Alphabet Inc Google hacked my android phone with proprietary hacked firmware blobs that they extortionly refuse to unhack my phone by no human language communication opportunity to even have a voice to speak to any human responsible for the hacks
"Sometimes, these hackers can be so clever that they stop the malware from running when task manager is running" *Leaves task manager running 24/7, disconnecting from the internet when done* Hacker: "You werent suppose to do that"
I would just have done a clean install of Windows depending on how much junk I may have on it. That gets all of the malware unless it is Logofail. Also in that command was the wallet address the crypto miner was using. I don't like crypto mining but I do know that much anyhow. Unless it is gone from the computer it will just run again next time Windows starts. More advanced versions might check it to see if it is running and restart it. This not only steals from you but you might notice the CPU or graphics card running hotter if you monitor or you may notice your fans running louder than usual, even when the system is supposedly idle.
@@Myself-yh9rr Thats smart. Personally I would arduiously skim system32 and the whole windows file system, while letting some indian guy on youtube guide me through it. And then act like im smart after lol.
Back in the good old days, hackers would actually let you know when you got GOT through some type of taunt message etc. Now, actual software gives you taunts and nag screen and hackers stay on the down low.
I had windows installations trash itself on my desktop for no reason and can't tell if it's windows or a virus at this point. Even work laptops with fresh Windows installs gets bugged out at times. Pd: Tried several virus scans in the past (Kaspersky rescue disk, emsisoft emergency kit, malwarebytes to name a few) but nothing comes out of it.
@@zNoah Something similar happened to me, in my case it was the keyboard, the delete key became defective to the point that it would activate by itself, so anything that i had selected at the time would get deleted, to "solve" this i disabled the key using a program that made the key useless.
Yup I remember the time I got my friends PC hacked when I was 12 like it was yesterday. Had to have the diablo II maphack so of course I downloaded it, the screen turned blue then someone typed "Hello, how's your day going?"
@@youngjrr I said "Hey Deven, I think your computer just got hacked." He came over, took one look and hit the power button. I left to go do something else, then came back a couple days later and he had installed a virus free maphack for me.
Yep. Pls. Much more if this. I stopped disinfecting people's systems etc. I actually stopped all my IT related work some time ago but there is a severe lack of this particular type of knowledge so anyone picking up these skills are highly valuable to many people. Including themselves since this gives people more to explore and expand their skills even further. Very good channel. Keep it up!! Subbed, liked, shared!
@@johnmadsen37 You're asking the wrong question. Millennial. If you're bored and want something to do, you should give me your IP. Are you 100% sure you want my IP?
my pc is 7 years old it has a 9 year old proccesor its i3-4130 and i have my old nvidia gt 640 2gb vram edition installed btw my thermal paste has not been changed since when i had my pc the proccesor was plugged in my pc since when it came and my cpu is acting strange i am getting glitchy screens at a rare case anyone know what i have to do i do not want to spend any money to upgrade it should i install another os? right now i have windows 10 which os should i install then?
@@MLPFAN_isLost First thing to do imo is open task manager when it happens, if anything is at 100% usage then that's where your issue is from(alot of causes for high usage of X)
What I don't understand is why Microsoft doesn't make service names excluisve and especially the company name. It should be forbidden from anyone to set the company to Microsoft if it wasn't actually made by Microsoft.
You can see the company name in task manager, by right clicking on the process type on the top and clicking “Publisher”. But that won’t matter if a hacker hijacks an official process.
@@udittlamba why would they do that? This doesn't seem like correct information. Microsoft discovers a vulnerability they are going to fix it asap. Why tell the NSA? It's not like they can weaponize the vulnerability. It will be patched.
"Finds" is an interesting verb to use in that sentence. Unless by finds you meant 'implements' and keeps them in place for half decades until they become a mainstream exploit.@@udittlamba
It's kinda like saying "Criminals don't have access to guns" And then be shocked when a Felon pulls a glock on someone. Criminals don't give a shit about who forbids what xD They'll do whatever it takes to steal your stuff.
Take a free introductory course to server client communication or the HTTP protocol specifically. It'd be legit 10 hours max and you'll learn very useful knowledge for your day to day life.
So it's when someone can run scripts like commands on your computer, like one that they can run, which makes it so you can't reset your PC. They have remote access to your entire system basically.
@@Jajkong Yeah but that's like saying "if you want to bake, it's like, just take ingredients and turn them into food." It doesn't help... Basically, computers transmit data between each other using network communications. A computer program opens communication with a distant computer by its IP address (not really, that's when DNS enter the picture but let's keep it concise). Knowing this, if you examine the network activity on your computer, you can find out all of the distant computers that all of the programs running on your computer are currently communicating with. It might not tell you much, because it's kind of irrelevant if you don't know what data is exchanged, but that's a start and that's what the guy in the video is doing.
Had an issue at work years ago, back when we still had Windows XP on the machines (late to move to Windows 7). Task Manager would show explorer at 50% and would freeze for ages. Eventually I was actually given time to investigate (managers deciding just wiping the laptops is quicker have no idea. It wasn't quicker). Used Process Explorer and could see one .dll in Explorer was causing explorer to run at 50%. Turned out it was a pgp dll that just scanned the network for files that were encrypted so it could change the display icon. We never encrypted files just used PGP for whole drive encryption. I disabled the .dll and it fixed the issue in under a min, compared to wiping the laptops and starting again.
I think I speak for everyone when I say…. that You Sir are hands down some of the absolute best value of our time spent watching online content! Thank you for your incredible devotion to others.
Yeah, and the svchost in windows is like xinetd in linux. The difference being the latter is far easier and you can tell exactly what it does or what you let it do, based on easy and simple text configs, so it's much much safer. Windows svchost... I have no idea what it executes or if there is a way to manage it.
