How to tell if your PC is Hacked? Process Forensics

  Рет қаралды 488,847

The PC Security Channel

The PC Security Channel

Күн бұрын

Procmon is a powerful forensic tool and part of the sysinternals suite that can help you monitor almost any activity on your system. In this forensics tutorial we will look at an infected Windows 11 VM using Process Monitor. learn.microsoft.com/en-us/sys.... Invest in blue-chip art with Masterworks (sponsor): www.masterworks.art/pcsecurity
Purchase shares in great masterpieces from artists like Pablo Picasso, Banksy, Andy Warhol, and more. See important Masterworks disclosures: www.masterworks.com/cd
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact

Пікірлер: 429
@lobotomizedamericans
@lobotomizedamericans 11 ай бұрын
This piece of software is invaluable. I've used it from everything in terms of malware scanning/detection/analysis to assisting in cracking a piece of software to determining why a cracked game would refused to load (turns out it was literally missing 5 or 6 "maps", which was causing the game to crash-on-load. Fantastico.
@ViroRads
@ViroRads 11 ай бұрын
More often than not my games dont work cause missing Dlls, it felt like a chore having to reinstall both x64 and x86 runtimes and DirectX updates just for them to work.
@Krazy0
@Krazy0 11 ай бұрын
@@ViroRads A disappointing truth about dependencies.
@lobotomizedamericans
@lobotomizedamericans 11 ай бұрын
@@it1970 that's why I love 'em so much. ;)
@Krazy0
@Krazy0 11 ай бұрын
@@it1970 Not, but somewhat on the top of the most effective ways to distribute.
@dennisaleander5175
@dennisaleander5175 11 ай бұрын
@@it1970Thats why it’s best to buy cd keys as a pirate.
@bluesky2145
@bluesky2145 11 ай бұрын
Interesting video but after watching it I still have no idea how to tell what's bad and what's good. How about doing a video detail how to tell if something bad is happening compared to something good.
@rexheters6717
@rexheters6717 11 ай бұрын
This
@kuromiLayfe
@kuromiLayfe 11 ай бұрын
exactly… the video is just showing exactly what is directly written on the tools main page … how could he tell the Sihost process was phishy ? as it literally is also a regular windows process normally
@Xuzyy
@Xuzyy 11 ай бұрын
I suggest google anything that you think its strange, and you might be lucky.
@kuromiLayfe
@kuromiLayfe 11 ай бұрын
@@Xuzyy and that is how i ended up deleting system files necessary to show windows login after boot. windows booted but no possibility to login or access any command line tools/interfaces even in safe mode
@redeemer665
@redeemer665 11 ай бұрын
@@kuromiLayfe do you have any other boot disk and/or separate computer where you could copy those deleted files from? After booting to a command prompt and mounting your system disk, you could copy those files over. Actually it's easier to remove the drive altogether and connect it to another computer to do all that.
@myriadcorp
@myriadcorp 11 ай бұрын
I may as well be looking at Chinese writing because I don't know what those logs are. This is obviously something for advanced users who can recognize something is wrong.
@chrise.9316
@chrise.9316 11 ай бұрын
In part that's true. It's up to you how much knowledge you want to learn and have deep you want to go. I can say this video shows some things that were on my system like 5 years ago that nobody believed to me. And I'm just a normal person who is learning this by myself. Talk about getting exhausted frustrated and even just discouraged. But I will say this channel is amazing and what he says and talks about is very practical. And I appreciate the fact that I don't feel like I'm wasting his time. even though he wants to do this. This is my perspective. Hey instead of looking at Chinese getting ready trying to read this out loud lol. I do have something tattooed on my arm that is in Chinese.
@7kortos7
@7kortos7 10 ай бұрын
i agree, this video was only partially informative. i'd have also liked to of seen the FIX of a virus using this method. this video might as well of been "here's the tool, look how neat, right? video over"
@hiatus9148
@hiatus9148 11 ай бұрын
I'd really love if you'd do another Antivirus tier list. It's been a few years since your last one and I'm interested to see if anything has changed between the rankings. Great videos as always!
@Crazy--Clown
@Crazy--Clown 11 ай бұрын
Most of them are a Virus Lol
@doesitmatter3642
@doesitmatter3642 10 ай бұрын
I'm a complete neophyte at this stuff and your explanation was really clear and easy to follow. I even tried checking my own system with this and could understand what I was looking at a little bit at least. Thank you!
