This piece of software is invaluable. I've used it from everything in terms of malware scanning/detection/analysis to assisting in cracking a piece of software to determining why a cracked game would refused to load (turns out it was literally missing 5 or 6 "maps", which was causing the game to crash-on-load. Fantastico.

I may as well be looking at Chinese writing because I don't know what those logs are. This is obviously something for advanced users who can recognize something is wrong.

I'd really love if you'd do another Antivirus tier list. It's been a few years since your last one and I'm interested to see if anything has changed between the rankings. Great videos as always!

Interesting video but after watching it I still have no idea how to tell what's bad and what's good. How about doing a video detail how to tell if something bad is happening compared to something good.

Shouldve went in more detail on how you can detect something fishy from something normal. The way I see it, I have to look up every IP, .dll and what else to see if something is off.

Malware usually injects itself into Windows components to make it tougher to recognize, which is why many of the processes performing unusual malicious activity here actually belong to Windows. You'll find these processes in every Windows installation, and _don't_ exhibit anything resembling the abnormal behavior showcased in this video unless infected (at least, by Microsoft standards. Windows doesn't need any spyware to perform a lot of questionable telemetry after all, but this video shows even more junk than usual). This is a nice way to figure out if a system is infected, but it takes a lot more to actually track down the source malware. I personally use Process Monitor a lot more often to figure out some of the inner workings of software, and even Windows itself. Track down the files and registry keys discrete Windows features and apps need to work properly, as a last-ditch effort in order to fix the more awful kind of registry and install corruption bugs when all easier repair options fail, and they show their ugly face just often enough in our line of repair work to be a major PITA. I'm talking the kind of issues that have no documented fix anywhere on the Internet, meaning they would otherwise require a full Windows reinstall to get rid of, and can range from mildly annoying to total showstopper as they can prevent essential user programs and Windows features from functioning altogether. As I'm not a security researcher, I just rely on AVs to do all the detection work for me, and only attempt a manual checkup as a last resort, if multiple different AVs and even rescue liveCDs all fail to detect any malware on a system that is still definitely, actively misbehaving. I once caught and manually deleted a cryptominer trojan that way. It faked the Task Manager GPU percentage and even the framerate numbers of games, but couldn't inject iself into Windows processes (it just showed up on Task Manager as a standalone process), and was installed inside AppData. Either way, when even lightweight games believe they're running at 60fps and only actually presenting at like 10, you know something is going horribly wrong. I still have the suspicion the bad performance metrics might've been more of an NVIDIA driver bug, and not actually a feature of the malware. Chances are it doesn't matter anymore with the hundreds of updates to Windows and the GPU drivers since that infection happened.

Great overview of the process monitor. Thanks for that. Great tool. But the title of this video is "how to tell if your PC is hacked" How about a video on that? Like what processes to look out for, examples of how to find known hacks, etc.

This video barely scratches the surface without really going over anything, aside from filters. What would have been more beneficial for viewers would be to show them how to quickly filter out genuine Windows activity and to later filter what the user knows is safe. You're then left with a list of potential candidates for the problems you're experiencing. As it stands, this video just says people "yeah this exists, good luck."

I'm a complete neophyte at this stuff and your explanation was really clear and easy to follow. I even tried checking my own system with this and could understand what I was looking at a little bit at least. Thank you!

3:10 can anyone explain what Exactly was "suspicious" i mean I've bene trying to understand it for hours but differentiating between hack and or other is super hard for me so far, maybe its cause i don't have any but ye

Holy crap, this would've been super useful like 3 months ago. Definitely saving this video.

You can skip 90% of malware and stuff by simply choosing "ask before every download" option in your browser. It saved my pc so many times as suddenly something was trying to download but browser was asking me where I want it. Remaining 5% is windows defender which acts as a virus itself and 5% are backdoors in the system CPUs. That's basically all to it.

Neat! My only issue is that I'm not sure an average computer user would necessarily recognize all the programs Process Monitor shows. Wonder if it could be too easy to mistake some program's actions as an active malware.

Hacker: I have your passwords in one place, look. *send me all my passwords* Me: Thanks I already forgot them.

Even as a Mac user, I’m always super paranoid that I have some kind of zero day I’m not aware of.

Great tool, just take care to not get paranoid with these. I've had clients in the past before I became a developer who would think any svchost.exe would mean a malware, which is not the case.

