I remember in old, good days on my WIN98 i had a security program that was blocking every executable file. Only after explicit permission (one time or always) they were executable. Even secondary files sometimes requiriered permission. Well, it made the PC secure but difficult to use.

this is absolutely fantastic to know. I'm still learning a lot of what feels like basics in tech safety. and I always feel like I'm learning something new from you :)

Had it on my system. Emsisoft originally flagged the 2 .sys drivers, but after i sent them samples they dropped the malware designation. Subsequent scans with Emsisoft, HMPro, NPE and Kaspersky VRT were all negative. There were no running processes and since I used Zemana portable a few years ago I didn't think much of it until this video. I subsequently scanned it with MBAM and quarantined them. Thanks Leo.

So shocking that there's groups of people who are highly intelligent, but instead of using that for humanity, they decide to do this.

I use AV all the time, I have heard many people say that it is a waste of time, but I disagree, The AV may not be perfect but it at least adds some form of protection against Malware. Having a small AV is still going to be better than having none at all. Think of an AV like a Car Seat-Belt, it may not save your life in a car crash but it will for sure help in doing so, and hopefully it will save your life (Hence why you should ALWAYS wear your seat-belt). And as for people who say "use your common sense", everyone can fall for these Malware/Virus attacks, even Linus as you probably know got his channel hijacked proving my point. Common sense is not perfect at all, the best thing you can do is be vigilant and cautious with what you are doing.

I find it frightening that someone might combine AI with viruses to create intelligent malware that can adapt to changes and exploit people's weaknesses.

This only works if you disable UAC. Backup offline and often in case of disaster.

Seriously I find it odd that people disable UAC, Smart Screen & then complain when shit goes wrong. Seriously though, there is another example of a company that needs to pay for abusing driver level files & doing so poorly so that it gets used.

Hey bro u should do a video of a Expired Kaspersky License vs Malwares! It would be a very interesting video cause my subscription ended like a month ago and I would like to know if it’s protecting my PC since there’s no other video like that in KZfaq rn. Thank you and keep the content! It’s awesome and entertaining to watch

for anyone wondering how the driver was abused at all: it was simply a driver that you can consider 'vulnerable' there are hundreds, maybe thousands of these drivers laying around in the wild, and it is simply due to them having some exposed way to access the driver. this eventually leads to them being able to directly invoke kernel functions from usermode or perform r/w operations as if they were kernel, this is dangerous. this has been used multiple times in what people call 'kernel driver manual mappers' or used in game cheating to bypass usermode restrictions of kernelmode anti-cheats like Easy Anti-Cheat or Battleye. microsoft themselves and anti-viruses like Avast have tried themselves to purposely catch these vulnerable drivers being loaded, and they have added MANY vulnerable drivers, just the developer of this malware simply found one that was not blacklisted by AVs yet, and used it. definitely interesting it being used in malware since i've only seen it be truly used in game cheats.

You know what would be even scarier? ...if Terminator created an impostor process with the same name, icon, and memory usage as each antivirus process it terminated, so you couldn't notice their absence from a glance at the task manager. It might be way easier than the previous steps, it would not involve tampering with antivirus files. Although it might involve writing a new application to disk and launching it, which sounds like the hardest thing to get away with if even one thing like windows defender is still functioning. I imagine any new thing the virus does has a risk of detection, so if its goal is anything other than to lie in wait like a keylogger, it should sprint to the goal.

I have a question if you install an software and ends being a is malware software right. And supposed it sends all chrome history of the session to the hacker does that count like a cookie? like he can do stuff on their computer or not. Like my already logged on session mess with or the to login etc. maybe im not making sense. I’ll appreciate it :)

Wow, just found it on my system..I don't know if this is a remnant file from when I installed Zemana years ago, as the file date is from 2018, and I don't know if it's just been sitting there or not, but yeah.. I don't remember my AV shutting off though, so I guess there's that.

Can a make a separate video on crowdsec for personal windows user or Linux user

Covered on Malwarebytes June 6, on Trendmicro May 2, and Bleeping Computer on May 31. Lots of people posting questions about why their antivirus is blocking this “driver” after these publications. Apparently using Google is too hard for some people.