@nickdixon3536
@nickdixon3536 11 ай бұрын
Excellent video! I'd love to see more forensic videos like this. Cheers!
@NightShooter87
@NightShooter87 10 ай бұрын
It's not a forensics tool. It's a monitoring tool. This word forensics, gets thrown around with people in security, it's not. Forensics is analysis of devices, with the strictest protocols, like any forensics, that evidence then goes either goes to court, or if there's no evidence, a case is dropped. Cybersecurity pre-crime, Digital/Cyber Forensics post-crime.
@merk5789
@merk5789 11 ай бұрын
Shouldve went in more detail on how you can detect something fishy from something normal. The way I see it, I have to look up every IP, .dll and what else to see if something is off.
@IvanOoze1990
@IvanOoze1990 11 ай бұрын
I know right.
@chrise.9316
@chrise.9316 11 ай бұрын
Well he could have done that but it's very hard to do unfortunately and I'm not trying to discourage or not what you're asking. You can even type in Google like copy and paste a whole line of code and type in what is this. So an example for me is my router will just drop randomly for like 3 or 4 So what I did was I copied it into note pad. In Google I would type in my router, what is a normal fog look like. Or an example of a normal log. And then I would copy and paste that into another notepad and then look at the two. Now what I found out was it's not my problem it was actually spectrums and they needed to replace cable that they're never going to do. I'll read the comments section. a lot of the times. through the Trials of others, it has helped me. you'll get it. just stick with it. Be patient with yourself too.
@DBreeazyy
@DBreeazyy 8 ай бұрын
@@chrise.9316 ayo whut? I been dropping on discord lately and it better dang not be because of spectrum😂
@tezlol2255
@tezlol2255 11 ай бұрын
Thank you so much for making this!
@int_pro
@int_pro 11 ай бұрын
Super helpful vid! Thanks buddy!!
@chrisbowring4298
@chrisbowring4298 11 ай бұрын
Excellent informative narrative! Look forward too much more! Thank you!
@asas-tech
@asas-tech 11 ай бұрын
Process Monitor is a great tool! It's been really helpful in tracking down some issues 👍
@christopherchilton-smith6482
@christopherchilton-smith6482 11 ай бұрын
Holy crap, this would've been super useful like 3 months ago. Definitely saving this video.
@welovfree
@welovfree 11 ай бұрын
Great stuff as always, please more stuff like these.
@patrickarmstrong8908
@patrickarmstrong8908 11 ай бұрын
Great overview of the process monitor. Thanks for that. Great tool. But the title of this video is "how to tell if your PC is hacked" How about a video on that? Like what processes to look out for, examples of how to find known hacks, etc.
@itenthusiast5988
@itenthusiast5988 9 ай бұрын
Yes yes yes love to see more such videos. Always been a fan of process explorer, but badly need of something like this but never knew sysinternals had it in the name called process monitor. Thank you🎉 thanks a lot. Love you ❤
@GaryofNivea
@GaryofNivea 10 ай бұрын
Very informative, please do make more of these
@hardwin82
@hardwin82 11 ай бұрын
great video. could you make one with more examples about this program
@deepurangarajan8696
@deepurangarajan8696 11 ай бұрын
I have to see this video many times to understand. Very good tutorial. Really good 👋
@serfraust
@serfraust 11 ай бұрын
This video barely scratches the surface without really going over anything, aside from filters. What would have been more beneficial for viewers would be to show them how to quickly filter out genuine Windows activity and to later filter what the user knows is safe. You're then left with a list of potential candidates for the problems you're experiencing. As it stands, this video just says people "yeah this exists, good luck."
@adamgarlow5347
@adamgarlow5347 8 ай бұрын
this helped me find things i didn't know i had (or still had) that were regularly phoning home. much appreciated.
@unknown_gaming4209
@unknown_gaming4209 11 ай бұрын
Thanks for the tool gonna have to get to know it and use it more.
@ownmicelio
@ownmicelio 11 ай бұрын
Really nice tool, thank you for the info!!!
@r.e.d2016
@r.e.d2016 11 ай бұрын
I watching you since 2020 great videos keep it up bro
@anti-h2894
@anti-h2894 9 ай бұрын
They way how you talk is amazing, my mother tongue is spanish and it's a bit diffcult to me to understand videos with english audio, but I understood everything very clean from you, thank you for your nice job.
