific minecraft mod. When i went to the website, it asked if i was a bot. I said no, and then it installed a virus. But now the conputer has been wiped and i use it to play steam games to this day
even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson
Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures
Just a note; running viruses on a virtual machine is not always safe. There are viruses designed to detect virtual machines, and break out of them, infecting the actual host machine.
This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)
4:10 there should be a disclaimer that virtual box can protect ur actual pc BUT there are malware that can bypass and get to ur actual pc (not even that hard) if somebody just trusted your statment here they would think they are safe and could get theyr pc destoryed
I am an Indian who has been to your country of Switzerland, Zomato doesn’t even work outside of India, checked while I was in Switzerland and it didn’t work. It’s undoubtedly fake.
Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video: 1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do) 2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet. 3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client
@@itsTyrion I mean depends on the type of organisation u are. Most of the ones I know use outlook which it doesn't show without modifications. And outside of professional environments Gmail, yahoo etc are the average clients which also don't show it
6:06 you can use the snapshots feature, it's a better way to achieve the same result, you can also have many snapshots for different states of your system and switch between them anytime.
tip incase you didnt know - can use windows sandbox instead of a VM - then just close & restart windows sandbox - would do the same as removing the vm and resetting it up
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
![ILOVEYOU: Earth's Deadliest [Computer] Viruses](/img/1.gif)
Also, I just realised that you can reduce email spam by around 70-80% by scrolling back up to SMASH the like button
Hello. I eat rats. Are you a rat?
bet
💯
real!!
It worked
This turned from a video about viruses to an virtual box ad.
more like a Windows installation tutorial, which is crazy because the OS installer should not require one
thats the point
🗿
they deserve the promo
That's not the type of tool that would make any sense being advertised on youtube
Congratulations on getting me to watch a 14 minute long ad for VirtualBox!
lol
Especially when instead all that deleting and cloning it would've been a lot more productive to make a snapshot of the clean state and then just revert to that.
I live in india, Zomato is a legit company, and really big like doordash, this person is definitely pretending to be them.
same here, zomato doesn’t even work in europe.
I mean, definitely. He even showed the stock value of the company in the video, so it's real. Just like Sony Vegas is
ya dont say?
@@flipflops99 fr like bro saying it like it wasnt obvious they are prentended
It is a multinational company if I remember correctly
A couple years ago I fell for one of these emails on an old channel from some one pretending to be from a mobile game. After opening it, within a few hours my channel had been converted into some fake scam uploading videos about cracked editing softwares trying to spread the trojan to my audience. It was a pain to get the channel back as pretty much all my emails had been hacked and I had no proof of even owning the channel 😂. I had to completely wipe my computer and go through tons of email recovery steps. It's crazy how they're still around, and it's a good thing you made a video about this as you probably saved at least a couple youtubers from falling for it.
Huge fan of your channel! Hope this never happens again
I remember this happened to an artist named sonadrawsstuffyt
Can you gimme a shout-out?
@@SillyStarCatthe elon musk live streams…
@@twotruckslyrics oh god
Plot twist: this whole video was a virtual box promo 🗿
bruhhh :-:
VMware is better
@@sauliusvitkauskas8741 Both are pretty good but still not 100% safe
@@sauliusvitkauskas8741 true
@@sauliusvitkauskas8741 No way lol. Broadcom sucks. Open-source FTW!
Nice folder called "STOP READING MY FOLDER NAMES". Gotta love that!
I felt called out on that one 😂😂
@@geddymax3521 lol
Running suspicious software in a VM helps but doesn't completely remove any risk. The virus could steal any credentials present in the VM and potentially probe at your home network if you don't have it isolated.
also often the software can detect a VM so you have to use qemu-kvm and trick it into thinking its not running on a VM, or hyper-v might work
are there any tutorials on this
@@randomgamingin144pcan you link a tutorial
Uhh if you run VMware the vm's network connection will be isolated
@@randomgamingin144p or sandbox
This part {something|something else} is actually spintax, not personalization. It randomly picks one of the options inside the squiggly brackets (separated by a pipe), making the text unique enough that it doesn't trigger spam filters.
Btw - in virtualbox you could also create snapshots and revert back to one pre-test, this way you dont need to delete and re-clone the installation.