@@stan22677 Wrong. After Windows 7 there has not been a new operating system by Microsoft. Windows 8, 8.1, 10, and 11 are not operating systems, they are apps built on the Windows Mobile platform. Microsoft has preprogrammed backdoors into every one of their operating systems and apps to allow hackers, advertisers, and government agencies to use. Sure the hackers side wasn't intentional, but having 1 open backdoor into the system invites them in. The security updates you speak of block the old holes and open new holes. It takes the average malicious user roughly 1 hour to rewrite their code after an update is released to use the new holes. All they do is open up the security update files and locate the new holes. So before trying to belittle someone, maybe you should get your facts straight. Nothing Microsoft has made since Windows XP is safe and secure for the average consumer.
Just getting back into the PC for fun world after 10 years hiatus, really appreciate this video man. Picked up sysinternal (thanks for sharing about that, didn't even know) and have been playing around with couple of the tools you used here. Definitely need to learn more about network security, looking forward to your other videos
The dead giveway in the Task manager is the process has no name. SVCHost is a legit process that runs on Windows, but it would list itself as SVCHost in the Task manager, so the fact it doesn't show a name is a huge sign, not to mention the high resource usage as you mentioned. Monitoring your overall system usage is a good way to determine if something suspicious is going on. Of course if you're running programs or doing something, then this will sort of muddy the information but if you're computer isn't doing anything and no programs are open but you ahve high usage, chances are you PC is hacked (there is a slightly delay though when you close programs, as some programs do have to do some clean up tasks behind the scenes, but say after a minute, if the resource usage doesn't settle down after closing all programs, then you may have a problem).
07:09 : This scenario you describe could have never happened if MS hadn't removed useful utilities that they used to have until windows 7. Spesifically , until windows 7 you could always have enabled a gadget which was monitoring the CPU and RAM usage of the system !! No matter how smart a malware is , *if you can monitor the CPU/RAM all the time(like you could back then) ,then it can not hide from you* . I always had this gadget enabled , until MS removed it from windows 10 and later . Such a useful monitor utility , windows are going backwards instead of going forward .... -- P.S. This utility had helped me to find that something was wrong in a PC in my work enviroment and ultimately this helped me to spot a malware and clean that PC .
@@Mario583a what you are saying exists in all of windows versions(you could see a version of a recource manager in windows 7 as well ) , but do you know anyone who would have such a huge bulky thing *always enabled* on their monitor ??? that's what i argued in what PC Securiy channel said , *he said that a sophisticated malware can recognise whenever the resource manager is being opened , so it hides itself when that happens* . What i'm saying is about a very small (takes very little space on the top-corner of the monitor) but super-useful gadget that existed until windows 7 , which anyone could afford to have it *ALWAYS-ON* ,and it could be used for a very quick glimpse to check if everything is normal in your system recources . You had the option to have that gadget always on ,permanent , while what you say has to be re-activated with every PC-restart , besides the fact that it's not practical to have it always on (very bulky as i said ,i don't know many people who would chose to have something like that always enabled on their monitor ... do you have that always on ? *that's what i argued in the first place* ... the always-on part ... )
It doesn't come with Windows, so this isn't a direct answer, but Process Explorer effectively serves that purpose (at least the way I use it); I have it auto-load into the taskbar tray on boot and sit there showing system resource graphs all the time. PSA: Use Process Explorer. It's much more useful than Task Manager.
These videos are just great. I really enjoy the way you present this information. This is such a nonintuitive subject for most people, and yet it's so critical to learn the fundamentals... Thank you :)
2:00 process explorer rather than process monitor, maybe the priogram changed name in his more recent vid 2:30 sudeenly taking alot of cpu 4:50 making sure miner goes away 5:38 how to know which of these is legitmate or not 7:10 miners canbe smart drop processes when u opne task mangaer 8:20 terminating process tree then summary of above
Hi Leo, excellent video. This is a wake-up call to action to understand the art of network security and how easily you can be hacked into by anybody who is trying to do harm to you on the Internet. There's more concern for people attempting to exploit you in many ways. Is encrypting your browser the best way of blocking information? Is encrypting your protected folders the best way to protect you from would-be attackers?
Hello, nice video. Once thing though, you didn't tell your viewers how to find the actual EXE on the Windows system and how to do a VirusTotal scan. Also, you didn't mention how to find and remove the autostart entry and all mention of the EXE in the Registry. Finally, it should be possible to block the in/outgoing traffic using Windows Firewall.
I had that XMR miner, and he's right, sometimes they can't be detected. Windows Defender and the full version of Malwarebytes didn't see it. I ran a tool called AdwCleaner and it was able to find it. It's a free tool made by Malwarebytes, but it's a separate download.
Videos like these are so important it's almost a crime you don't have more views and subs, if I were a boss at RUclips I would be pushing content like this like crazy.
Absolutely interesting video and just made me think if my old PC had CryptoMiner on it because the CPU usage went up randomly alot and the system was using all of it, Deserved Sub and Like.
It is not possible to know your system hasn't been hacked without performing an offline analysis. Preventing compromise is critical for proper security (and if you do find something sufficiently suspect, start fresh with an offline installation of OS and Anti-Virus).
@@Bllueee for simple analysis, you can boot from your installation media in recovery mode. That will give you access to command prompt and basic tools. For more complex analysis, create a Windows PE boot image from a clean system, write it to either DVD or USB (DVD preferable on DVD as it is read only (you would need to copy on tools like anti-virus and malware scanners). However, for a professional offline analysis, its easier to get one of the solutions provided by the major anti-virus vendors. I'll add a link in the following post to Symantec's solution, each vendor will have something similar.
@@goddessesstartrekonlinefle3061 Im paranoid cuz i downloaded 3 zip files, i extracted them but didn't run the .exe/.aex files inside, freaked out and deleted them. Now i dont know if im at risk. They were plugins for Adobe AE from a youtuber so im just paranoid here not knowing what the next step is or if i should format my pc
Honestly, thank you so much for this video. It really helped me to not only remove the xmrig file from my computer, but also confront the attacker themselves. Thank you so much
You said that a cryptominer can lower the activity or shutdown its software so that you don't see it with task manager. In that case how do find it and deal with it?
