Weird sketchy link, .exe download as .msix, windows defender flagging it? How do people fall for this actually... Even without the windows defender thing those are 2 obvious red flags
You can search 7-zip and sometimes these fake sites will show up first (as an advertisement). Some people disable defender for "fps gains" in games. Totally possible to fall for it.
One thing is that for some reason, Igor "doesn't like" the security feature in Windows that marks files as "from the Internet" when you download them and has that feature off by default when you install 7zip. So basically, extracted files from zips are under less scrutiny when they're initially ran because that features off by default. May be worth a peek.
It is unusual, but I also find many security "features" annoying, as in they only seem to get in the way, so I end up turning them off. Usually I don't advise others to turn them off, as I know why they exist for the average user, but there are valid reasons to not like them.
You say that there's no legitimately reason for a remote software should be installed discreetly but in the corporate world we deploy remote software via GPO all the time which uses the silent install options so the remote control software can be deployed without interrupting the end user. So yes there are legitimate reasons for a silent install option for installing remote software, it's just that a lot of malwares are abusing the free ones that's out there.
It's great that you're trying to improve your video production quality, but I'm watching videos either on a tiny phone screen or a set-up that's at least 10 years old, so I will never be able to appreciate your efforts. I also don't know how much text on the screen really benefits from being in 4k. Maybe now you can have some lovely wallpapers! ^^
I work with Net Support at work, and it is real software, and I don't know how they managed to get a licence, as you pay per machine, and they also ask questions about your use case when you sign up
Net support manager is a legitimate vendor, they support including their remote software as a part of other products, specifically a remote support component. So generally the main product is what is actively installed, and NetSupport is installed as a component of that program, rather than announcing itself.
I had a neighbor that couldn't help but to click on just about anything that popped up on his laptop while surfing. Needless to say his setup was constantly infected with something to the point of having to reinstall windows. I did this for him a handful of times. 😂 He never learned. The goofiest infection was a fake blue screen that was instructing him to call or goto some site for assistance. He didn't know he could just alt-tab out of it.
@@awesomeguysuncle I had a neighbor that couldn't help but to click on just about anything that popped up on his laptop while surfing. Needless to say his setup was constantly infected with something to the point of having to reinstall windows. I did this for him a handful of times. 😂 He never learned. The goofiest infection was a fake blue screen that was instructing him to call or goto some site for assistance. He didn't know he could just alt-tab out of it.
@@InsomioticI’ve tried and got malicious warnings from the official distribution places. So not sure.. I don’t trust it myself. The 2010 one comes up clean, but the rest aren’t. One of the recent releases was so bad it caused the VM to shut off. So idk
I would definitely wanna see how you made your setup, it'd be big help to have natively running vm that I can use for old games without using a vm app or such
Is there any way to set up a live "command and control center" to control a dummy computer and show an example of what the attackers could do? Sort of like Danooct1 with his Blaster worm video involving separate PCs. I'm really curious.
Yeah , would be cool to see video about how you set up such powerful VM . I'm previously tried to set up VirtualBox and VMware , but i always got lost in guides at some point .
If you had worked in IT you'd understand why we need to install RMM tools discreetely as it needs to be easy to push out with a script for remote support (when migrating from one vendor to another, or if you are pushing out tools through Intune environments, etc,etc...). If it can be done easily with a script it means less disruption as businesses with hundreds to thousands of users and PCs will make it impossible for IT firms to actually push out software in a timely manner. You can't trust users to press 3 buttons and they will complain and bitch if it's not an easy or unattended install. Yes this tool is being used maliciously, and a lot of legitimate RMM tools are being used maliciously (screenconnect, atera recently). But unfortunately, that is how it is. Criminals will do whatever they can do steal data and make money.
Same thing happened with ghost spectre window iso. 7zip was having unusual background activity. Also there was powershell running all the time. Ghost spectre's windows isos are not safe.
That's the thing. Ghost Spectre (or rather: any other "optimized" windows distro for gamers) disable a TON of security features, including UAC. An admin account permanently runs with admin-privs and access to every (former) protected filepath, file, network, etc. Ofc they can run malicious stuff in the back - aside from the bloat they added, which ruins the whole point of a debloated Windows.
