This is a fantastic rundown of tools to start with in metadata and malware analysis. Thank you so much for making a video about these, this will help me in my studies!!
Hello brother. I have been watching alot of your videos here lately after being a victem of a really bad malware attack. I ended up having to reset my laptop back to factory settings. I wish I would have found your content sooner. I am learning alot from your videos for tips on how to prevent it from happening again. Dropped you a sub. Keep the content coming.
Thanks for suggestions, Leo. After watching this video, i noticed that i had used most of them (1 or 2 tools missing which i didn't use beforehand)(I even used Ghidra :) ). I can also recommend comodo cleaning essentials' kiill switch and autorun analyzer tools, and also quick repair tool. Thanks for your videos, again.. :)
In addition to Sysinternals tools. I use WinDbg, APIMonitor and even Windows Performance Recorder and Analyzer to understand what an application is doing.
Both are hypervisors, so a virtual machine is created that is independent of the main system. your decision is only whom do you want to trust more? who has fewer bugs in their program that could be exploited by malware? but in general both are equally good.
@Lukasz That's terrible for performance, and that's if you ignore that nested virtualization support isn't always present or practical. Also, if you're using the same program for both VMs, then any VM escape bugs would still allow it to work its way into your system.
Ok, but how are we gonna know which file is a malware? Like SVCHOST skyrockets to 100% Disk for no apparent reason and I don’t want to erase SVCHOST because it’s crucial for my Windows 10 and SVCHOST is made by Microsoft and I don’t know how can I determine if there is a malware inside SVCHOST. It’s what I want to know... Now recently I PAUSED windows 10 updates (I PAUSED them temporarily) but why am I seen a process called “Windows modules installer worker” next to “Windows Update” and “Edge Installer” (note that I already have the new Edge installed and I don’t know why is there such process of “edge installer” when I already have it, what is it installing? Malware?!) and these skyrocket for NO REASON. I have updates paused but these processes are consuming high Disk usage when it’s strange, nothing is updating and nothing is being installed!!! Are these viruses?!
i forgot the program name but you could record opening a exe file and then record what it does and where it injects into another exe for example running a exe and that exe having a RAT and then injecting into svchost.exe, if anyone could help me find it that be great!
726/5000 Hi Leo, I was a user for 4 years practically of Emsisoft Antimalware and I loved it all the time but currently the price of it has gone up a lot and I will not renew with them unfortunately I intend to migrate to Kaspersky Security Cloud Free, in fact I have even removed it (Emsisoft) of my PCs but my Emsisoft license has not yet expired, I was wondering if before the date expires they send me an email to be able to cancel the subscription since I haven't seen anything on the website on how to do it even in my account? ! Could you tell me about it? Otherwise, I will have to send an email to Emsisoft. Their support is really good, but recently I realized that Emsisoft is bad at detecting viruses in memory. Kaspersky catches on time.
Hi there,how we can find the port we got attacked, for example we have one pc and we got virus or attack from Internet, how we can to know from which port we got attacked?? From which Specific port we received virus or attack?? Thnx
The first program looks quite scary for me, I go places where I should not go and my System Restore no longer works. Hahaha, think I will pass on the first one.
Hello Leo, can you tell me what vpn you are using or if you are using one Also, were can I get a automation tool similar to malex? Thanks in advance and I want to let you know that I love your content!
Hi Léo, can you test 360 Total Security Essentials, i Know is chinese and i dont like products chinese but just for see if hes good in test please test the Essential just not the other have a lot of things... Thanks
Nice video ,could you please make a video about shadow defender I'm using it only when I try to install any suspicious software ,tool,etc I found something like bug or vulnerability with it , some tool like kmspico can activate windows even if shadow defender is on active mode can you please explain why this happen Thank you
These many days I missed your channel, where have you gone mate?????????? 😄 Thanks for your amazing videos, I am learning much from you. Recently I have started using Autoruns and process explorer
Hey leo. Can you give me an example on a virus that tries to attack the host system whilst running on a virtual machine? And they do it through the shared folder right?