I wonder if core isolation can detect this driver as an issue

How is the driver loaded at runtime? I know there are ways to do it, but most of the require vulnerable drivers, to be loaded, so this should be detectable, anticheats in videogames also detect it. I also started only downloading from trusted sources.

Does this still turn off let's say ESET when you have a password you have to put in to make any changes or uninstall it in the AV itself?

They did what I needed back when sophos was causing me issues and it wouldn't uninstall 🤣

Surprised this is possible. I always assumed that if a process is run as protected (which antiviruses run at) then it required the process itself to terminate it (which had to be signed by the same certificate as the antivirus itself) precisely for this reason?

Can You test ClamAV and compare it with Avast, Comodo... other free AVs?

OK ,so what's your advice then ? If something which has established superb performance over the years (like Sophos has done) ,can be bypassed and shutdown ... well ... what end-users can do to protect themselves then? --I really considered Sophos as the "pinnacle" of protection all these years , when i see something like Sophos being shutdown (0:40) it's like i'm witnessing a *security-nightmare* !!

When are you going to test antimalware software again ?

I have a old laptop around 10 years so it saw some action. The windows defender flagged zamguard64.sys in system32 today as a serious threat detecting the trojan:Win64/Spyboy!MSR is this a potential threat or does it mean that I got infected with that virus already? No folders were encrypted or anything. And besides starting with only ms services and running a full scan what should I do?

Hello, I have a process in the task manager that is called "Book vopeme" and it runs a service called "Gnomebeatmapme" I believe it is malware I tried killing it before using the process explorer, I tried deleting the files, I tried deleting the registry keys but I can't access them and tried cleanbooting the laptop but I couldn't even disable the service and it shows up as unknown in virus total what should I do?

An interesting EDR/AV bypass technique that is being used by ransomware operators currently is using legitimate antirootkit tools, like TDSSKiller, PowerTool, GMER, etc. As EDR/AV is effectively a rootkit, this approach can work well. I wonder if this Zemana AntiMalware driver technique is similar. One of my tasks when I start work tomorrow will be hunting for this Zemana driver, and adding custom detections to our EDR should it appear... and yes, we use one of the EDR's this thing terminates!!

Well, if you have admin you can do what you like anyway, so getting the User to run it is going to be their trick for sure.

I love how of ALL AV, McAfee actually detects it 😂😂🤦‍♂🤦‍♂

Can you please compare free abtivirus to the premium basic oferings ? like avast free vs bitdefender free and agains bitdefender antivirus plus

This is relatively simple to make - for a specific vendor - even without reverse engineering the AV/EDR itself. Just there are many vendors. But for someone selling this that would not be a problem. The issue is it will get detected after it's found in the wild, and then standard cat n mouse game. Most of the self-protection I've seen so far in commercial AV was laughable. At least as long as you don't just lock down all administrative access - which is not viable.

Thanks for the great effort

Yet another reason to never use an interactive logon session where the owning identity holds local admin rights.

This won’t work with WDAC and running as a standard user, which most corps are now doing.

Also, would Comodo sandbox thwart this from destroying system?

this is why you never ever use an admin account for day-to-day use

I mean trying to shut down comodo firewall as admin is impossible you can shut down the GUI but the kernel process still runs obeying its rules. You have to uninstall it even then you need a tool to get rid of it all. But imagine when they have malware that uninstalls your AV/FW turns off UAC in the background with no GUI windows now that will be something.

Kudos for being a Rossmann fan

I wonder if it works better than Sophos own SophosZap to kill broken installs ;D

Thanks for this video

Unless I missed it, or did not understand it, I did not see what it is that a victim would have done to get infected.

the registy exclusions thing is a thing i discovered 2 years ago but never said XD and i put malware and stuff

So... It needs to ask you run as admin.. then it can do anything... Just like any other program that runs as admin. What's surprising?

I’m basically a noob when it comes to such things, but why for the love of god does it take the AV vendors so damn long to just blacklist this? I mean at this point it’s out for over a month and still only at 8 detections according to Virus Total

I received 3 days ago a random email with a .ics file (iCalendar) and I didnt opened it, just flagged it as spam. I did some research and i found out that a .ics file could have an URL from a website/server which is running viruses to install. Please make a video or remind people to not open random unknown emails with attachments. Usually, unknown random emails contain lots of numbers and letters in the message. The message is harmless but the attachment is the bomb.