@3lH4ck3rC0mf0r7
@3lH4ck3rC0mf0r7 11 ай бұрын
Malware usually injects itself into Windows components to make it tougher to recognize, which is why many of the processes performing unusual malicious activity here actually belong to Windows. You'll find these processes in every Windows installation, and _don't_ exhibit anything resembling the abnormal behavior showcased in this video unless infected (at least, by Microsoft standards. Windows doesn't need any spyware to perform a lot of questionable telemetry after all, but this video shows even more junk than usual). This is a nice way to figure out if a system is infected, but it takes a lot more to actually track down the source malware. I personally use Process Monitor a lot more often to figure out some of the inner workings of software, and even Windows itself. Track down the files and registry keys discrete Windows features and apps need to work properly, as a last-ditch effort in order to fix the more awful kind of registry and install corruption bugs when all easier repair options fail, and they show their ugly face just often enough in our line of repair work to be a major PITA. I'm talking the kind of issues that have no documented fix anywhere on the Internet, meaning they would otherwise require a full Windows reinstall to get rid of, and can range from mildly annoying to total showstopper as they can prevent essential user programs and Windows features from functioning altogether. As I'm not a security researcher, I just rely on AVs to do all the detection work for me, and only attempt a manual checkup as a last resort, if multiple different AVs and even rescue liveCDs all fail to detect any malware on a system that is still definitely, actively misbehaving. I once caught and manually deleted a cryptominer trojan that way. It faked the Task Manager GPU percentage and even the framerate numbers of games, but couldn't inject iself into Windows processes (it just showed up on Task Manager as a standalone process), and was installed inside AppData. Either way, when even lightweight games believe they're running at 60fps and only actually presenting at like 10, you know something is going horribly wrong. I still have the suspicion the bad performance metrics might've been more of an NVIDIA driver bug, and not actually a feature of the malware. Chances are it doesn't matter anymore with the hundreds of updates to Windows and the GPU drivers since that infection happened.
@chrise.9316
@chrise.9316 11 ай бұрын
thanks for this.
@sloatch5361
@sloatch5361 9 ай бұрын
Kindly share more videos regarding this tool, seems so complicated and full of info
@kandym3478
@kandym3478 11 ай бұрын
I really liked this video, please make more like these :)
@BlueBearOne
@BlueBearOne 4 ай бұрын
Nice video. Thanks!
@BsktImp
@BsktImp 11 ай бұрын
Very powerful! What data (if any) does Procmon collect and send back to Winternals?
@chrise.9316
@chrise.9316 11 ай бұрын
Have you looked this up? are you asking about a future video, just curious. I did Google search and there's quite a bit of information. either way great question.
@blackorcshagrat8587
@blackorcshagrat8587 11 ай бұрын
Neat! My only issue is that I'm not sure an average computer user would necessarily recognize all the programs Process Monitor shows. Wonder if it could be too easy to mistake some program's actions as an active malware.
@user-dt6pk3zp9m
@user-dt6pk3zp9m 11 ай бұрын
pretty sure i did that a lot back when i was playing wow in high school. would task manager end task on a lot of dependent little programs then my main programs would be super buggy. learned to leave it alone lol.
@nightmarerex2035
@nightmarerex2035 11 ай бұрын
i know stepfather would DELETE ANYTHING he "diddent know what it was" so had to hide the existance of the C drive on him and had to lie that deleting the icon deletes the whole program or else he would went around wiping stuff out to then get bricked and need cosntant reinstall.
@blackorcshagrat8587
@blackorcshagrat8587 11 ай бұрын
@@nightmarerex2035 I guess that can indeed be a problem with some people. I admit, I don't have a clue how much one should actually know about computers and computer software.
@masteroak9724
@masteroak9724 11 ай бұрын
I've used to be paranoid with these, took me quite some time and I guess some of my own health to get past that point. I've used to think someone somewhere could decide to target my machine and there would be nothing I could do until it was too late and thus would be constantly overwatching every process to verify everything was alright. It was something like some people do with performance overlays in games and wouldn't be able to have fun because they're paranoid with FPS and temps.
@chrise.9316
@chrise.9316 11 ай бұрын
Now I'm your 100% correct. it's hard when people want to ask, but as the internet is people are not very kind. I'm saying this in general. it's too much work to try to help or assist somebody. glad to see you have that insight and perspective and the awareness of others who may not get it.