Well, it feels nice to rub your paranoia every once in a while and feels even better to know that you hadn't any malware before probing your computer like mentioned in this video. Although, I remember being infected with a "svchost"-type virus once. Took me a lot of effort to find it because it was some 4-5 years ago and your video just didn't exist back then
Glasswire has a good service where it forces connections to go through an "allow/deny" prompt. It also does a scan on VirusTotal of the executable before it prompts you.
Hey, that's really cool! If it's free and there's a whitelist function (to always allow my PC to connect to discord, steam, google, youtube, etc.), I can see myself using it. Thanks for letting people know! Edit: it's paid, but there's a lite version where you can still tell what's going on, so I'll most surely use that
Oooh that reduction on power when task manager opens is nasty. I had one of those and I never was able to find it, so I reimaged my PC (after backing up my files)
@@Adama.1 Performance dips while running games that did not dip before and lag on startup I don't know for *certain* that's what it was, but it's the only explanation I've found that makes sense
Everything you have explained seems very legitimate and logical to my understanding to my knowledge. Thank you for this video. Didnt hear you mention any, but are there any recommended Anti-Malware systems that you would recommend, (if any) to prevent or minimize these so one doesn't have to always have to manually remove them?
This is assuming that most people know the difference between a suspicious IP address and one that is essential for your computer. I tried to eliminate a suspicious IP address years ago and removed something critical in my system. In the end I had to reload the entire OS and start from scratch!
If you like being a little bit more proactive, there's a feature for denying/allowing first time connection, too. It also scans on VirusTotal before it prompts you.
If you have some issues to find the Malware. Solution #1: Run Process Explorer, go to Options and check "Run at Logon". Also check "replace Taskmanager". Solution #2: If u can't find the Malware, make fresh Windows install.
Thank you for this video. Unfortunately i won't be able to use it because my brain just can't take in this information with ease, at all, but I'm glad for everyone else this video helps!
these malwere requires internet to transfer data from your pc/laptop, if you open your resource monitor you can view your network activity, close your app that require internet and check which activity is running.
Hi, can you do a video on the largely fileless WMI Hijacking malware (using system service processes to appear legit)? I can't seem to do anything about it except remove some registry keys and remove some startup entries and .VBS scripts to no avail. Thanks, would be awesome!
This should be mandatory to teach in high school. It boggles my mind how O was never taught any of this and told to simply mindlessly trust the security software.
My main concern is that I must look at multiple attachments for my work. We know that there are several phishing attacks/malware that come through. As it is a remote job, I work on my personal Laptop. I have Windows 11 Home. I had a bitch of a time trying to get VMware and Virtual box for my VM, which failed...and now, I successfully activated Sandboxie. I followed all of these instructions, but am afraid I may still be vulnerable. Do you have any suggestions?
2:57 lol, you made me just involuntarily open task manager just to check my cpu/gpu load... hehe, Now, i will continue to see your clip. 😁 P.S.: Can you please put the link to the previous clip in this topic in the description or as a comment? It is so hard to look for specific clip on yt than we sometimes abandon that. Usually i go for specific date, but searching to the whole channel just for a date is tremendous and a few people will do it. Yours, is only 4 month old now, so is not hard to reach, but later on it will be harder and harder. So, if you can, just put the link to previous clip and keep retention more. Thanks!
In my case there is windows delivery optimization which randomly starts up and uses a lot of resources but it stops when I use my pc and again starts when I leave my pc idle
This is good, but omg I was looking all over the Process Explorer App for "TCP View", I even looked in the view menu but couldn't see it and then at the end when I seen you switch to it I realise it was another program hahaha!
This is one of the main reasons I switched to Linux. It's more secure and doesn't spy on you like Microsoft. I even switched my Mom's PC to Linux and she's doing fine on it since she mainly only uses the browser and doesn't install apps. I also got her a hardware firewall (Firewalla Purple) that I can use to monitor her network from anywhere using my phone. Now I feel more secure when using her PC when logging in to my online accounts. 😅
Don't get too cocky though, no system is perfect and Linux absolutely can be pwned if someone cares enough. More easily so if you ever get a little on the lazy side with security updates or even better you simply get cocky that makes a basic social engineering attack so easy. Trust me on this I do a lot of penetration testing for a living, exploiting those that get cocky is as easy as exploiting the extremely dumb aka it's taking candy from a baby level stuff. While working I have to work hard not to let it be obvious how much my eyes light up when people seem to imply they are somehow immune because their system is so much better, I know my job just became infinitely easier.
Man, I wish there was a better option than Windows without losing access to so much of my game and software library and without having to spend a lot of extra time and effort on config and maintenance.
Mate, last month my laptop’s cpu’s core 0 was 100% constantly, i was suspecting a virus, and after watching this, i believe it definitely was one, svhost was the one using the most cpu constantly. i didn’t find this video earlier, so i had to reset the entire laptop 2 times, before updating some drivers, then the virus is gone, it is so weird.
So we know that this process is malicious, but how do we know which program (virus) does that? I mean if the virus/malware auto-run when you start your PC, you need to kill the malicious process everytime?
Me, when some malicious software is installed: "Okay, my dear USB flash drive with windows installer, it is now your turn..." Like seriously, I got caught with a miner that persisted in the system and was closing and crashing all of the healing stuff, task manager, browser whenever I was trying to google how to cure my pc from malwares, all that kind of stuff, so It was easier for me to just reinstall windows. I haven't lost any valuable data in particular, so i'm good.
Hi, great video. Would you please consider linking to the videos you reference in your videos? You say "in the previous video we did such and such" but it's hard to know what that video is. Thanks! Great work by the way!
Damn I noticed that one my laptops fan gets crazy after turning on, and suspiciously get quieter after I open the task manager, gonna have to take a look on thas one
The impression that i got was really amazing i finally got mine fixed by someone i suggest you send him a message request he can be of assistance to you
I had a problem with a bitcoiin miner about a year ago. I noticed it was running my CPU insanely high for nothing. Used TM to suss it out and kill, but everytime I booted my PC, it kept coming back. So basically, I just did a bunch of trail and error, referencing processes, scared out of my mind i'd accidentally delete my system32 folder or something stupid like that. Turned out, the the process somehow got root level and I had to access my activation settings to figure out where it was really coming from, since the file came back whenever I rebooted. Once I killed the boot process, I was able to kill the process and finally delete the source file. Felt like a super hacker at the time, but man, I coulda made it much easier, apparently.