What about COMODO?

Round 2 I will see them both my audio wasn’t bad the first time but nice quick fix for those who had problems with the audio

Can you record content of *Pegasus Spyware* ?

I think I have this how do i get rid of it im so scared Edit: i factory resetted, it seems to be gone

can it run on winehq linux 😮

Its sad people focus on attacking alot more then defending.😒

Mcafee : HA! You cant kill me , if i trash the OS first

Kills Defender? Sound great, where can I download it?

Let's say i got the malware and i dont want my data i just want to remove the virus and make my computer run again with no problems what should I do?

What happens when a version like this virus disables UAC and survives an OS reinstall, lives in the motherboard's bios, etc.

Terminator.sys wont load with secureboot and tpm 2.0

Why does no one mention comodo firewall its defense function scans these files in the cloud they picked this up ages ago.

That's so unconvenient for Microsoft and the NSA. Now they have to close the security hole and create another one. You evil security researchers...shame on you.

now the things are going dangerous, i was thinking as long as you have any premium antivirus running ,you are safe 😢😢😢 now that time is not far enough when people says " if you want to stay safe ,dont use internet""😤😤😤

Dear TPSC, I hope this letter finds you well. I'm writing to express my excitement about your upcoming video on creating a custom Windows 10 and Windows 11 Lite ISO file for low-spec laptops. Your expertise will undoubtedly empower countless individuals to optimize their computing experiences. Thank you for your dedication and contribution to the technology community. Best regards, Rasal Kumar Shaw

Damn I need this just to uninstall Norton

So now we should start protecting the Antivirus from virus? 🥺

LOL i actually called my PC The Terminator

I wonder if Kaspersky free can stop the terminator Malware. I use both Kaspersky free and Malwarebytes free. Kaspersky has kept my system clean. Malwarebytes confirms no malware on my system. Kaspersky will want you to remove Malwarebytes, but they both work fine on my system.

The terminator terminates

So the "meme" Mcafee is one of very few who was updated quickly to detect this. And Malwarebytes. Hmmm. BD and Kaspersky as of the time of this comment still just let it fly on through.

so how to avoid getting infected?

6:45 ...got "Distracted"

Well, of course. If you have admin privileges you can do anything. That's why you should do all of your normal activities as a user.

P.S. Please don't use it to make malware))) Respect the three ).

The best method is don't download anything you do not already know what it is and where its coming from. I've been online since 1992 and had a virus 1 time ever and it was in the very beginning of computers. Ever since then I am exceptionally careful of what I click on and what I download.

I heard that the creator of this later was arrested?

👍

Bitdefender Total Security Vs Kaspersky total security Vs Terminator Malware

You should never trust anything that takes admin privileges anyways

What about McAfee?

I dont understand why literally every program needs admin rights

I back up my entire computer system every 2 weeks. In the event of malware or ransomware infects my computer--I can just wipe out my hard drive and restore it. Simple fix!

Hmmm . . .let's see what we've got here . . . $ cd "C:\Windows\System32" -bash: cd: C:\Windows\System32: No such file or directory

It won’t work with Deep Instinct. Lol! Technology has moved on.

This only works if UAC is disable. Don't get fooled

You deserved to be hacked if you are using Sophos.

Simple fix Delete task manager

First one yo thanks for the good content

It's horrible wow

SHOULDN'T SOMETHING AS CRITICAL AS TASK MANAGER BE PASSWORD PROTECTED, AT LEAST AS AN OPTION???

The only AI we can trust.

2nd time asking to make a video on djvu/stop ransomware and .ooza extension ransomware

I dont wanna see these videos fofff

The only bad thing about something like this is someone taking that code and improving it. It happens all the time, the whole black hat market is full of people that will backstab you. Thus stuff like this is more likely to fall apart since nobody helps anybody.

Antivirus that can be turned off or doesn't stop every virus is worthless and a class action lawsuit should be brought against every last manufacturer of the software. What is the point in buying antivirus software?

Early nice

dislike works yeah

"Russian hackers". Oh dear...

milionth:)

Not first :)

First If you’re a real one then you know it’s a reupload.

first :)

First!.exe

So the best antivirus is your common sense

First