Clarification on virtual machines: some clever viruses can detect and potentially even escape virtual machines (although the latter is rare)
That is what wacatac is doing, it first scans to see if its on a VM and if it is then it wont run any further malware
I mean 6 out of 100 malware can do this. Your just better off playing the unlucky jackpot if that happens. But some people use web virtual machines
QEMU/KVM is rarely detected, because VirtualBox and VMware are the most popular VMs out there. btw, even in VBox & VMware you can via Registry Editor, I believe, edit sys info so that it would look like to malware that it's a real PC
@@siphovundla5057 wacatac isnt even a malware lol. its the ai scanned malware.
@@Fuzzbuzzhuzzruzzluzz VM escapes are very very rare and haven't happened in many years
9:04 it's not "HTML". H here stands for 'heuristic' and ML means machine learning. Means this virus was detected not by checking it's signature but by scanning its behavior using machine learning (AI).
What it was detected with ml because it said that was the detected file
Hey Bog, this is hilarious, I got a recent email just like this. You did well turning this into a video to educate people. Because I installed it and now everyone know my true identity and Gotham will never be safe again.
😭
Pack it up bruce wayne
@@MrBIizzard MY NAME IS THE HULK!
Well i hoped for some analysis of the virus like what it steal how it works etc.
Gotta engage knightfall protocol now
Edit: don’t forget about the 243 riddler trophies
I want you to know that this happened to my mother and I had to restart the PC from scratch and look for the programs and office keys to get it working again.
where did you get them?
I checked many sites and in the end I leaned towards BNH Software and in the end everything turned out well.
I asked you because lately I'm very distrustful of download sites
I think that's normal
Hey Bog if you see this, in the future DO NOT connect a ethernet cable or Wi-Fi they can infect your router.
More than infecting your router they can take the public IP from the internet connection of the pc, taking public informations. Most "routers" that we use in our houses do not have any computation power and decision making capabilities, everything is done by the ISP. In general yes tho, it's better to disconnect the internet connection from a virus testing virtual machine
@@norav69 The greatest risk I see is if you have a router with the default password the malware might be able to log into it and turn on port forwarding on your devices, then send your IP to an attacker, so if you then ran a service thinking it'd only be accessible locally, you might end up exposing yourself to the internet
@@norav69
Oh no they can take my PUBLIC ip whatever are they gonna do
Yeah nothing that's right
Network access might start becoming dangerous if you have fully unprotected devices like a camera or a washing machine on your network
But let's be honnest most viruses you get are just interested in grabbing your passwords and access token
@@fabienso5889 Can't wait for a virus to overtake random unprotected printeris
anyrun is a good way to do that stuff safely
6:23 If there's spelling and grammar mistakes then there's definitely something wrong in my opinion.
yeah
Running Procdot to capture all system changes in a network isolated environment, or even better, running it in a cloud SAAS like joesandbox could be a really cool follow up video! Following the exfiltration of whatever the bad actor/hacker wanted in a safe environment is always a blast, plus seeing what happens as a granular level is super cool! Awesome video!
Hi, I also got exact same Zomato impersonating email. Same text. And same second reply. At approx same time as you.
I also realized something is off, when I saw the email itself. Then after downloading and seeing the exe file, I became sure. I did not even extract it.
I think the ploy here is to get the login/password details of youtubers. Maybe possible to copy a Chrome session that has the user already logged in?
I had put a hidden mailtracker in my reply to their last email. And they did not even open the mail to check what it is about!
3:39 my bad for reading your folder names
Lol
I don't get it?
@@JosGeerink3:41
My bad, too.
why is the pfp a pic of someone on the moon
"Now imagine if I opened this on my actual computer, not a virtual machine."
Your Windows Defender on your actual computer would have blocked and quarantined it as well.
but windows defender will not 100% protect you from these viruses.
As long as it is a cookie cutter trojan and windows defender is on it is no big deal. It gets dangerous when it is tailored for your device and antivirus doesn't detect it.
0:29 nope, broken english = its a phish.
God I had such a crush on that pfp when I was a kid
@johnsilvrrI still do 😋🤤
good thing you oppened the trojan in a virtual machine. BUT I don think you have properly isolated virtualbox! You might have to check your main desktop! it might have leaked! Be safe!