@Randtiktok
@Randtiktok 11 ай бұрын
Useful, kinda complicated
@xAndrzej42
@xAndrzej42 9 ай бұрын
You can skip 90% of malware and stuff by simply choosing "ask before every download" option in your browser. It saved my pc so many times as suddenly something was trying to download but browser was asking me where I want it. Remaining 5% is windows defender which acts as a virus itself and 5% are backdoors in the system CPUs. That's basically all to it.
@AROAH
@AROAH 9 ай бұрын
>implying malware doesn’t generally spread via people downloading things willingly
@Noconstitutionfordemocrats1
@Noconstitutionfordemocrats1 9 ай бұрын
​@@AROAHI always download. Don't even read what it is. Must collect them all!
@clevertaco328
@clevertaco328 9 ай бұрын
This might help the casuals with amateur stuff, but even so, 90%? Nope, that number definitely came out your backside, pre wipe. Ok, little much, I know, just kidding, about the pre wipe part. 🙃
@4agewise120
@4agewise120 8 ай бұрын
🤣@@Noconstitutionfordemocrats1
@bbokgomu5422
@bbokgomu5422 7 ай бұрын
​@@Noconstitutionfordemocrats1ure awesome but dont do that please
@Bandana_Assault
@Bandana_Assault 11 ай бұрын
This software is a chef's kiss Thank you.
@JSmiththe5th
@JSmiththe5th 11 ай бұрын
This tool is great for gamers to find out the "save location" of a game. You pick the game process and filter to see what files are being created. I wonder, regarding the security features, would Task Manager's Processes tab be a quicker way of checking for any strange processes using the Network, for example, by sorting by Network?
@Bry.89
@Bry.89 10 ай бұрын
That's super useful actually, thanks.
@JSmiththe5th
@JSmiththe5th 10 ай бұрын
@@Bry.89 Glad it helps.
@Kiduk90
@Kiduk90 9 ай бұрын
Thanks for the advice. Im not as bright and found this amazingly useful to know!
@Alpha-ms9nj
@Alpha-ms9nj 11 ай бұрын
Thank you for sharing this and how to use it. Now I know how to start using this tool. This is why I like and subscribed to this channel.
@pvt.lucio.4173
@pvt.lucio.4173 11 ай бұрын
THANK YOU SO MUCH.
@shantanusapru
@shantanusapru 11 ай бұрын
Awesome video!!
@dmagic1one
@dmagic1one 10 ай бұрын
So I looked at a system that showed the same AMSI queries over and over like in the video. Nortons Power Erase didn't find anything beyond medium. What do you suggest?
@indrar1213
@indrar1213 9 ай бұрын
Very nice and informative
@acrius3043
@acrius3043 11 ай бұрын
I have a question for linux. So if a malware were to run on linux using an emulator would the malware even know what to look for if it was trying to steal info from the linux files or would it be limited because it’s a different environment. I’m new to linux and am trying to learn more about the platform.
@IvanOoze1990
@IvanOoze1990 11 ай бұрын
No OS is safe. Linux is like a false security, You're never safe.
@elismart13
@elismart13 9 ай бұрын
3:10 can anyone explain what Exactly was "suspicious" i mean I've bene trying to understand it for hours but differentiating between hack and or other is super hard for me so far, maybe its cause i don't have any but ye
@jjb0894
@jjb0894 11 ай бұрын
Even as a Mac user, I’m always super paranoid that I have some kind of zero day I’m not aware of.
@InternetSlavicMan
@InternetSlavicMan 11 ай бұрын
every piece of software has bugs waiting to be found
@int_pro
@int_pro 11 ай бұрын
"Macs don't get viruses" /s 😆 Yeah buddy I'm with you. Feel like we're flying blind on Mac.
@imseagull
@imseagull 11 ай бұрын
Same and I’m running Linux…
@redrush-hp9li
@redrush-hp9li 11 ай бұрын
​@@imseagullI'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX. Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
@purpose_is_empty
@purpose_is_empty 11 ай бұрын
For a random home user, it is very unlikely to encounter true zero day malware. And there are scanners and tools for macos as well. You could probably do a lot of this in the terminal somehow.
@grim.reaper
@grim.reaper 11 ай бұрын
This is very interesting. Is this data only accessible via the ProcMon? is there an interface Microsoft provides to access this pragmatically?