Great tutorial - But what I am missing here is how you determined that it was a threat and will the tool help in color-coding these threats so they can be visually ID'ed? My list of processes is very long and from the Icons I can determine what, but without some kind of indication I am afraid it is hard to identify - Can you also tell me where I can download the graphical toll "United Graph"...Please advise, Thanks!
One big question I have is, how do we make sure we don't get this crypto miner on our pc? How does it even get in your pc in the first place and how do we prevent it so that we won't have to do all this?
It comes from clicking on any random link without thinking or opening any email attachment. Sadly, in nearly 100% of cases, a PC infection comes from user interaction.
It can come from many different places. If you download a lot of files, especially user hosted torrents, you're more than likely getting a crypto miner with it. People can also get into websites which aren't looked after much and replace download links with files of their own, so you may get what you're intending to download but you're also getting what some hacker has injected into the link. An incredibly popular way to get crypto miners on systems is to make videos like "How to get infinite money in GTA Online" or whatever cheat for whatever game, because some clueless kid is probably going to click on every single link in the description and allow permissions for everything they download, then they're not going to notice that their mom's computer is running slower than it used to.
Just by finding this video on my recommendations, i'm very suspicious now
Like the girl that found out she was pregnant because google kept recommending baby clothing ads 🤔
Same dude
One doesn't search this video, the hacker tell them this video
@@idunapel5401 oh fuck
Many viruses are blocking sites and videos like that, so you are safe
I just assume its always hacked
bro using his intuition for security
Assume breach. Actually used method in cyber security.
Alphabet Inc Google hacked my android phone with proprietary hacked firmware blobs that they extortionly refuse to unhack my phone by no human language communication opportunity to even have a voice to speak to any human responsible for the hacks
Correct
hahaha same here, Im 100% Ive been hacked like 2 weeks ago, for the 30th time. xd
"Sometimes, these hackers can be so clever that they stop the malware from running when task manager is running"
*Leaves task manager running 24/7, disconnecting from the internet when done*
Hacker: "You werent suppose to do that"
Big brain plays
Outplayed
turn off auto reconnect, make sure bios settings reflect said off state as some settings put it in a waiting for "wake" signal as a default.
I would just have done a clean install of Windows depending on how much junk I may have on it. That gets all of the malware unless it is Logofail. Also in that command was the wallet address the crypto miner was using. I don't like crypto mining but I do know that much anyhow. Unless it is gone from the computer it will just run again next time Windows starts. More advanced versions might check it to see if it is running and restart it. This not only steals from you but you might notice the CPU or graphics card running hotter if you monitor or you may notice your fans running louder than usual, even when the system is supposedly idle.
@@Myself-yh9rr Thats smart. Personally I would arduiously skim system32 and the whole windows file system, while letting some indian guy on youtube guide me through it. And then act like im smart after lol.
Back in the good old days, hackers would actually let you know when you got GOT through some type of taunt message etc. Now, actual software gives you taunts and nag screen and hackers stay on the down low.
I had windows installations trash itself on my desktop for no reason and can't tell if it's windows or a virus at this point.
Even work laptops with fresh Windows installs gets bugged out at times.
Pd: Tried several virus scans in the past (Kaspersky rescue disk, emsisoft emergency kit, malwarebytes to name a few) but nothing comes out of it.
@@zNoah Something similar happened to me, in my case it was the keyboard, the delete key became defective to the point that it would activate by itself, so anything that i had selected at the time would get deleted, to "solve" this i disabled the key using a program that made the key useless.
Yup I remember the time I got my friends PC hacked when I was 12 like it was yesterday. Had to have the diablo II maphack so of course I downloaded it, the screen turned blue then someone typed "Hello, how's your day going?"
@@James-uk4xiah hell naw💀… what happened after that ?
@@youngjrr I said "Hey Deven, I think your computer just got hacked." He came over, took one look and hit the power button. I left to go do something else, then came back a couple days later and he had installed a virus free maphack for me.
Yep. Pls. Much more if this. I stopped disinfecting people's systems etc. I actually stopped all my IT related work some time ago but there is a severe lack of this particular type of knowledge so anyone picking up these skills are highly valuable to many people. Including themselves since this gives people more to explore and expand their skills even further. Very good channel. Keep it up!!
Subbed, liked, shared!
Me is a targeted induvidual. The government is following me.
You think glasswire firewall prevents stuff like this? It stops bs microsoft apps from connecting.
I’m bored. What’s your IP?
@@johnmadsen37 You're asking the wrong question. Millennial. If you're bored and want something to do, you should give me your IP.
Are you 100% sure you want my IP?
highly recommended Man even for average user
As someone who's PC has been getting frequent CPU spikes, I'm definitely using this video in the (probably near) future.
How old is your pc btw? If it's more than 2+ yrs old, and there's no malware, it might be just be your PC getting close to warranty.
@@R.K_Chalkboard omg, imagine a pc with 2 years already dieing lol
Are your graphics drivers updated?
my pc is 7 years old it has a 9 year old proccesor its i3-4130 and i have my old nvidia gt 640 2gb vram edition installed btw my thermal paste has not been changed since when i had my pc the proccesor was plugged in my pc since when it came and my cpu is acting strange i am getting glitchy screens at a rare case anyone know what i have to do i do not want to spend any money to upgrade it should i install another os? right now i have windows 10 which os should i install then?
@@MLPFAN_isLost First thing to do imo is open task manager when it happens, if anything is at 100% usage then that's where your issue is from(alot of causes for high usage of X)
What I don't understand is why Microsoft doesn't make service names excluisve and especially the company name. It should be forbidden from anyone to set the company to Microsoft if it wasn't actually made by Microsoft.