He didn't run the file. He's fine.
i think it's just some cheap stealer, so nothing to worry about
@toreopp this is true, he ran the file on his vm. But he didn't completely isolate his vm from his host machine by disabling all network connections. Most viruses can escape the vm by hopping to the host machine through the network.
@@RealMol this is false.
@@RealMol They aren't able to escape, they can however gain access to unprotected devices on the network.
Windows has a optional feature called "Windows Sandbox".
It does exactly what you did with your clone of a clone of a virtual machine, where it gives you a disposable virtual Windows Machine.
Its pretty good & safe and doesn't use as much space as VirtualBox.
"it's pretty good & safe"
someone has never encountered a piece of malware not coded by a 7 year old
@@johnandericadventures Please do show me this malware that can escape from an airgapped Hyper-V sandbox. Would be handy for taking down Azure
protip: don't keep cloning the machines, use snapshots!
you take a base snapshot, then do shady stuff, and revert back to previous snapshot, it's pretty simple
If you want to take 30 min every time and restore doesn't actually restore everything the malware is still there half the time.
5:36 whoo trojan virus ladies and mentelgen got me cracked up 😂
3:40 love the "STOP READING MY FILE NAMES" folder 🤣🤣🤣🤣
Booting in a VM is sure safer EXCEPT WHEN THAT VM IS CONNECTED TO THE INTERNET!
5:46 You can also create a snapshot of the VM in VirtualBox and restore it after you're done, that way you don't have to have multiple VMs.
9:38 this gives "I always come back" vibes
Regarding the unattended file, it’s a cool feature for most people as it will setup Windows for you automatically without any user interaction (hence, unattended). The reason you get the license key error is when you are adding new VM you did not add a license key. You can use KMS Generic key which you can get from Microsoft documentation and put it in during VM creation. On the other hand, if you want to set it up manually, just check “Skip unattended installation” when creating VM.
*Unattended installation is quite common in most type 2 hypervisors (Virtual Machine software) like VMware Workstation and Parallels, and for most major OS, so it’s quite easy to setup a VM with minimal effort.
Another few things I would like to mention is you can learn more about snapshotting in VM, so you can avoid the part where you delete and clone your VM. Also you don’t have to remove floppy to solve the mount error, it is complaining no bootable device found is because you didn’t press any key when booting from the ISO.
"theres a .pl"
Ok so its Polish
"Its from the netherlands"
i was thinking the same think lol
thing*
as a polish person, i agree 😭
probably used a vpn
@@uzzybuzzy-t5h Polish domain (.pl) doesn't require you to have a polish citizenship. Also the information provided by WHOIS is supplied by the owner of the domain (it's whatever was used on domain's purchase), VPN has nothing to do with that.
10:03
Fun fact: if u have windows pro version, u can use windows sandbox too
I love that your videos don't have music. Very satisfying!
Instead of cloning, you can use a snapshot to clone a vm at a point in time, so you can restore it back after running sketchy stuff
7:57 Polish domain
Chciałem napisać 😅
nie wiem dlaczego, ale byłem przekonany, że oglądam Polski film a nie angielski, więc mnie to nie zdziwiło, czy ja już naprawdę nie odróżniam Polskiego od Angielskiego?! 😂 POLSKA GUROM 🇵🇱
POLAND MENTIONED ☝️☝️☝️☝️🦅🦅🦅🦅🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱🇵🇱💪💪💪💪💪💪💪
this stuff is fascinating, seeing how security is exploited in different ways across different operating systems. particularly in windows and how its able to regen itself. so interesting
4:33 insert vsauce music
Hahaha
DOCTOR WHOOOOOOOOOOOO
Try opening it without windows defender turned on
💀💀
Virtual machines are for cowards!