@machfiver753
@machfiver753 11 ай бұрын
Task manager is the equivalent Microsoft built in app but it pales in comparison as to the details and information it provides.
@igorthelight
@igorthelight 11 ай бұрын
ProcMon does that somehow so it's possible ;-)
@FlyboyHelosim
@FlyboyHelosim 11 ай бұрын
Bit of a moot point really considering the program is freely available, provided by Microsoft themselves, and is tiny in size. Just download it, put it in a folder somewhere, and create a shortcut to it. At that point it becomes transparent and you wouldn't even know it wasn't already a part of Windows. 🤷‍♂️
@true-dark-mind9681
@true-dark-mind9681 11 ай бұрын
@@FlyboyHelosim Indeed
@Ilovetobmx22
@Ilovetobmx22 11 ай бұрын
Would this be able to detect Port scans? My antivirus detecting them happening multiple times per day.
@msh6610
@msh6610 11 ай бұрын
It's been a must-have program since snoop-dos on my Amiga :) (Diddent need no filters there :D goodtmes :P)
@fabioamado6725
@fabioamado6725 11 ай бұрын
What an amazing video, thank you very much. Can you please make an equivalent video on Mac OS forensics? 😊
@Sci-Fi_Fan296
@Sci-Fi_Fan296 11 ай бұрын
I was thinking the same thing as a full-time mac user myself. Are there any equivalent mac options available?
@V4mpirella
@V4mpirella 10 ай бұрын
Im so curious now!!
@Bry.89
@Bry.89 10 ай бұрын
All I've learned is that Corsair iCue is basically malware lol.. constant network/telemetry stuff going on even if you have that option to send them data disabled. Closing icue reduced the amount of network events I was seeing drastically, and it actually seems to have improved game performance.
@bananacyclist
@bananacyclist 11 ай бұрын
Are there any solutions? I know nothing about these things but.... would it be possible to run linux from a DVD and have it load into ram so it runs at a decent speed? (if you have enough ram). ??
@vesrand
@vesrand 11 ай бұрын
You explained quite obvious things about this program (filters, autoscrolling etc). But I still dont get it how to tell if my PC is hacked. Need more examples please
@macblink
@macblink 11 ай бұрын
Good to know, gonna try it one day just in case
@Tygo69
@Tygo69 11 ай бұрын
There is an efi rootkit that bypasses this completely and is fully hidden, it basically patches a bunch of kernel stuff before pg is initialized. I don't remember exactly but the only way you could get rid of it is by reflashing bios and reinstalling windows. Problem being you'll never know you got infected.
@roguewasbanned4746
@roguewasbanned4746 11 ай бұрын
So what’s the point in worrying if it’s untraceable?
@Tygo69
@Tygo69 11 ай бұрын
@@roguewasbanned4746 your sessions, your passwords, your files etc can be stolen. They can do anything it's a rat hidden with kernel hooks and an uefi bootkit lol
@vladvah77
@vladvah77 11 ай бұрын
what's the malware name sir???
@alfonzo7822
@alfonzo7822 11 ай бұрын
This is a question I've asked someone before (in fact a few people). How to flash the bios when you only have access to an infected network? Pretty sure I have this rootkit but can't get rid of it with a clean reinstall, nothing is helping. I've no access to another computer out with my home (don't want to ask at work).
@Tygo69
@Tygo69 11 ай бұрын
@@vladvah77 a day after my comment it's source got leaked
@Meusde
@Meusde 11 ай бұрын
ty
@vjaykrishna3233
@vjaykrishna3233 11 ай бұрын
wonderful content❤
@_NoCommentaryGameplay
@_NoCommentaryGameplay 10 ай бұрын
When you say please like and share the like bars light up. that's a cool feature.
@masteroak9724
@masteroak9724 11 ай бұрын
Great tool, just take care to not get paranoid with these. I've had clients in the past before I became a developer who would think any svchost.exe would mean a malware, which is not the case.
@joesantaniello8709
@joesantaniello8709 10 ай бұрын
That's unfortunately why Malware uses it. The registry edits it does to query and fwd to temp/apps data and run .dll as far as most users see it's a ssys32 file running which most believe safe. I recently dealt with it, and I like to think I'm a halfway decent dev xD 😂
@lennix6
@lennix6 11 ай бұрын
This Tool is really powerful, but I have a question. If I detect a Process that's sending Data, can I stop it without killing the whole process?