You can see the company name in task manager, by right clicking on the process type on the top and clicking “Publisher”. But that won’t matter if a hacker hijacks an official process.
@@memememeson3994 funny tangential fact. when microsoft finds an exploitable bug in windows, they report to NSA first instead of fixing it.
@@udittlamba why would they do that? This doesn't seem like correct information. Microsoft discovers a vulnerability they are going to fix it asap. Why tell the NSA? It's not like they can weaponize the vulnerability. It will be patched.
"Finds" is an interesting verb to use in that sentence. Unless by finds you meant 'implements' and keeps them in place for half decades until they become a mainstream exploit.@@udittlamba
It's kinda like saying "Criminals don't have access to guns" And then be shocked when a Felon pulls a glock on someone. Criminals don't give a shit about who forbids what xD They'll do whatever it takes to steal your stuff.
I was hoping to learn how to know if my PC is hacked by watching this video, but instead all I learned is that I have no idea how networking works.
Take a free introductory course to server client communication or the HTTP protocol specifically. It'd be legit 10 hours max and you'll learn very useful knowledge for your day to day life.
lmaoo exactly
Real
So it's when someone can run scripts like commands on your computer, like one that they can run, which makes it so you can't reset your PC. They have remote access to your entire system basically.
@@Jajkong Yeah but that's like saying "if you want to bake, it's like, just take ingredients and turn them into food." It doesn't help...
Basically, computers transmit data between each other using network communications. A computer program opens communication with a distant computer by its IP address (not really, that's when DNS enter the picture but let's keep it concise).
Knowing this, if you examine the network activity on your computer, you can find out all of the distant computers that all of the programs running on your computer are currently communicating with. It might not tell you much, because it's kind of irrelevant if you don't know what data is exchanged, but that's a start and that's what the guy in the video is doing.
"If you open up something like Task Manager, they just drop all of their resource usage"
I guess good thing I have Task Manager always open?
XD
Thats smart af
Clever
Some of them are probably smart enough to know when you have the actual window pulled up.
Buy her a Mac if you love her. Or build her a Linux machine.
Had an issue at work years ago, back when we still had Windows XP on the machines (late to move to Windows 7). Task Manager would show explorer at 50% and would freeze for ages. Eventually I was actually given time to investigate (managers deciding just wiping the laptops is quicker have no idea. It wasn't quicker). Used Process Explorer and could see one .dll in Explorer was causing explorer to run at 50%. Turned out it was a pgp dll that just scanned the network for files that were encrypted so it could change the display icon. We never encrypted files just used PGP for whole drive encryption. I disabled the .dll and it fixed the issue in under a min, compared to wiping the laptops and starting again.
Do you think that completely deleting Windows and reinstalling it will remove any viruses?
@@User-jr7vf Yes. Although as Mark Russinovich said in one of his malware talks. You shouldn't have to. You can clean a system without wiping Windows.
I think I speak for everyone when I say…. that You Sir are hands down some of the absolute best value of our time spent watching online content! Thank you for your incredible devotion to others.
did you found the program he's using to monitor the processes?
Basically Microsoft lets Windows be so buggy, that actual malicious activity can appear normal.
Microsoft never said they were doing it right lol 😂
That's because modern window *is* malicious spyware
@@kristopherleslie8343 No one brought up what Microsoft did or didn't say pea brain... lol 😂
Yeah, and the svchost in windows is like xinetd in linux. The difference being the latter is far easier and you can tell exactly what it does or what you let it do, based on easy and simple text configs, so it's much much safer. Windows svchost... I have no idea what it executes or if there is a way to manage it.
@@stan22677 Wrong. After Windows 7 there has not been a new operating system by Microsoft. Windows 8, 8.1, 10, and 11 are not operating systems, they are apps built on the Windows Mobile platform. Microsoft has preprogrammed backdoors into every one of their operating systems and apps to allow hackers, advertisers, and government agencies to use. Sure the hackers side wasn't intentional, but having 1 open backdoor into the system invites them in. The security updates you speak of block the old holes and open new holes. It takes the average malicious user roughly 1 hour to rewrite their code after an update is released to use the new holes. All they do is open up the security update files and locate the new holes.
So before trying to belittle someone, maybe you should get your facts straight. Nothing Microsoft has made since Windows XP is safe and secure for the average consumer.
Just getting back into the PC for fun world after 10 years hiatus, really appreciate this video man. Picked up sysinternal (thanks for sharing about that, didn't even know) and have been playing around with couple of the tools you used here. Definitely need to learn more about network security, looking forward to your other videos
Too easy! Recently found multiple signed & undetected malware on my Mom’s PC. She’s always downloading random stuff lol
Take her pc away
@@RimFaxxe Yeah right
@@RimFaxxe the ultimate uno reverse card
Create another account for her with limited access.
Buy her a Mac , windows is trash
The dead giveway in the Task manager is the process has no name. SVCHost is a legit process that runs on Windows, but it would list itself as SVCHost in the Task manager, so the fact it doesn't show a name is a huge sign, not to mention the high resource usage as you mentioned. Monitoring your overall system usage is a good way to determine if something suspicious is going on. Of course if you're running programs or doing something, then this will sort of muddy the information but if you're computer isn't doing anything and no programs are open but you ahve high usage, chances are you PC is hacked (there is a slightly delay though when you close programs, as some programs do have to do some clean up tasks behind the scenes, but say after a minute, if the resource usage doesn't settle down after closing all programs, then you may have a problem).
07:09 : This scenario you describe could have never happened if MS hadn't removed useful utilities that they used to have until windows 7.
Spesifically , until windows 7 you could always have enabled a gadget which was monitoring the CPU and RAM usage of the system !!
No matter how smart a malware is , *if you can monitor the CPU/RAM all the time(like you could back then) ,then it can not hide from you* .
I always had this gadget enabled , until MS removed it from windows 10 and later . Such a useful monitor utility , windows are going backwards instead of going forward ....
-- P.S. This utility had helped me to find that something was wrong in a PC in my work enviroment and ultimately this helped me to spot a malware and clean that PC .