Could be a cool video idea if he gets some really old laptop for super cheap
he would get a trojan virus, nothing interesting
I would recommend always turning off network connection from the virtual machine. As this way the malicious codes can infect your wifi and other devices connected in real-time.
you know what, I was more interested in the Mac version of virus in the last email as it's a bit unusual. I downloaded it, and quick check of strings showed that it's definitely a stealer. Will try to reverse it later
yeah i thought he was going to show that one but he just showed the same windows virus twice 😒
Ok, I digged a bit deeper, it's something reeeally interesting. Will completely reverse it and I guess upload a video on what it is
well, just an upload to VT showed it's AMOS stealer (not 100% sure, maybe wrong detection & could be something different). So it seems that it's nothing incredibly new, but still interesting
If you create a Linked Clone (this a snapshot that appears like a unique VM referencing the other) or a snapshot fork (checkpoint via the snapshot manager) you can reduce the VM's footprint by a lot. Utilizing checkpoints allows you to roll back the changes you made for the purpose of testing. Alternatively, if you enable the Hyper-V / Windows Sandbox in Windows Features, you gain access to a temporary VM clone built into Windows, it's a tad quicker to spin-up / get into, and can perform better.
Bro I'm from India 🇮🇳 and Zomato is an Indian food company.... It doesn't work outside of India .... Why Zomato would promote anything outside India 😂😂 .....
So why are they trying to trick people into installing malware on their machines? Even worse why don’t they support Linux? /jk
It has many services outside India
They are outside India aswell...atleast in usa and use since like 2016
so its kinda like just eat/grubhub/uber eats but in india
@@ashishjadhao115 they have stopped operating outside india
Someone: sending an email to sponsor a company
Bog: ends up sponsoring/recommending oracle virtualbox😊
you can also do this with Triage, it's what NTTS uses, and it's a website that gives you a x/10 score on how bad the malware actually is, virustotal is also a pretty good scanner
Btw NTTS Means "No Text To Speech"
@@its_air7 no one cares lmao
"woo, trojan virus ladies and mentalgen" 🤣🤣🤣🤣
I almost lost my steam account to a similar scam a few days ago. Only realised there was something fishy going on before typing in the sms verification code
I almost lost my steam account by some person pretending to be a steam admin and that I was about to get banned. I didn’t fall for it I only gave him my email and he wanted verification code, but when I checked email to change password. Which made me suspicious. He has my email though and is that a problem?
Please do an iWork vs Office. ❤ I've never seen anyone doing an in depth comparison between Apple and Microsoft in this area. Great videos. Thanks 👌
From windows 11, You can use Windows Sandbox, which is essentially a VM for these files, It under the hood uses HyperV and is usually more performant than virtualbox
Yeah it's just a random window that when you close it goes like bye bye
Thank you for making this video. It was educational and entertaining whilst giving us advice and warning through your experience. I'm glad you knew all of this earlier and didn't slip up. Once i got my computer infected with malware, trust me it was hard and a long process, even with my Kaspersky antivirus. Eventually, I also had to reset all my passwords. Back then i was careless, but these types of videos can prevent from others doing the same mistake. It was also nice of you to learn something and on the go shared it with us. 😊
Man keep doing these,really loving your work so far
Cheers!
I cannot understand why some people would put such a nasty malware inside there. It a nightmare and I am glad I watched this as my lecture did mention about a nasty Trojan that hides itself and false-sense the antivirus-windows defender into thinking it removed, when it copies itself all over register, and other c\32 files to cause mayhem.
Thanks for reminding me off the dangers.
When playing with viruses in a virtual machine, it's better to do it from a machine you don't care about like a home lab. Some viruses can and do escape containers. Please turn off your network adapter on the VM and any sharing features between the VM/Host. Snapshots also work better than cloning and are way faster - just make sure you restore to the snapshot every time you boot the VM.
A good test box would be a linux host virtualizing Windows, and if you can nest your machines that'll also work but just remember - work like each layer you try to contain can be breached.
@@joytech23 Containers such as docker? Sure, VMs? Unless you're the target of a highly sophisticated government actor, not really.
@@Follina. Escaping a container (VM or otherwise) in an environment that isn't well prepared is actually pretty easy.
@@joytech23 Unless it's connected to your home network there is really not much you can do
I'm curious about this, but I can't find any reputable sources online. Do you mind sharing any sources/how you got this information? ^^
Yup I saw this happen once forgot what youtuber it was.
I was not expecting the spy jumpscare lmao. Great video!
5:37 "ladies and mental gen" ??
_Mentalgen_
😂😂😂😂😂😂😂thankfully im not the only one who heard that
Probably a reference to an old TF2 meme. Where spy's famous catch-phrase is reversed.
mentlegen.