Opened the video to find good tools to track traffic but "owned by microsoft" made me sad. If i want to track microsoft communication and if they own the program they will hide that communication in their program.. we all know they will do that, we all know microsoft and how they work
So i figured out that *HITMAN PRO removal tool* gave me malware or something its weird asf A malware removal tool giving me malware how ironic lmao the malware deleted my kaspersky and zemana antimalware and disabled my windows defender (the only left was Security at glance screen) and windows update gives error then i just clean install windows 10 and installed kaspersky and zemana and hitmanpro and then i got the same fcking malware all over again!! so you know what fck this im going to clean install windows 10 again and only install Kaspersky and as of today i dont have any malware. *NEVER GONNA INSTALL HITMAN PRO* PS. i dont have any pirated softwares,games etc. i have genuine legit windows 10 pro legit games.
i was waiting for this video, some people mentioned that in ur videos,
glad u listened bro
This is a fantastic rundown of tools to start with in metadata and malware analysis. Thank you so much for making a video about these, this will help me in my studies!!
One of the most useful channels with a pleasant voice👍
Agreed, his voice is cute lmao.
And last but not least he speaks real ENGLISH
Hello brother. I have been watching alot of your videos here lately after being a victem of a really bad malware attack. I ended up having to reset my laptop back to factory settings. I wish I would have found your content sooner. I am learning alot from your videos for tips on how to prevent it from happening again. Dropped you a sub. Keep the content coming.
Thanks for suggestions, Leo. After watching this video, i noticed that i had used most of them (1 or 2 tools missing which i didn't use beforehand)(I even used Ghidra :) ). I can also recommend comodo cleaning essentials' kiill switch and autorun analyzer tools, and also quick repair tool. Thanks for your videos, again.. :)
In addition to Sysinternals tools. I use WinDbg, APIMonitor and even Windows Performance Recorder and Analyzer to understand what an application is doing.
Thanks!
Hey Leo, have you ever seen a piece of sophisticated malware attempt to evade virtualization software and infect the host system?
Yes. They are rare though.
@@pcsecuritychannel try pchunter and do a review if you find it good
@what lol or raspberry pi
Any reason why you still use ollydbg over x64dbg.
Is Windows 10 Pro's Hyper-V good/secure enough for malware testing? Is VirtualBox or Vmware safer?
Both are hypervisors, so a virtual machine is created that is independent of the main system. your decision is only whom do you want to trust more? who has fewer bugs in their program that could be exploited by malware? but in general both are equally good.
VMWare and VirtualBox are safer.
@Lukasz That's terrible for performance, and that's if you ignore that nested virtualization support isn't always present or practical. Also, if you're using the same program for both VMs, then any VM escape bugs would still allow it to work its way into your system.
Excellent review. Thank you.
Awesome video, you are a champ.. Cheers
Extraordinary ! Thanks guys - I enjoyed .
3:45 process monitor
Ok, but how are we gonna know which file is a malware?
Like SVCHOST skyrockets to 100% Disk for no apparent reason and I don’t want to erase SVCHOST because it’s crucial for my Windows 10 and SVCHOST is made by Microsoft and I don’t know how can I determine if there is a malware inside SVCHOST. It’s what I want to know... Now recently I PAUSED windows 10 updates (I PAUSED them temporarily) but why am I seen a process called “Windows modules installer worker” next to “Windows Update” and “Edge Installer” (note that I already have the new Edge installed and I don’t know why is there such process of “edge installer” when I already have it, what is it installing? Malware?!) and these skyrocket for NO REASON. I have updates paused but these processes are consuming high Disk usage when it’s strange, nothing is updating and nothing is being installed!!! Are these viruses?!
To be honest, I kind of prefer any.run more
Pretty bad if you dont want to get your sample on the wild.
problem is it doesn’t support windows 10, 11 for free
Perfect. 👌🏻👍🏻
Thanks.
I love your youtube channel
thankyou sir. helps a lot and learn a lot
i forgot the program name but you could record opening a exe file and then record what it does and where it injects into another exe for example running a exe and that exe having a RAT and then injecting into svchost.exe, if anyone could help me find it that be great!
@Kaden any.run: 90$/month or all 64bit malware ignored.
Used to be a program that did that hmm
Cuckoo Sandbox?
Pretty cool video, i will check some.
726/5000
Hi Leo, I was a user for 4 years practically of Emsisoft Antimalware and I loved it all the time but currently the price of it has gone up a lot and I will not renew with them unfortunately I intend to migrate to Kaspersky Security Cloud Free, in fact I have even removed it (Emsisoft) of my PCs but my Emsisoft license has not yet expired, I was wondering if before the date expires they send me an email to be able to cancel the subscription since I haven't seen anything on the website on how to do it even in my account? ! Could you tell me about it? Otherwise, I will have to send an email to Emsisoft. Their support is really good, but recently I realized that Emsisoft is bad at detecting viruses in memory. Kaspersky catches on time.
So can i use PEstudio and just throw in a trojan without it running on my system?