Or you just fully move to Linux, where no system process can run without a root password.
There is a thing called Resource Manager,
@@Mario583a what you are saying exists in all of windows versions(you could see a version of a recource manager in windows 7 as well ) , but do you know anyone who would have such a huge bulky thing *always enabled* on their monitor ??? that's what i argued in what PC Securiy channel said , *he said that a sophisticated malware can recognise whenever the resource manager is being opened , so it hides itself when that happens* .
What i'm saying is about a very small (takes very little space on the top-corner of the monitor) but super-useful gadget that existed until windows 7 , which anyone could afford to have it *ALWAYS-ON* ,and it could be used for a very quick glimpse to check if everything is normal in your system recources .
You had the option to have that gadget always on ,permanent , while what you say has to be re-activated with every PC-restart , besides the fact that it's not practical to have it always on (very bulky as i said ,i don't know many people who would chose to have something like that always enabled on their monitor ... do you have that always on ? *that's what i argued in the first place* ... the always-on part ... )
It doesn't come with Windows, so this isn't a direct answer, but Process Explorer effectively serves that purpose (at least the way I use it); I have it auto-load into the taskbar tray on boot and sit there showing system resource graphs all the time.
PSA: Use Process Explorer. It's much more useful than Task Manager.
@@maynnemillareslinux is not beginner friendly
These videos are just great. I really enjoy the way you present this information. This is such a nonintuitive subject for most people, and yet it's so critical to learn the fundamentals... Thank you :)
I clicked on this video knowing full well that the knowledge would stress me out. Ignorance truly is bliss
2:00 process explorer rather than process monitor, maybe the priogram changed name in his more recent vid
2:30 sudeenly taking alot of cpu
4:50 making sure miner goes away
5:38 how to know which of these is legitmate or not
7:10 miners canbe smart drop processes when u opne task mangaer
8:20 terminating process tree
then summary of above
I couldn't help but notice that your background is Elizabeth Quay in Perth, Western Australia. Nice!
You can see the jelly fish!
Hi Leo, excellent video. This is a wake-up call to action to understand the art of network security and how easily you can be hacked into by anybody who is trying to do harm to you on the Internet. There's more concern for people attempting to exploit you in many ways. Is encrypting your browser the best way of blocking information? Is encrypting your protected folders the best way to protect you from would-be attackers?
Your browser traffic is already encrypted.
Well probably the best move you can make is by switching to either MacOS or Linux
@@seansingh4421even a chromebook and chromebox would be better. Using any of the above would be the #1 thing.
@@seansingh4421 “singh”
Go back to India 😂
@@seansingh4421lol no
Hello, nice video. Once thing though, you didn't tell your viewers how to find the actual EXE on the Windows system and how to do a VirusTotal scan. Also, you didn't mention how to find and remove the autostart entry and all mention of the EXE in the Registry. Finally, it should be possible to block the in/outgoing traffic using Windows Firewall.
I had that XMR miner, and he's right, sometimes they can't be detected. Windows Defender and the full version of Malwarebytes didn't see it. I ran a tool called AdwCleaner and it was able to find it. It's a free tool made by Malwarebytes, but it's a separate download.
Hell yeah, this worked. There was something using my HDD and solved it with this
i will use that, thanks
thanks
Does bitdefender work? Because my PC is always using all of my CPU.
And when I open process explorer or task manager, it drops down to 3 percent
Videos like these are so important it's almost a crime you don't have more views and subs, if I were a boss at RUclips I would be pushing content like this like crazy.
Some malwares stops when you open Process Explorer too. I discovered I had a Crypto Mining Malware thanks to Nvidia GPU Activity.
In case you're wondering, that's a monero cryptominer. You can probably even see the wallet id number on the first app.
Thanks!
Damn this guy was really thankful.
very nice how the logo brightens up when you say Subscribe.
Me and my hacker watching this together :📝✅
😂😂😂😂😂😂😂
Don't give up mate, that was my first day to use soft soft and i will work on it for a long ti!
HOLYY SHIITTT I LOVE YOU ❤❤❤ I'VE BEEN SEARCHING AROUND THE INTERNET FOR 5 HOURS AND THEN NOW IT'S OVER FINALLY I LOVE YOU MAAN
0:25 nobody cares but that’s the Elizabeth quay bridge
Absolutely interesting video and just made me think if my old PC had CryptoMiner on it because the CPU usage went up randomly alot and the system was using all of it,
Deserved Sub and Like.
depends how much if its only bump up to 20% or less its normal
@@ivo3598 It bumps up to 80-90% very often and system is using all of it
Here finding new ways to help my grandmother. Thank you very much
The comnt section is very positive and downright encouraging! Love it!
It is not possible to know your system hasn't been hacked without performing an offline analysis. Preventing compromise is critical for proper security (and if you do find something sufficiently suspect, start fresh with an offline installation of OS and Anti-Virus).
how do you do an offline analysis?
@@Bllueee for simple analysis, you can boot from your installation media in recovery mode. That will give you access to command prompt and basic tools.
For more complex analysis, create a Windows PE boot image from a clean system, write it to either DVD or USB (DVD preferable on DVD as it is read only (you would need to copy on tools like anti-virus and malware scanners).
However, for a professional offline analysis, its easier to get one of the solutions provided by the major anti-virus vendors.
I'll add a link in the following post to Symantec's solution, each vendor will have something similar.
@@goddessesstartrekonlinefle3061 Im paranoid cuz i downloaded 3 zip files, i extracted them but didn't run the .exe/.aex files inside, freaked out and deleted them. Now i dont know if im at risk. They were plugins for Adobe AE from a youtuber so im just paranoid here not knowing what the next step is or if i should format my pc
Honestly, thank you so much for this video. It really helped me to not only remove the xmrig file from my computer, but also confront the attacker themselves. Thank you so much
I just wanna say buddy I love your channel. Thank you for your work.
Microsoft hacks my system all the time with updates.