Process Monitor is a great tool! It's been really helpful in tracking down some issues 👍

this helped me find things i didn't know i had (or still had) that were regularly phoning home. much appreciated.

All I've learned is that Corsair iCue is basically malware lol.. constant network/telemetry stuff going on even if you have that option to send them data disabled. Closing icue reduced the amount of network events I was seeing drastically, and it actually seems to have improved game performance.

Thank you so much for making this!

There is an efi rootkit that bypasses this completely and is fully hidden, it basically patches a bunch of kernel stuff before pg is initialized. I don't remember exactly but the only way you could get rid of it is by reflashing bios and reinstalling windows. Problem being you'll never know you got infected.

You explained quite obvious things about this program (filters, autoscrolling etc). But I still dont get it how to tell if my PC is hacked. Need more examples please

This tool is great for gamers to find out the "save location" of a game. You pick the game process and filter to see what files are being created. I wonder, regarding the security features, would Task Manager's Processes tab be a quicker way of checking for any strange processes using the Network, for example, by sorting by Network?

They way how you talk is amazing, my mother tongue is spanish and it's a bit diffcult to me to understand videos with english audio, but I understood everything very clean from you, thank you for your nice job.

My pc sometimes randomly open cmd and close it multiple times a day. Should i be worried

What we really need is a tool with checksums and whitelists so anything unusual shows up. Otherwise it’s like handing someone a phone book and say number starts with 555.

This software is a chef's kiss Thank you.

i downloaded the suite, but there are so many .exes i think is over a 100, which one should i use?

few weeks ago I learned something wild. I've been setting my firewall for decades with local subnet rules for my lan stuff including remote desktop that I only use in my lan. Imagine my surprise when I found out I was brute forced from a large distributed array of IP's. Turns out that forwarded ports are treated as being from local subnet in windows firewall !! I got saved by my 378 characters password.

Kindly share more videos regarding this tool, seems so complicated and full of info

Super helpful vid! Thanks buddy!!

How can you trust Armory Crate? Armory Crate has been exploited before, and hackers have managed to access all devices that have Armory Crate installed. The entire app is suspicious and plagued with bugs. I hope you can create a video about the activities that Armory Crate is performing in the background. Even ESET Antivirus is attempting to block some of its files, and VirusTotal has flagged the file as suspicious. Let's hope your computer wasn't already hacked.

Yes yes yes love to see more such videos. Always been a fan of process explorer, but badly need of something like this but never knew sysinternals had it in the name called process monitor. Thank you🎉 thanks a lot. Love you ❤

This is very interesting. Is this data only accessible via the ProcMon? is there an interface Microsoft provides to access this pragmatically?

I watching you since 2020 great videos keep it up bro

Excellent video! I'd love to see more forensic videos like this. Cheers!

So I looked at a system that showed the same AMSI queries over and over like in the video. Nortons Power Erase didn't find anything beyond medium. What do you suggest?

great video. could you make one with more examples about this program

Very powerful! What data (if any) does Procmon collect and send back to Winternals?

Man, you young boys have it made. Back in my day, we had to figure all this out reading 2600 Quarterly, text books, and sheer intuition messing around in the registry. Nowadays you boys have it all packaged up nice and neat in a video complete with slick graphics and color commentary. This combined with AI makes us old coding command line geezers obsolete.

Such great tools that MS owns, but for some reason are not included with the default OS install - yet they are so quick to add so much other bloat like news feeds, widgets, and other mostly useless apps.

When you say please like and share the like bars light up. that's a cool feature.

I don't know how useful this is, if I where to create malware, I would just hijack the event collection and hide my malwares events.

Would this be able to detect Port scans? My antivirus detecting them happening multiple times per day.

Thanks for the tool gonna have to get to know it and use it more.

Really nice tool, thank you for the info!!!

Is there any app that will detect if my pc hacked and will block them automatically ?

Your PC is always hacked. With an update, for example, all your info goes to the manufacturer. That is why an update with a new PC is very fast and the same update with a used PC with the same spec. 10x slower.

Thank you for sharing this and how to use it. Now I know how to start using this tool. This is why I like and subscribed to this channel.

I have to see this video many times to understand. Very good tutorial. Really good 👋

Early congratulations on 400k subs.

Great stuff as always, please more stuff like these.