@MixBoxgamesareourlife
@MixBoxgamesareourlife 10 ай бұрын
Hacker: I have your passwords in one place, look. *send me all my passwords* Me: Thanks I already forgot them.
@duckduckduckko
@duckduckduckko 11 ай бұрын
Hey, so I used it and im not at all a computer geek- so can you please tell me if MsMpEng.exe constantly locking and unlocking C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-shm, that, is a normal thing or not?? idk its weird
@purpose_is_empty
@purpose_is_empty 11 ай бұрын
That is the malware protection engine (aka Defender). So it makes sense for it to access this database or whatever it is in the defender folder.
@duckduckduckko
@duckduckduckko 11 ай бұрын
@@purpose_is_empty thank you a lot 😊
@zoiuduu
@zoiuduu 11 ай бұрын
i downloaded the suite, but there are so many .exes i think is over a 100, which one should i use?
@dave24-73
@dave24-73 11 ай бұрын
What we really need is a tool with checksums and whitelists so anything unusual shows up. Otherwise it’s like handing someone a phone book and say number starts with 555.
@chrise.9316
@chrise.9316 11 ай бұрын
You can find templates that are examples of what a normal log or systems log should look like. Also asking what is this and then copying and pasting like a line or two of code. it's help me out. that's a good idea and great suggestion. I would use that more than I ever did the phone book. lol
@heatherryan9820
@heatherryan9820 11 ай бұрын
That's really interesting. Is there an equivalent for Linux?
@Newtttton
@Newtttton 11 ай бұрын
is there a way to detect if a bitlocker mining is running undetected on a domain network?
@dancewithrain6161
@dancewithrain6161 10 ай бұрын
may i ask what is it runtime broker are? also is it normal if multiple runtime broker run at once?
@IceColdProfessional
@IceColdProfessional 8 ай бұрын
Man, you young boys have it made. Back in my day, we had to figure all this out reading 2600 Quarterly, text books, and sheer intuition messing around in the registry. Nowadays you boys have it all packaged up nice and neat in a video complete with slick graphics and color commentary. This combined with AI makes us old coding command line geezers obsolete.
@MaHeHRO
@MaHeHRO 11 ай бұрын
So you use F-Secure as your main antimalware software?
@bryanbelshaw7725
@bryanbelshaw7725 11 ай бұрын
Well that was as clear as mud really.
@blhtml
@blhtml 11 ай бұрын
thanks
@n-0-1
@n-0-1 11 ай бұрын
How do you know which domain a process should be connecting to if it is legitimate?
@mnh3571
@mnh3571 11 ай бұрын
My pc sometimes randomly open cmd and close it multiple times a day. Should i be worried
@lazafulanito6238
@lazafulanito6238 11 ай бұрын
x2
@Treemie
@Treemie 11 ай бұрын
Hey Leo, I just watched the Emsisoft Emergency Kit video 7 years ago, is that you?
@Chris-op7yt
@Chris-op7yt 11 ай бұрын
one thing i dislike about process monitor is how easy it is to confuse whether a switch is on or off. the hover help text is confusing as to whether the switch is enabled or is it instructing you to click it to get what hover help states. wish i could have a go at fixing these cosmetics in the UI
@christopherchilton-smith6482
@christopherchilton-smith6482 11 ай бұрын
I had some sort of maleware I couldn't seem to wipe with any anti-virus software, I kept getting a message demanding bitcoin. I decided to just system restore, only to find someone had managed to setup a bitlocker on my system. I just ended up wiping the whole thing and installing Linux.
@haroldflower8008
@haroldflower8008 11 ай бұрын
procmon is one of my favorite discoveries from my college courses. procxp is a close 2nd
@OryNce
@OryNce 11 ай бұрын
Hello everyone I have a question that concerns me Whenever I open HWINFO I see one or two of my cpu cores constantly at 80% to 90% usage even when barely no apps are running Does that indicates something dangerous or what's wrong exactly?
@tiagoferreira086
@tiagoferreira086 11 ай бұрын
Open task manager and see what processes are consuming most cpu, if you don't know what they are, just google them.
@Eternal_Tech
@Eternal_Tech 11 ай бұрын
I recommend opening the Windows Task Manager and sorting the CPU column in reverse order (to do this, click on the CPU column). This will show the processes with the greatest CPU usage at the top. This will allow you to easily see what processes are using the most CPU resources.