Omg I think this random video solved exactly the issue u have been having for a few months now
You said that a cryptominer can lower the activity or shutdown its software so that you don't see it with task manager. In that case how do find it and deal with it?
Well, it feels nice to rub your paranoia every once in a while and feels even better to know that you hadn't any malware before probing your computer like mentioned in this video. Although, I remember being infected with a "svchost"-type virus once. Took me a lot of effort to find it because it was some 4-5 years ago and your video just didn't exist back then
Glasswire has a good service where it forces connections to go through an "allow/deny" prompt. It also does a scan on VirusTotal of the executable before it prompts you.
Hey, that's really cool! If it's free and there's a whitelist function (to always allow my PC to connect to discord, steam, google, youtube, etc.), I can see myself using it. Thanks for letting people know!
Edit: it's paid, but there's a lite version where you can still tell what's going on, so I'll most surely use that
Same does Windows Firewall Control, add-on for Windows Firewall to make it easier to manage. Also can prevent injection of unwanted firewall rules
windows firewall doesnt block connections to microsoft.@@Panocek
Oooh that reduction on power when task manager opens is nasty. I had one of those and I never was able to find it, so I reimaged my PC (after backing up my files)
How did you know your pc was infected in the first place then?
@@Adama.1 Performance dips while running games that did not dip before and lag on startup
I don't know for *certain* that's what it was, but it's the only explanation I've found that makes sense
Everything you have explained seems very legitimate and logical to my understanding to my knowledge. Thank you for this video. Didnt hear you mention any, but are there any recommended Anti-Malware systems that you would recommend, (if any) to prevent or minimize these so one doesn't have to always have to manually remove them?
tronscript, malwarebytes, Adwcleaner by malwarebytes
checked this out for myself, turns out my computer is just ass slow
good video anyways sure to be helpful for others
This is assuming that most people know the difference between a suspicious IP address and one that is essential for your computer. I tried to eliminate a suspicious IP address years ago and removed something critical in my system. In the end I had to reload the entire OS and start from scratch!
Yeah, I don't understand all the praise this video has. It barely helped, am I supposed to manually search every IP lol
Will defo use this as my network has been quite strange
What about something like GlassWire, where it is active 24/7 in the background?
A virus can’t hide 24/7 and will show up on the history.
If you like being a little bit more proactive, there's a feature for denying/allowing first time connection, too. It also scans on VirusTotal before it prompts you.
you can make the text bigger or drop resolution - only in HD res can anyone read the text on screen
If you have some issues to find the Malware.
Solution #1: Run Process Explorer, go to Options and check "Run at Logon". Also check "replace Taskmanager".
Solution #2: If u can't find the Malware, make fresh Windows install.
Very nice, well edited, good composure. You got a sub from me 👍
Thank you for this video. Unfortunately i won't be able to use it because my brain just can't take in this information with ease, at all, but I'm glad for everyone else this video helps!
Very good content, I learned a lot! Thank you!
I usually have encrypted backups on a separate disk but this is good knowledge to have. Some people don't want to wipe.
Amazing video! Never saw a content like this, very interesting and important! Thank you!
Didn’t watch it yet
But you get the like for being a hero
This video is priceless, thank you so much.
thank you for much for this video! and your server! every one was so helpful and I can finally have some peace of mind. thank you!
Microsoft wants your computer to end up cornholed.
I AM CORNHOLIO
these malwere requires internet to transfer data from your pc/laptop, if you open your resource monitor you can view your network activity, close your app that require internet and check which activity is running.
Hi, can you do a video on the largely fileless WMI Hijacking malware (using system service processes to appear legit)? I can't seem to do anything about it except remove some registry keys and remove some startup entries and .VBS scripts to no avail. Thanks, would be awesome!
WMI is fileless?
This should be mandatory to teach in high school. It boggles my mind how O was never taught any of this and told to simply mindlessly trust the security software.
I don't think anybody in school ever said to blindly trust the antivirus
My main concern is that I must look at multiple attachments for my work. We know that there are several phishing attacks/malware that come through. As it is a remote job, I work on my personal Laptop. I have Windows 11 Home. I had a bitch of a time trying to get VMware and Virtual box for my VM, which failed...and now, I successfully activated Sandboxie. I followed all of these instructions, but am afraid I may still be vulnerable. Do you have any suggestions?
yes so get norton
@@A-hill-music-productionsJesus Christ, no. Stay away from anything other than malwarebytes' products and windows defender.
@@flyingspaghetti bro noooo what makes u say that
Thanks dude this really helped me a lot I did the steps that's you did thanks man!
This is suspiciously on my recommendation
Do you have a link to the part 1 video that this video mentions? Or have I just missed it somewhere in the notes?
2:57 lol, you made me just involuntarily open task manager just to check my cpu/gpu load... hehe,
Now, i will continue to see your clip. 😁
P.S.: Can you please put the link to the previous clip in this topic in the description or as a comment? It is so hard to look for specific clip on yt than we sometimes abandon that. Usually i go for specific date, but searching to the whole channel just for a date is tremendous and a few people will do it.
Yours, is only 4 month old now, so is not hard to reach, but later on it will be harder and harder.
So, if you can, just put the link to previous clip and keep retention more.
Thanks!
In my case there is windows delivery optimization which randomly starts up and uses a lot of resources but it stops when I use my pc and again starts when I leave my pc idle
That's a legit Windows process, nothing to worry about.
@@zenkisaragi1551 yea I looked it up , windows telemetry 😂
@@Im_DJ basically built in spyware.
Great video! lots of info! Lots to follow. but good stuff. Thanks! Also, What is that on your wallpaper? I like it!
Its a bridge located at Elizabeth quay, in Perth, Western Australia
Is there a way to track how the malware ended up on your pc?
This is good, but omg I was looking all over the Process Explorer App for "TCP View", I even looked in the view menu but couldn't see it and then at the end when I seen you switch to it I realise it was another program hahaha!