I had some sort of maleware I couldn't seem to wipe with any anti-virus software, I kept getting a message demanding bitcoin. I decided to just system restore, only to find someone had managed to setup a bitlocker on my system. I just ended up wiping the whole thing and installing Linux.

Hey, so I used it and im not at all a computer geek- so can you please tell me if MsMpEng.exe constantly locking and unlocking C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-shm, that, is a normal thing or not?? idk its weird

Please help! My PC has exactly this problem and I don't know neither how to fix it nor where to start from. Any help would be appreciated!

OMG NOW I'M REALLY CONFUSED. WHY CAN'T THINGS JUST BE SIMPLE AND REMAIN SIMPLE ?

procmon is one of my favorite discoveries from my college courses. procxp is a close 2nd

Very informative, please do make more of these

Will this tell you why you suddenly go from 0-100% disk followed by a freeze, thanks? And i've only just heard about this software.

I really liked this video, please make more like these :)

you forgot the "how" part

Well that was as clear as mud really.

This Tool is really powerful, but I have a question. If I detect a Process that's sending Data, can I stop it without killing the whole process?

The masterworks sponsor will not age well...

I have a question for linux. So if a malware were to run on linux using an emulator would the malware even know what to look for if it was trying to steal info from the linux files or would it be limited because it’s a different environment. I’m new to linux and am trying to learn more about the platform.

Where do we go from here though. If I find something that shouldn’t be happening, what is the course of action? And where can I find out where it came from?

Excellent informative narrative! Look forward too much more! Thank you!

"How to tell if your PC is hacked." ...boots into Windows.

Let's hope your sponsor of this video is actually a good and honest site. And not some scammy one!

This feels like a tin-hat rabbit hole into assuming your system is compromised

THANK YOU SO MUCH.

Is there any similar thing for linux??

Are there any solutions? I know nothing about these things but.... would it be possible to run linux from a DVD and have it load into ram so it runs at a decent speed? (if you have enough ram). ??

Hello everyone I have a question that concerns me Whenever I open HWINFO I see one or two of my cpu cores constantly at 80% to 90% usage even when barely no apps are running Does that indicates something dangerous or what's wrong exactly?

That's really interesting. Is there an equivalent for Linux?

how to detect if the process is sus, since this vids only explain how to use process monitor

Will breeches stay intruding even after completing deleting and reininstalling windows?

how do you know which process are malware?

You can tell your computer is hacked when some Indian guy rings you up, called Jeff Peters usually, and promises to fix it for a small fee. I'm not stupid.

congrats on 400 k

Hey, I wonder there is some Anti virus that can automatically be installed in the Windows, for example like `Rav` and `McAffe`, but I already uninstalled them. Any idea how the hell they can automatically installed in my PC?

please help this computer is doing exactly what you said it drops processes when i open task manager I don't know what to do

Hey Leo, I just watched the Emsisoft Emergency Kit video 7 years ago, is that you?

I checked my laptop and found exactly the same behaviour described in the video, svchost.exe constantly accessing the Providers2 registry. Any idea how to fix that?

Awesome video!!

So you use F-Secure as your main antimalware software?

Nice video. Thanks!

may i ask what is it runtime broker are? also is it normal if multiple runtime broker run at once?

It's been a must-have program since snoop-dos on my Amiga :) (Diddent need no filters there :D goodtmes :P)

What an amazing video, thank you very much. Can you please make an equivalent video on Mac OS forensics? 😊

This is the most frightening thing ever. I was just watching a KZbin video and all of the suden i hear "hello, hello" i stopped the video thinking it was in it then i heard "hello bro i can see you" wtf do i do now man. On God im not lying.

Try Windows Repair Toolbox Process Monitor and A LOT of other Windows and Third party Software u can directly start from this, mostly without installing, just portable

hey bro what does it mean lotta like really lot explorer.exe opertions somes are open some close and others read few registry keys, results are opening closing and no reparse point or invalid parameter. please need answer

How to tell if I have a keylogger or spyware?

tcpview as well.

So Armoury Crate runs a three tier process six times per minute 😢🎉 to check for updates?!? Im thinking once a week would be plenty 😕

I liked the video and the software, but it would be more of a full piece if it showed how to get rid of the malicious content...or do we just say to our antivirus software, "sick 'em!"

Im so curious now!!

I tried to use it and it said that it could not find the process. I think I'm hacked beyond help-

Very nice and informative