Oh "Download 7-Zip for another Windows platforms" is a typo on the real page. (Should be "other" instead of "another", or "platform" instead of "platforms"). I thought the grammar error was a sign of the page being fake 😅
@@zyxwv btw i did a full scan it scanned 3million files it said it had 1 threat which are unwanted apps and onedrive file recovery thats all it had in protection history
@@HazelHerger yes, you can but you will need a special script that will disable your gpu's drivers on the host os. And to return to using it, you will likely need to reboot.
Yikes! This scared me. It's scary that this is a thing. Anyone could fall for that. The link of the download website is the only giveaway for an unsuspecting user.
Please make a video on how to debloat windows 11 and set it up for a VM, removing all the crap that is, of course, not useful at all on a VM! Because the system you have here looks *very* clean!
I will talk about it in the hone video (I also made one on gaming isos), but my general view is debloating is a waste of time that can introduce security & reliability issues. My VMs use LTSC releases, which contain less bloat than retail ones.
I've found through using Windows without Explorer exe running, that alot of that bloat goes away. Makes it kind of easier to find the other offenders at that point in the ram usage department, force them to stop, and then if you really need explorer for any reason, restart it through run command. I'll turn it off for some older games, that just seem to not like having it running. If you have any games that don't seem to want to run reliably and crash to desktop often or even blue screen for no apparent reason, give it a try. Just pre-open any applications you want open before ending the process for explorer exe. Then alt tab to cycle through them when needed. Fair heads up though, your volume control goes bye bye with it. So set that stuff in advance too. A bit of a proces I admit, but some of those games I play go from being a 30-60 minute mess of trying to get them to not crash, to running basically flawlessly for hours on end. Some crashes still, but far less by comparison. Dungeon Siege is a good example for this, as is Dragon Age Origins.
That fake site looks legit all but the link address and download file type, if I'm looking at it right. Also Windows 11 can handle 7zip, zip, rar, tar and such by default now, so 7zip is really only useful for passcoded archives unless windows can open those as well. Do like your vids showing how to see what malware does! I think you should do a video maybe on finding malware already on a machine like you did with this but as a tutorial for general use.
Yeah, when you use windows and you use search engines to find a website from which to download your software and you disable protection and you accept everything without reading, there really is a chance you get the wrong software installed. Who knew?! If it was a well poisoning attack on the open-source repository by adding a dependency to the software which contains a RAT then the thumbnail would make sense.
god, I was so scared this was about the actual 7-Zip
Same I like this guy's content but this felt click baity this is just your basic phishing/scam link
@@Chowder908dude clickbaited us hard 😂 f this dude
Literally says fake 7zip@@Chowder908
@@Chowder908 Since they removed the dislike counter to the public, I rely on good folks like you to help me not waste my time. Thanks.
Yeah, clickbaiting on cybersec issues is kind of not okay. It creates alarm fatigue.
God I almost had a heart attack looking at that thumbnail and first 10 seconds of video
his thumbnails are all clickbait like that, the videos themselves are boring
@@andreww8055 agree thumbnails are clickbait, disagree that videos are boring!
@@andreww8055 instant downvote
@@andreww8055 it's the meta to clickbait I suppose
use dearrow
Weird sketchy link, .exe download as .msix, windows defender flagging it? How do people fall for this actually... Even without the windows defender thing those are 2 obvious red flags
msix is the "future" install format for windows.
You can search 7-zip and sometimes these fake sites will show up first (as an advertisement). Some people disable defender for "fps gains" in games. Totally possible to fall for it.
@@EricParker Any reason why?
@@xenomorphisisdilage472 My guess would be Microsoft wants people centralized to Windows Store for marketing and "research"
Dumb people like my dad would fall for this because they literally dont know how to use their brains to think 🥲
One thing is that for some reason, Igor "doesn't like" the security feature in Windows that marks files as "from the Internet" when you download them and has that feature off by default when you install 7zip. So basically, extracted files from zips are under less scrutiny when they're initially ran because that features off by default. May be worth a peek.