This is one of the main reasons I switched to Linux. It's more secure and doesn't spy on you like Microsoft. I even switched my Mom's PC to Linux and she's doing fine on it since she mainly only uses the browser and doesn't install apps. I also got her a hardware firewall (Firewalla Purple) that I can use to monitor her network from anywhere using my phone. Now I feel more secure when using her PC when logging in to my online accounts. 😅
You can't get viruses if no useful software runs on your OS I guess
Problem for me is, i'm a gamer. And most games are for windows.
@@callumkristofer7793 bUt LiNuX hAs PrOtOn
Sadly, a few Linux distros "phone home" on a regular basis. Ubuntu, to name one very popular one.
Don't get too cocky though, no system is perfect and Linux absolutely can be pwned if someone cares enough. More easily so if you ever get a little on the lazy side with security updates or even better you simply get cocky that makes a basic social engineering attack so easy. Trust me on this I do a lot of penetration testing for a living, exploiting those that get cocky is as easy as exploiting the extremely dumb aka it's taking candy from a baby level stuff. While working I have to work hard not to let it be obvious how much my eyes light up when people seem to imply they are somehow immune because their system is so much better, I know my job just became infinitely easier.
Man, I wish there was a better option than Windows without losing access to so much of my game and software library and without having to spend a lot of extra time and effort on config and maintenance.
nice but was wondering if you restart your computer does it gonna relaunch again ? or it is completely removed
It is completely removed
man, thank you for making videos, very helpful
so the video is ready, but you force us to wait 45 hours, why?!!!
Cause of the live event.
@@pcsecuritychannel Oh okay, thank for replying!
I'm late to the party here. Thanks for once for the algorithm working. Preparing for a deep dive into your channel
Mate, last month my laptop’s cpu’s core 0 was 100% constantly, i was suspecting a virus, and after watching this, i believe it definitely was one, svhost was the one using the most cpu constantly. i didn’t find this video earlier, so i had to reset the entire laptop 2 times, before updating some drivers, then the virus is gone, it is so weird.
tbh, i feel like it might still be on the system, and i’ll try your methods, thank you
@@leonzspotg i had adware on my and i just formatted my drive and factory reset my pc and it went away
Thanks for making me more paranoid
So we know that this process is malicious, but how do we know which program (virus) does that? I mean if the virus/malware auto-run when you start your PC, you need to kill the malicious process everytime?
most likley so get norton and use the power eraser
Me, when some malicious software is installed: "Okay, my dear USB flash drive with windows installer, it is now your turn..."
Like seriously, I got caught with a miner that persisted in the system and was closing and crashing all of the healing stuff, task manager, browser whenever I was trying to google how to cure my pc from malwares, all that kind of stuff, so It was easier for me to just reinstall windows. I haven't lost any valuable data in particular, so i'm good.
Question: How does one actually report it?
Hi, great video. Would you please consider linking to the videos you reference in your videos? You say "in the previous video we did such and such" but it's hard to know what that video is. Thanks! Great work by the way!
Remember Outpost or LookOut? Pepperidge farm remembers.
Hahahaha!!!! Love that joke
Damn I noticed that one my laptops fan gets crazy after turning on, and suspiciously get quieter after I open the task manager, gonna have to take a look on thas one
The impression that i got was really amazing i finally got mine fixed by someone i suggest you send him a message request he can be of assistance to you
GRAYTECHZ
On Instagram
Killing the tree gets rid of them?
I had a problem with a bitcoiin miner about a year ago.
I noticed it was running my CPU insanely high for nothing. Used TM to suss it out and kill, but everytime I booted my PC, it kept coming back.
So basically, I just did a bunch of trail and error, referencing processes, scared out of my mind i'd accidentally delete my system32 folder or something stupid like that.
Turned out, the the process somehow got root level and I had to access my activation settings to figure out where it was really coming from, since the file came back whenever I rebooted. Once I killed the boot process, I was able to kill the process and finally delete the source file.
Felt like a super hacker at the time, but man, I coulda made it much easier, apparently.
ok, but I still don't know if I'm hacked.
yes, i am grateful to tell them telling my ip password cuz i frequently forget
Great tutorial - But what I am missing here is how you determined that it was a threat and will the tool help in color-coding these threats so they can be visually ID'ed? My list of processes is very long and from the Icons I can determine what, but without some kind of indication I am afraid it is hard to identify - Can you also tell me where I can download the graphical toll "United Graph"...Please advise, Thanks!
Wonderful! Great job and thankyou very much!❤
One big question I have is, how do we make sure we don't get this crypto miner on our pc? How does it even get in your pc in the first place and how do we prevent it so that we won't have to do all this?
It comes from clicking on any random link without thinking or opening any email attachment. Sadly, in nearly 100% of cases, a PC infection comes from user interaction.
It can come from many different places. If you download a lot of files, especially user hosted torrents, you're more than likely getting a crypto miner with it.
People can also get into websites which aren't looked after much and replace download links with files of their own, so you may get what you're intending to download but you're also getting what some hacker has injected into the link.
An incredibly popular way to get crypto miners on systems is to make videos like "How to get infinite money in GTA Online" or whatever cheat for whatever game, because some clueless kid is probably going to click on every single link in the description and allow permissions for everything they download, then they're not going to notice that their mom's computer is running slower than it used to.
Great info, wish I had known this stuff years ago
Live workshop right after the video premiers, sign up here: discord.gg/tgeTFAqk?event=1003367587763208293
It comes outta the box this way
Please, do Norton 360 deluxe or premium with all protection features against malware.
Norton 😬😬😭
this has already been done
Norton is adware
I remember back in the days you could not remove this anti virus lol worst anti virus no idea how is this still alive
Interesting video but way over my head to be useful to me as an typical user.
Got Windows? It's hacked.
Not universally true. If you're computer illiterate and you have windows it's more likely, not guaranteed.
Went to look at this out of curiosity. CPU was on 100% when I opened Task Manager, and began to speed downwards rapidly until it was around 31%
That's normal
...based on your username, you're fine. Your computer is not infected. Leave it alone.
You'd deserve it anyways.
@@TheGribbleNator ah yes that was very warranted of you wasn't it?
@@Serasugee I feel intensely justified.