@antoniocalimero1173
@antoniocalimero1173 11 ай бұрын
Your PC is always hacked. With an update, for example, all your info goes to the manufacturer. That is why an update with a new PC is very fast and the same update with a used PC with the same spec. 10x slower.
@Always.Smarter
@Always.Smarter 11 ай бұрын
you forgot the "how" part
@mdzmzm
@mdzmzm 11 ай бұрын
How can you trust Armory Crate? Armory Crate has been exploited before, and hackers have managed to access all devices that have Armory Crate installed. The entire app is suspicious and plagued with bugs. I hope you can create a video about the activities that Armory Crate is performing in the background. Even ESET Antivirus is attempting to block some of its files, and VirusTotal has flagged the file as suspicious. Let's hope your computer wasn't already hacked.
@cctvx-nj4ii
@cctvx-nj4ii 4 ай бұрын
hey bro what does it mean lotta like really lot explorer.exe opertions somes are open some close and others read few registry keys, results are opening closing and no reparse point or invalid parameter. please need answer
@sayacee5813
@sayacee5813 9 ай бұрын
thanks for this
@billstecyk6466
@billstecyk6466 11 ай бұрын
Very interesting video. Many things I did not know.6
@nebsun
@nebsun 11 ай бұрын
Such great tools that MS owns, but for some reason are not included with the default OS install - yet they are so quick to add so much other bloat like news feeds, widgets, and other mostly useless apps.
@TheTubejunky
@TheTubejunky 11 ай бұрын
Wouldn't doubt if the TOOL has a backdoor for windows to run shadow updates in.
@nonamenoname1942
@nonamenoname1942 10 ай бұрын
@@TheTubejunky Is it??
@TheTubejunky
@TheTubejunky 10 ай бұрын
@@nonamenoname1942 Try loading it in to Virus total.... Then again who knows if they bypass those checkers.
@1s1601
@1s1601 9 ай бұрын
no he doesnt know what he is talking about dont worry about him @@nonamenoname1942
@noanyobiseniss7462
@noanyobiseniss7462 10 ай бұрын
tcpview as well.
@usertempeuqwer7576
@usertempeuqwer7576 11 ай бұрын
Can we have one video on Linux or Android please?
@OtherWorldExplorers
@OtherWorldExplorers 11 ай бұрын
For the next 3 hours I'm going to be staring at my feet Thanks for letting us know about the tool
@FlyboyHelosim
@FlyboyHelosim 11 ай бұрын
Why, are you bent over and taking one for the team? 😬😂
@vaisakhkm783
@vaisakhkm783 11 ай бұрын
Is there any similar thing for linux??
@Sucundea
@Sucundea 11 ай бұрын
congrats on 400 k
@jgvtc559
@jgvtc559 11 ай бұрын
Will breeches stay intruding even after completing deleting and reininstalling windows?
@tobiasreaper3873
@tobiasreaper3873 10 ай бұрын
unfortunately I've heard that nowadays there is malware out there which actually detects if you run a Process Exploring tool like Process Monitor and few other similar apps, it just stops/hides itself from the list when detects those were started.
@DBreeazyy
@DBreeazyy 8 ай бұрын
**Sets it open on Start-Up**🤣🤣
@drmatarkin2100
@drmatarkin2100 8 ай бұрын
Where do we go from here though. If I find something that shouldn’t be happening, what is the course of action? And where can I find out where it came from?
@UZAMAA
@UZAMAA 11 ай бұрын
Very interesting contents,can you make a video about how to get rid of remote control using kali linux by preventing hacker from accessing the pc or laptop,since the antivirus can't detect the malware
@dha12oks
@dha12oks 11 ай бұрын
Early congratulations on 400k subs.
@darrinlong8038
@darrinlong8038 10 ай бұрын
i went to this site witch program do i download there several in the list.
@ImPureBlood
@ImPureBlood Ай бұрын
Will this tell you why you suddenly go from 0-100% disk followed by a freeze, thanks? And i've only just heard about this software.
@user-xk9fb6gi6j
@user-xk9fb6gi6j 8 ай бұрын
thank you but this is only for windows can you make similar for linux / Debian ..??