*proceeds to smoke guaranteed-lung-cancer-worth amount of cigarettes*
Meet the mentlegen
5:03 OK I WILL NOT READ YOUR FOLDER NAMES 😂😂😂😂😂
You can also just use Windows Sandbox if you got Windows 11 Pro. Maybe set up a read-only shared folder and disable vgpu and networking before messing with malware.
it exists on windows 10 too
4:05 Not always. There are some out there that can jump to the host machine. There are also plenty out there that will detect if they are in a VM and not actually do anything to hide what they really are.
vegas is NOT an editing software.
it's a bad attempt at one. it was good before magix bought it 💀💀💀. Also yeah, you would have gotten an email from Magix, not ... Sony Vegas PR or whatever.
You're right... It's the best one.
@@SenseiYasir uhhh no
At least Vegas doesn't require a subscription to use, and a fee to unsubscribe.
@@FlushDesert22 yeah fair, I use resolve lmao. But in all seriousness, at least other softwares are stable most of the time... And dont require you pay an obscene amount every time you upgrade. Also Vegas just... Doesn't have much support anymore
It used to be great until whatever they screwed up. Anything I render on vegas either is littered with black frames or extremely pixely. Sticking with pirated premiere that runs on any machine post 2013 lol
Additional advice:
When using VMs to open shady files, absolutely cut off the network adapter in the VMs settings. A lot of advanced trojans are able to replicate themselves over your local network (basically all devices that are accessible throughout your home network, including your router) and aren't just limited to the machine they are executed on.
W video, really smart to open the file in a virtual box :)
I just had the weirdest ad play before this video, basically it's a guy that's gonna jump off a really small hill and someone was trying to stop him by saying "You can still learn how to code while making money" or something along the lines of that then this guy just walks up to the camera person and says "BUT I'M STILL A JANITO-" and that's when I skipped the ad, that was a truly deep story and a weird ad 😭😭
there is inbuild windows virtual machine, which cleans everything as soon as you shut it down
it is in "turn windows features on or off" and virtual machines
hope it helps!!
isn't that a pro feature or sth
Isn't it called Windows Sandbox?
@@sunsetsonwheels I think sandbox is for Windows 11 only
4:08 “STOP READING MY FOLDER NAMES” is a cool detail😂
Bog when he discovers some viruses are capable of escaping Virtual Machines
How?
@@AndRei-yc3ti exploiting the networking
Or some one could do just exploits with the hypervisor
@@WindowsDestroyerIf you're thinking of exploits capable of escaping a network isolated VM, yea, no, those exploits go for millions, they ARE NOT going to be used on a YTber
no one is risking a 0day for a 110k youtuber
OH MY GOSH. THE TWO ERRORS HE JUST GOT WHEN HE MADE THE VM WERE THE EXACT 2 THAT I GOT AND SPENT OVER A MONTH TROUBLESHOOTING AND RESEARCHING THINGS. THEN THIS ISN'T EVEN RELATED TO IT AND FIXES BOTH ERRORS IN THE SIMPLEST WAY POSSIBLE!
Once someone dmed me on Discord, tried to get me to go on a SCAM Roblox website and join their group for “free robux” (they didn’t have any group funds.) And I knew it was a scam, because 1. I was logged out. 2. The Roblox logo was swapped with the charts button.
Free robux in general is already a huge red flag
@@unnamed_fruit8 nah group funds is real
@@unnamed_fruit8but still I agree
"Que gameplay incrível do novo EA FC 25, mano! 👏🔥 A forma como você controla o time é impressionante, parece até que o jogo fica mais fácil nas suas mãos! Adorei as jogadas e as finalizações, tá jogando como um profissional! Bora ver mais dessas partidas insanas! 🚀⚽
"Kindly" is scammer's favourite word
No its "redeem the card saar"
This is actually something ive thought about over the last like 4 years, when I was getting into streaming and doing YT on another channel I started to wonder how RUclipsrs/streamers/people on social media keep their accounts safe when companies or people email them for promo or to collab, or even just send a link to a YT video that might redirect them if they dont know better to check the link. Some of the people I follow on IG have posted "Email this email videos or a written statement to why you should" and so on, and I thought what if someone just hates that person and sends a fake word document and they just open it on their PC or phone and they just start stealing their shit?