It is unusual, but I also find many security "features" annoying, as in they only seem to get in the way, so I end up turning them off. Usually I don't advise others to turn them off, as I know why they exist for the average user, but there are valid reasons to not like them.
As in it's very likely Igor simply finds this feature annoying to him personally.
Congratulations on getting the VFIO gpu passthrough to work Eric!
Wake up everyone eric uploaded
@@Mat-e6s 🤣
Thanks
everyone single time he uploads i cheer in happiness
seen this joke abt 50 times already
me when it's 6PM
imagine a guy opening his rat seeing your desktop LoL
Aaand we keep telling computer newbies to watch out for fake websites...
It is after all one of the main causes for cybercrimes, not having a little scrutiny with the links you go to
i thought you were talking about the ACTUAL 7-zip for a second
nearly had 90 heart attacks
i have a rat in my walls too
Thanks for the free honme Honme
I am in your walls too
You say that there's no legitimately reason for a remote software should be installed discreetly but in the corporate world we deploy remote software via GPO all the time which uses the silent install options so the remote control software can be deployed without interrupting the end user. So yes there are legitimate reasons for a silent install option for installing remote software, it's just that a lot of malwares are abusing the free ones that's out there.
Congrats for the new hardware
It's great that you're trying to improve your video production quality, but I'm watching videos either on a tiny phone screen or a set-up that's at least 10 years old, so I will never be able to appreciate your efforts. I also don't know how much text on the screen really benefits from being in 4k. Maybe now you can have some lovely wallpapers! ^^
I saw it just fine
I work with Net Support at work, and it is real software, and I don't know how they managed to get a licence, as you pay per machine, and they also ask questions about your use case when you sign up
Could just be a cracked version?
POV: The Ratter is watching you mutulating his program:
my jaw dropped and i thought "7ZIP DID WHAT???"
That company name is Finnish, oddly enough. Properly formatted too with the Oy and all.
Was thinking the same, looked up the company and it did look like a legit tech company.
paws at eric
:3
pedos
:3
:3
:3
Looking glass B7 is worth trying if you're using B6, B7 is an entirely different program but has its issues with Wayland explicit sync on the host
Net support manager is a legitimate vendor, they support including their remote software as a part of other products, specifically a remote support component. So generally the main product is what is actively installed, and NetSupport is installed as a component of that program, rather than announcing itself.
could you turn up the scale?
it males wayyy easier to see on mobile or just small monitors ~w~
interesting how this only got suggested to me after i was suspicious of old files.......
Ah 7rat I saw this going around and God it makes installing from command line so much better every day
Linux users trying to hack the matrix to install 7zip
@@theultimatetrashman887sudo pacman -S p7zip unrar
@@theultimatetrashman887 me when pacman -S 7-zip
@@theultimatetrashman887can I stop seeing you everywhere please
@@theultimatetrashman887Windows can use package managers as well. I use scoop to install 7-zip.
I had a neighbor that couldn't help but to click on just about anything that popped up on his laptop while surfing. Needless to say his setup was constantly infected with something to the point of having to reinstall windows. I did this for him a handful of times. 😂 He never learned. The goofiest infection was a fake blue screen that was instructing him to call or goto some site for assistance. He didn't know he could just alt-tab out of it.
Talk about bad notifications, this has been uploaded for about a week and I just got the upload notification literally an hour ago for this
I got no sound, can someone tell me is 7zip a virus cos I'm scared now!
From the real site it totally safe
It's not a virus unless you downloaded from the fake site.
@@EricParkerThe downside of clickbait
@@awesomeguysuncle I had a neighbor that couldn't help but to click on just about anything that popped up on his laptop while surfing. Needless to say his setup was constantly infected with something to the point of having to reinstall windows. I did this for him a handful of times. 😂 He never learned. The goofiest infection was a fake blue screen that was instructing him to call or goto some site for assistance. He didn't know he could just alt-tab out of it.