@HusniArsyah
@HusniArsyah 11 ай бұрын
Hey, I wonder there is some Anti virus that can automatically be installed in the Windows, for example like `Rav` and `McAffe`, but I already uninstalled them. Any idea how the hell they can automatically installed in my PC?
@ContantContact
@ContantContact 11 ай бұрын
Good video. But I gave up on Windows about a year and a half ago. Went to Linux Mint. I see there are some utilities that do the same thing, I I might play with them. Though I am not all that concerned....
@frankbraun9819
@frankbraun9819 8 ай бұрын
So Armoury Crate runs a three tier process six times per minute 😢🎉 to check for updates?!? Im thinking once a week would be plenty 😕
@UCs6ktlulE5BEeb3vBBOu6DQ
@UCs6ktlulE5BEeb3vBBOu6DQ 11 ай бұрын
few weeks ago I learned something wild. I've been setting my firewall for decades with local subnet rules for my lan stuff including remote desktop that I only use in my lan. Imagine my surprise when I found out I was brute forced from a large distributed array of IP's. Turns out that forwarded ports are treated as being from local subnet in windows firewall !! I got saved by my 378 characters password.
@Tuxy79
@Tuxy79 11 ай бұрын
Which password manager do you use?
@UCs6ktlulE5BEeb3vBBOu6DQ
@UCs6ktlulE5BEeb3vBBOu6DQ 11 ай бұрын
@@Yolo_Swaggins Windows password. I made a way to not have to type it manually so I can have it as long as I want.
@UCs6ktlulE5BEeb3vBBOu6DQ
@UCs6ktlulE5BEeb3vBBOu6DQ 11 ай бұрын
@@Tuxy79 KeePass
@FlyboyHelosim
@FlyboyHelosim 11 ай бұрын
If you're using a password that's 378 characters long to be safe then something is very, very wrong.
@UCs6ktlulE5BEeb3vBBOu6DQ
@UCs6ktlulE5BEeb3vBBOu6DQ 11 ай бұрын
@@FlyboyHelosim my passwords are on average 40 to 80 chars long. I have had multiple servers since '96 and you'd be surprised at how relentless the attacks are especialy from China.
@radar_B-52
@radar_B-52 11 ай бұрын
how do you know which process are malware?
How to not get hacked: real example
13:55
The PC Security Channel
Рет қаралды 383 М.
How to know if your PC is hacked? Suspicious Network Activity 101
10:19
The PC Security Channel
Рет қаралды 1,1 МЛН
She ruined my dominos! 😭 Cool train tool helps me #gadget
00:40
Go Gizmo!
Рет қаралды 55 МЛН
Final muy increíble 😱
00:46
Juan De Dios Pantoja 2
Рет қаралды 20 МЛН
1❤️#thankyou #shorts
00:21
あみか部
Рет қаралды 88 МЛН
🍕Пиццерия FNAF в реальной жизни #shorts
00:41
License to Kill: Malware Hunting with the Sysinternals Tools
1:18:10
Mark Russinovich
Рет қаралды 72 М.
Is your PC hacked? RAM Forensics with Volatility
14:29
The PC Security Channel
Рет қаралды 898 М.
Python The Hacker's Secret Weapon | Importance Of Python in Hacking
11:06
The Malware that hacked Linus Tech Tips
10:13
The PC Security Channel
Рет қаралды 1,5 МЛН
The 7 Worst Operating Systems Ever
15:08
ThioJoe
Рет қаралды 1,8 МЛН
Why VPNs are a WASTE of Your Money (usually…)
14:40
Cyberspatial
Рет қаралды 1,4 МЛН
The Most Useful Set of Free Programs EVER
13:15
ThioJoe
Рет қаралды 293 М.
11 Things I Hate About Windows 11
10:05
Linus Tech Tips
Рет қаралды 3,7 МЛН
How I installed the HARDEST operating system
34:40
Bog
Рет қаралды 71 М.
Malwarebytes vs 2000 Malware
11:12
The PC Security Channel
Рет қаралды 159 М.
Cadiz smart lock official account unlocks the aesthetics of returning home
0:30
5 НЕЛЕГАЛЬНЫХ гаджетов, за которые вас посадят
0:59
Кибер Андерсон
Рет қаралды 1,6 МЛН
После ввода кода - протирайте панель
0:18
WWDC 2024 - June 10 | Apple
1:43:37
Apple
Рет қаралды 10 МЛН