Hey I was thinking recently, what are your thoughts about the integrated Windows 10 Sandbox VM? Worth the comfort or better stick to the classic VMs?
Hi i have problem on my pc. It was penetrated by .URNB file ransomware. Can you help me with this?
Hi, sometimes i use virustotal and it detects malware but it says no sandboxes flagged this file, what that means?
Hi there,how we can find the port we got attacked, for example we have one pc and we got virus or attack from Internet, how we can to know from which port we got attacked?? From which Specific port we received virus or attack?? Thnx
MS Office: some crooks can put VBA into a xlsx. How to detect? It is "purged", i.e. the P-Code is deleted/never included. Do you have a hint or link?
Quick question. What's the best antivirus for rate of protection?
Hey leo, can you do a vid on spyhunter vs malware please?
Great video.
Thanks.
Hey, do you know any tool for virus analysis using terminal? If so can you say the name I need to automate some stuff and that would be good .
make more videos pls
Sure.
im curious bout where you finding these wallpapers
can you help me with .looy decrypter
My laptop and mobile is infected with malware how can i do analyis to catch the hacker and clean them
I only use Process Hacker to cheat in csgo because it haves option to inject dll
But nice video
The first program looks quite scary for me, I go places where I should not go and my System Restore no longer works. Hahaha, think I will pass on the first one.
The tools are for virtual machines as you don’t infect your main host.
Hello PC Security Channel new member to your channel is process hacker safe to use the reason i am asking is norton say its not safe and delete it
ok good to know you rely to your new subscribe that made up my mind then
Hello Leo, can you tell me what vpn you are using or if you are using one
Also, were can I get a automation tool similar to malex?
Thanks in advance and I want to let you know that I love your content!
Hi Léo, can you test 360 Total Security Essentials, i Know is chinese and i dont like products chinese but just for see if hes good in test please test the Essential just not the other have a lot of things... Thanks
Nice video ,could you please make a video about shadow defender I'm using it only when I try to install any suspicious software ,tool,etc I found something like bug or vulnerability with it , some tool like kmspico can activate windows even if shadow defender is on active mode can you please explain why this happen Thank you
brother...make a video with avast vs malwar
I know this is 6 mos old, but I would be interested in a video of what you think about Cuckoo automated malware analysis sandbox.
process hacker gpu usage are works only on windows 7
Is the discord link broken?
do you still use this today or is there a new one
Mucjas gracias por el aporte !!!!
Is it only for Windows?
Or there is a Linux version as well?
Windows. But if you google " linux" you can find alternatives
@@rraygen
That's why I asked before I ever research...
Great video Leo! Thanks for sharing it with us💖🐤👍👌😎JP
These many days I missed your channel, where have you gone mate?????????? 😄
Thanks for your amazing videos, I am learning much from you. Recently I have started using Autoruns and process explorer
could be nice to show these tools in a malware case
👍ed , subscribed, 🔔
Hey leo. Can you give me an example on a virus that tries to attack the host system whilst running on a virtual machine?
And they do it through the shared folder right?
And btw thank you for this video!
Great 👍
Ollydbg lawl? haven't you heared of x64dbg?
InstallWatch, something like regshot in this video.
It sounds all complicated I need some help
Opened the video to find good tools to track traffic but "owned by microsoft" made me sad. If i want to track microsoft communication and if they own the program they will hide that communication in their program.. we all know they will do that, we all know microsoft and how they work
not first, not last, not middle and noone should care
With much more than a bunch of Uh-Huh, and a whole lotta' Oh-Yeah: Brilliant. 10/10.
who stops hacker best for pc security
I didn´t understand, this video says how you can see the maleware in your system, but, How to remove it automaticlly ?
This isnt about how to remove malware. This is how to look at malware. You will be best looking somewhere else if you want to remove it.
So i figured out that *HITMAN PRO removal tool* gave me malware or something its weird asf A malware removal tool giving me malware how ironic lmao
the malware deleted my kaspersky and zemana antimalware and disabled my windows defender (the only left was Security at glance screen) and windows update gives error
then i just clean install windows 10 and installed kaspersky and zemana and hitmanpro
and then i got the same fcking malware all over again!!
so you know what fck this im going to clean install windows 10 again and only install Kaspersky
and as of today i dont have any malware.
*NEVER GONNA INSTALL HITMAN PRO*
PS.
i dont have any pirated softwares,games etc.
i have genuine legit windows 10 pro
legit games.
the best malware protection is to get the malware creator to stop doing the malware. People that can not live in an honest society.