@@InsomioticI’ve tried and got malicious warnings from the official distribution places. So not sure.. I don’t trust it myself. The 2010 one comes up clean, but the rest aren’t. One of the recent releases was so bad it caused the VM to shut off. So idk
I would definitely wanna see how you made your setup, it'd be big help to have natively running vm that I can use for old games without using a vm app or such
Is there any way to set up a live "command and control center" to control a dummy computer and show an example of what the attackers could do? Sort of like Danooct1 with his Blaster worm video involving separate PCs. I'm really curious.
Why did i thought it was about a guitar pedal 😭😭
Yeah , would be cool to see video about how you set up such powerful VM .
I'm previously tried to set up VirtualBox and VMware , but i always got lost in guides at some point .
The resolution is beautiful.
If you had worked in IT you'd understand why we need to install RMM tools discreetely as it needs to be easy to push out with a script for remote support (when migrating from one vendor to another, or if you are pushing out tools through Intune environments, etc,etc...). If it can be done easily with a script it means less disruption as businesses with hundreds to thousands of users and PCs will make it impossible for IT firms to actually push out software in a timely manner.
You can't trust users to press 3 buttons and they will complain and bitch if it's not an easy or unattended install.
Yes this tool is being used maliciously, and a lot of legitimate RMM tools are being used maliciously (screenconnect, atera recently). But unfortunately, that is how it is. Criminals will do whatever they can do steal data and make money.
Same thing happened with ghost spectre window iso. 7zip was having unusual background activity. Also there was powershell running all the time. Ghost spectre's windows isos are not safe.
That's the thing. Ghost Spectre (or rather: any other "optimized" windows distro for gamers) disable a TON of security features, including UAC. An admin account permanently runs with admin-privs and access to every (former) protected filepath, file, network, etc. Ofc they can run malicious stuff in the back - aside from the bloat they added, which ruins the whole point of a debloated Windows.
Ha! Got samr graphic card... good video. Shows vividly how crucial is proper &running patch management in your enterprise...cheers
Could we get a tutorial on that Single PC (Dual Recording Setup) Hardware
perfect thumbnail
Thanks man for your efforts, keep up.
I was going to ask for a setup video haha
This only applies to new installs of 7zip right? Not some type of exploit, I'm safe if I already downloaded it right?
it’s not the real 7zip application, it’s fake. if you download the real 7zip (either later or now) you’ll be fine.
This is a fake site dupe made to rat people, it has nothing to do with the official 7zip website.
its a fake site, its safe if its from the real one
Hownis this fake installer getting past SHA256 checks and manifest signature checks?
hey eric, quick question, i'm thinking about becoming a cybersecurity agen/hacker as my profession. how should i go about this?
Keylogger i think
Thanks for showing that tool Binary Ninja.
Oh "Download 7-Zip for another Windows platforms" is a typo on the real page. (Should be "other" instead of "another", or "platform" instead of "platforms"). I thought the grammar error was a sign of the page being fake 😅
How do i know if i have a banking trojan i downloaded something and someone told me its a banking trojan could you tell me how to know?
virus scan, what did you download
@@zyxwv i downloaded a launcher msi and then in that launcher i downloaded a game so you could say msi
@@zyxwv btw i did a full scan it scanned 3million files it said it had 1 threat which are unwanted apps and onedrive file recovery thats all it had in protection history
@@zyxwv and also if i reset my whole pc so like everything is gone will the trojan go away?
What happened to the astoflo client video?
Not related but is Resource Hacker also malware?
Not if you download it from the official site.
why does your vm have more storage than my laptop
if you had a pascal main before im sorry to inform you but you could use looking glass vm with single gpu
its called nvidia VGPU you could have heard of vgpu unlocking
@@HazelHerger yes, you can but you will need a special script that will disable your gpu's drivers on the host os. And to return to using it, you will likely need to reboot.
Yikes! This scared me.
It's scary that this is a thing. Anyone could fall for that. The link of the download website is the only giveaway for an unsuspecting user.
Ok, so Fitgirl is safe until he says something.
I personally haven't had any issues (I watched my traffic with proxifier when I used windows)
LETS GO! We get to watch another masterpiece of art! I am happy :)
Bro I love the way you say bye, also I am watching ur subscriber count skyrocket holly..