2:50 and also if someone somehow finds the link(VERY SITUACIONAL!!!)
the immediate redflag is the sender not having zomato in the email
Just realised Zomato doesn't exist in other countries. Basically it's like doordash
for virtual machines, you should use snapshots instead of clones, it uses way less storage, and you can return to a specific backup when needed.
5:04 "STOP READING MY FOLDER NAMES" is literally the funniest thing ive seen-
Last year, i was on my 10 year old laptop, and i was playing minecraft. I was always so into minecraft, however, i was watching a youtuber by the name of ecosoldier and he told me if i went to a site then i could get a specific minecraft mod. When i went to the website, it asked if i was a bot. I said no, and then it installed a virus. But now the conputer has been wiped and i use it to play steam games to this day
This video basically shows that Windows Defender works great and why it should be on at least sometimes 😁😁
Google also doesn't scan Zip files if they are too large like 300 MB, they don't need a password
Reading the domain of the emails should have been where this video ended !
Thank you, was on my mind since seeing the first email.
"stop reading my folder names" bro was determined💀
7:30 POLAAAANDDDDDD RAAAAAAAAAAAAHHHHHHHHH!!!!
yea
even if it was an ad it is the best ad , i already use this application from time to time , but instead of some simulating montage you gived us a big lesson
14:00 AHH I ALWAYS FALL FOR IT
lol
Well done, sir. I would have also had some suspicion regarding this “company” (3.18 USD is hopefully _not_ a stock price you’d want to have) but the way you also handled the rest was truly remarkable. Wishing you luck in your other financial ventures
How bro gets sponsored 😭 I never get
Verified jump scare💀
Just a note; running viruses on a virtual machine is not always safe. There are viruses designed to detect virtual machines, and break out of them, infecting the actual host machine.
This looks to be the same thing that got Linus Tech Tips' channel hacked a while back. I can definitely see this working on those less tech savvy (and a virus windows defender has not seen before)
4:10 there should be a disclaimer that virtual box can protect ur actual pc BUT there are malware that can bypass and get to ur actual pc (not even that hard)
if somebody just trusted your statment here they would think they are safe and could get theyr pc destoryed
i would love it for you to review a Framework 16 laptop!
Bro gave us a VM tutorial for a video about addressing a scam, props to you man 🗣
7:38 yooo poland
Poland mentioned
I will never stop reading your folders BOGGGGG
7:41 poland mentioned!!!!!!!!
NETHERLANDS MENTIONED ASWELL!!! :D
I just realized it wasn't exactly a good thing... :(
You can use sandbox instead of VM its easier to spen and you don't need to delete them, they will be erased after you close it
I am an Indian who has been to your country of Switzerland, Zomato doesn’t even work outside of India, checked while I was in Switzerland and it didn’t work. It’s undoubtedly fake.
Alternatively, you can also use windows sandbox option for running untrusted files.
Nice informative video. I didn't know influencers get this much malicious activity in their mailbox. Interesting to see. Just a few notes regarding the video:
1) As others said, simply running a malware on a VM (although typically safe) it can bypass it or tamper with ur network. Best practice is to do it on a complete "dirty" machine and in isolated VLAN (although there is also vlan hopping as an issue but hard to do)
2) Checking the URL when clicking a link is also a good practice but not 100% safe as they can use cyrillic or greek alphabet letters which are similar to latin alphabet.
3) Mail address domains can be spoofed so even if you receive an email from a legit looking domain it probably has a different "Reply To" address (something that cannot be seen with the average email client
3) I'd say Thunderbird is pretty average and it shows it
@@itsTyrion I mean depends on the type of organisation u are. Most of the ones I know use outlook which it doesn't show without modifications. And outside of professional environments Gmail, yahoo etc are the average clients which also don't show it
6:06 you can use the snapshots feature, it's a better way to achieve the same result, you can also have many snapshots for different states of your system and switch between them anytime.
"STOP READING MY FOLDER NAMES" lmao
tip incase you didnt know - can use windows sandbox instead of a VM - then just close & restart windows sandbox - would do the same as removing the vm and resetting it up
3:42 fine i guess I'll stop😞
Lol