How to tell if your PC is Hacked? Process Forensics

This piece of software is invaluable. I've used it from everything in terms of malware scanning/detection/analysis to assisting in cracking a piece of software to determining why a cracked game would refused to load (turns out it was literally missing 5 or 6 "maps", which was causing the game to crash-on-load. Fantastico.

lobotomizedamericans

Interesting video but after watching it I still have no idea how to tell what's bad and what's good. How about doing a video detail how to tell if something bad is happening compared to something good.

bluesky

I'd really love if you'd do another Antivirus tier list. It's been a few years since your last one and I'm interested to see if anything has changed between the rankings. Great videos as always!

hiatus

I may as well be looking at Chinese writing because I don't know what those logs are. This is obviously something for advanced users who can recognize something is wrong.

myriadcorp

Great overview of the process monitor. Thanks for that. Great tool.
But the title of this video is "how to tell if your PC is hacked"
How about a video on that? Like what processes to look out for, examples of how to find known hacks, etc.

patrickarmstrong

I'm a complete neophyte at this stuff and your explanation was really clear and easy to follow. I even tried checking my own system with this and could understand what I was looking at a little bit at least. Thank you!

doesitmatter

This video barely scratches the surface without really going over anything, aside from filters.

What would have been more beneficial for viewers would be to show them how to quickly filter out genuine Windows activity and to later filter what the user knows is safe. You're then left with a list of potential candidates for the problems you're experiencing.

As it stands, this video just says people "yeah this exists, good luck."

serfraust

Shouldve went in more detail on how you can detect something fishy from something normal. The way I see it, I have to look up every IP, .dll and what else to see if something is off.

merk

Holy crap, this would've been super useful like 3 months ago. Definitely saving this video.

christopherchilton-smith

Malware usually injects itself into Windows components to make it tougher to recognize, which is why many of the processes performing unusual malicious activity here actually belong to Windows. You'll find these processes in every Windows installation, and _don't_ exhibit anything resembling the abnormal behavior showcased in this video unless infected (at least, by Microsoft standards. Windows doesn't need any spyware to perform a lot of questionable telemetry after all, but this video shows even more junk than usual). This is a nice way to figure out if a system is infected, but it takes a lot more to actually track down the source malware.

I personally use Process Monitor a lot more often to figure out some of the inner workings of software, and even Windows itself. Track down the files and registry keys discrete Windows features and apps need to work properly, as a last-ditch effort in order to fix the more awful kind of registry and install corruption bugs when all easier repair options fail, and they show their ugly face just often enough in our line of repair work to be a major PITA. I'm talking the kind of issues that have no documented fix anywhere on the Internet, meaning they would otherwise require a full Windows reinstall to get rid of, and can range from mildly annoying to total showstopper as they can prevent essential user programs and Windows features from functioning altogether.

As I'm not a security researcher, I just rely on AVs to do all the detection work for me, and only attempt a manual checkup as a last resort, if multiple different AVs and even rescue liveCDs all fail to detect any malware on a system that is still definitely, actively misbehaving. I once caught and manually deleted a cryptominer trojan that way. It faked the Task Manager GPU percentage and even the framerate numbers of games, but couldn't inject iself into Windows processes (it just showed up on Task Manager as a standalone process), and was installed inside AppData. Either way, when even lightweight games believe they're running at 60fps and only actually presenting at like 10, you know something is going horribly wrong. I still have the suspicion the bad performance metrics might've been more of an NVIDIA driver bug, and not actually a feature of the malware. Chances are it doesn't matter anymore with the hundreds of updates to Windows and the GPU drivers since that infection happened.

lHckrCmfr

Process Monitor is a great tool! It's been really helpful in tracking down some issues 👍

asas-tech

this helped me find things i didn't know i had (or still had) that were regularly phoning home. much appreciated.

adamgarlow

You can skip 90% of malware and stuff by simply choosing "ask before every download" option in your browser. It saved my pc so many times as suddenly something was trying to download but browser was asking me where I want it.
Remaining 5% is windows defender which acts as a virus itself and 5% are backdoors in the system CPUs. That's basically all to it.

xAndrzej

Excellent video! I'd love to see more forensic videos like this. Cheers!

nickdixon

Neat! My only issue is that I'm not sure an average computer user would necessarily recognize all the programs Process Monitor shows. Wonder if it could be too easy to mistake some program's actions as an active malware.

blackorcshagrat

Even as a Mac user, I’m always super paranoid that I have some kind of zero day I’m not aware of.

jjb

All I've learned is that Corsair iCue is basically malware lol.. constant network/telemetry stuff going on even if you have that option to send them data disabled. Closing icue reduced the amount of network events I was seeing drastically, and it actually seems to have improved game performance.

Bry.

There is an efi rootkit that bypasses this completely and is fully hidden, it basically patches a bunch of kernel stuff before pg is initialized. I don't remember exactly but the only way you could get rid of it is by reflashing bios and reinstalling windows. Problem being you'll never know you got infected.

Tygo

I watching you since 2020 great videos keep it up bro

r.e.d

This tool is great for gamers to find out the "save location" of a game. You pick the game process and filter to see what files are being created.

I wonder, regarding the security features, would Task Manager's Processes tab be a quicker way of checking for any strange processes using the Network, for example, by sorting by Network?

JSmiththeth