Please make a video on how to debloat windows 11 and set it up for a VM, removing all the crap that is, of course, not useful at all on a VM! Because the system you have here looks *very* clean!
I will talk about it in the hone video (I also made one on gaming isos), but my general view is debloating is a waste of time that can introduce security & reliability issues. My VMs use LTSC releases, which contain less bloat than retail ones.
@@EricParkerok, cool! thanks
when windows happily eats more memory on the same scale no matter how much memory you have 8gig
I've found through using Windows without Explorer exe running, that alot of that bloat goes away. Makes it kind of easier to find the other offenders at that point in the ram usage department, force them to stop, and then if you really need explorer for any reason, restart it through run command.
I'll turn it off for some older games, that just seem to not like having it running. If you have any games that don't seem to want to run reliably and crash to desktop often or even blue screen for no apparent reason, give it a try. Just pre-open any applications you want open before ending the process for explorer exe. Then alt tab to cycle through them when needed. Fair heads up though, your volume control goes bye bye with it. So set that stuff in advance too. A bit of a proces I admit, but some of those games I play go from being a 30-60 minute mess of trying to get them to not crash, to running basically flawlessly for hours on end. Some crashes still, but far less by comparison. Dungeon Siege is a good example for this, as is Dragon Age Origins.
PCI pass through, just don't run any malware that flashes your video cards firmware with some dodgy code xD
nice quality my guy eric finnaly got the stuff
VFIO GPU Passthrough = Safe to run Malware?
1:13 MI6??? Was that a Freudian slip?
That rat is real software... our school uses it and it has terrible security...
Which vm did you used?
Virtualbox or WindowsVM?
@@riufq he uses KVM with GPU passthrough and looking glass for view.
Looking-Glass -|- I see you're a man of culture as well.
that thumbnail is stupid, thanks for scaring me while i was not home at my pc making me think i use malware almost daily.
jesus i thought you're talking about the real 7zip
wait i downloaded this what do i do
thank you Eric Parker we love you ^_^
is downloading software from F95zone or Skidrow safe?
Let's all love eric!
I wonder if there is a fake winRAR out there
Great quality!
That fake site looks legit all but the link address and download file type, if I'm looking at it right. Also Windows 11 can handle 7zip, zip, rar, tar and such by default now, so 7zip is really only useful for passcoded archives unless windows can open those as well. Do like your vids showing how to see what malware does! I think you should do a video maybe on finding malware already on a machine like you did with this but as a tutorial for general use.
now i know how rat can work, thank you very much!
is the VM Windows 11 LTSC?
Yes yes yes malware analysis ! Thanks !
What do you use for your vms
Hello, please upload a video if you launch a virus through PortProton (steam proton outside steam) what can it do to Linux?
I'm hoping they were watching what you were doing on that VM because it'd be really funny..
can u make a video for the vm setup with gpu integration?
1:35 i think you could do that with the sethc exploit
4:25 Do you really need 64Gb of ram to run a small rat on a VM? My PC has half of it
Wait it's not even a VM!? 😮
Yeah, when you use windows and you use search engines to find a website from which to download your software and you disable protection and you accept everything without reading, there really is a chance you get the wrong software installed. Who knew?!
If it was a well poisoning attack on the open-source repository by adding a dependency to the software which contains a RAT then the thumbnail would make sense.
Does Watacac = RAT?
also i downloaded kaspersky then downloaded process hacker and it gets detected alot
Please Show us how to play games from fit girl and dodi using windows vm , no vids about it
Fit-girl repack 😂
Thank you sir for your videos
can you please do a VPN called HMA , I think there is a rat on it .
Please eric upload a setup video i really need it😊 thanks
Shame on you for the misleading thumbnail
Clickbait Thumbnail make me Peed my pant
Psudo-Cluckbait
can you use windows 10 in the next video?
clock bait!
Rat are this capain on fake website?
i fking love your videos, keep it up
Wtf i was about to uninstall 7-zip
It is need for future. Only things from the big brother is ok. Orwell84
clickbait security scare thumbnail = immediate downvote
can u make video about gameloop
Just use winget