00:00:00
hello everybody today we're going to be
00:00:01
looking at some potentially shady
00:00:03
software
00:00:04
called opie auto clicker this subscriber
00:00:06
commented about saying that they had
00:00:08
downloaded this and then had immediately
00:00:10
noticed some
00:00:11
very questionable behavior on their
00:00:13
computer so i'm going to take a look and
00:00:15
see if this is in fact
00:00:17
malware or what's really going on here
00:00:19
now
00:00:20
of course i googled it because i was
00:00:21
sort of curious
00:00:23
because i wasn't i was not going to make
00:00:24
a video about a legitimate software
00:00:27
and i wanted to see so i google it and
00:00:29
it seems like these two projects are the
00:00:31
same thing because if you click
00:00:33
auto clicker professional interesting so
00:00:36
this
00:00:37
is definitely malware auto clicker
00:00:39
professional
00:00:40
and it seems to have shut down so
00:00:43
hopefully these are different projects i
00:00:45
don't think they are but
00:00:47
we can hope so we're gonna
00:00:50
look at this exe first of all it doesn't
00:00:53
even show an icon in chrome but it
00:00:54
doesn't
00:00:56
i didn't get the right piece but okay
00:01:00
so this is the cd piece of software that
00:01:02
apparently
00:01:04
at least just open about what it is i
00:01:06
guess we can we can give it that
00:01:08
not that that means it's legitimate
00:01:11
let's upload
00:01:13
to virustotal
00:01:16
so what do we
00:01:19
detect vm ooh that's that's sketch
00:01:24
holder false positive
00:01:28
some people think it's false positive
00:01:31
well detecting your mouse does not make
00:01:34
it a false positive that is
00:01:37
plenty of plenty of legitimate software
00:01:39
does that you're not going to get
00:01:41
oh come on for [ __ ] sake you're saying
00:01:43
this is a false this isn't a false
00:01:45
positive
00:01:46
so it's starting and terminating
00:01:49
996e.exe
00:01:50
look simple rule you should understand
00:01:54
anything in temp that is an exe or
00:01:56
anything
00:01:57
with random letters and numbers
00:01:58
especially intent that is an exe is a
00:02:00
virus there is no two ways about it
00:02:03
this is not legitimate software
00:02:06
this is a virus so
00:02:10
let's take a look and see what virus
00:02:11
turtle has jujubox which is usually
00:02:14
quite good
00:02:14
yeah so it's it's setting itself up
00:02:17
in this file no this is
00:02:21
ac lim what is ac moon
00:02:25
auto clicker library oh
00:02:28
so that that might be legitimate
00:02:34
software
00:02:37
so yeah that could be
00:02:41
that's odd
00:02:45
it's kind of odd to be creating those
00:02:46
kind of files okay let's execute it
00:02:50
it might behave differently because
00:02:51
we're using a vm because it says it does
00:02:53
that
00:02:54
so let's see this looks like an auto
00:02:58
clicker
00:02:59
let's go to cookie clicker
00:03:02
that persuaded
00:03:08
let's just for the purposes of
00:03:09
simplicity just say let's repeated this
00:03:13
10 000 times so that should take
00:03:17
a couple of seconds
00:03:24
the auto clicker definitely does work
00:03:27
how many cookies are we gonna get
00:03:29
a lot of cookies i hope i love this game
00:03:32
i used to play all the time it's a good
00:03:34
game
00:03:34
so we'll know we'll know we're done when
00:03:37
we get to 10 000 cookies
00:03:47
[Music]
00:03:51
no i think that's enough let's just get
00:03:53
some cookie forms while we're at it
00:03:54
because that's where cookies really come
00:03:56
from don't listen to anyone who says
00:03:57
they baked
00:03:58
okay so well let's just try lowering the
00:04:02
delay and then we can
00:04:03
activate this again
00:04:08
that field that does not feel like 1 000
00:04:11
cookies a second
00:04:14
it could be i think i think we're out
00:04:16
speeding the game at this point
00:04:21
so far this does seem like some sort of
00:04:23
auto clicker but
00:04:25
this is what's called a trojan and the
00:04:28
reason it's called a trojan is because
00:04:30
it works software like this is clearly
00:04:33
actually
00:04:34
auto clicking but it's also potentially
00:04:36
up to no good
00:04:39
now this is different from the one that
00:04:42
our commenter
00:04:44
ran into so i'm not entirely clear if
00:04:48
this is the same
00:04:50
variant or a different variant
00:04:54
so let's take more of a look so it's now
00:04:56
installed ac
00:04:57
lib app data
00:05:01
they'll often they'll go to local app
00:05:02
data which does two things one is if
00:05:04
you're in an active directory domain it
00:05:06
will not
00:05:07
move across but that doesn't really
00:05:10
matter for most of you
00:05:12
and the other thing that app data does
00:05:16
is it defeats
00:05:20
nothing interesting so far is that most
00:05:23
people look in
00:05:24
roaming app data not local amp data
00:05:28
so nothing in here
00:05:31
but on the other virtual environment
00:05:35
so i've been local temp
00:05:38
[Music]
00:05:39
and it created a bunch of so apparently
00:05:41
at some point it's creating and deleting
00:05:43
these files but they are random
00:05:45
letters and numbers so close it
00:05:50
let's start watching the process because
00:05:53
if this is doing something malicious
00:05:56
probably only isn't super welcome
00:06:01
so let's see if there's any weird
00:06:04
processes
00:06:06
that's dcc could be normal
00:06:10
i'm not an expert on every process in
00:06:12
the windows system just
00:06:13
just a lot of them a lot of service
00:06:16
hosts
00:06:16
toss coast vga vmware
00:06:20
owen just bloody this is rubbish
00:06:24
[Music]
00:06:26
yes winzip you are complete garbage you
00:06:29
are the definition of crapware
00:06:31
hate wins it i've hated it since i was
00:06:34
in l or middle school and it was there
00:06:37
evil okay so
00:06:41
so far we have not found any evidence of
00:06:43
dishonesty
00:06:45
although i cannot understand what these
00:06:47
files are for they don't
00:06:48
oh maybe they do okay okay
00:06:51
why i think it's just weirdly written
00:06:56
software
00:06:58
although these registry keys
00:07:05
the other possibility is it is vmware
00:07:08
because the most the smartest trojans
00:07:10
what they'll do
00:07:11
is they will create vm aware malware
00:07:15
that instead of what most vmware malware
00:07:18
does which is just not do anything in
00:07:20
the virtual machine
00:07:22
instead this type of vm aware malware
00:07:25
will hide and it will just operate
00:07:28
normally
00:07:28
it just won't execute the malicious
00:07:30
payload but the rest of it does execute
00:07:33
so let's try to find more auto quicker
00:07:35
[Music]
00:07:36
we go to order clicker free
00:07:41
let's see what we find free mouse
00:07:43
clicker this could be a virus
00:07:46
weird-looking ui seems kind of kind of
00:07:51
fake download but that's just grammar
00:07:55
no we don't want to start a pdf software
00:07:59
let's also give this one a virus total
00:08:01
because maybe they're right
00:08:02
oh this is still looking pretty good
00:08:05
well you've already executed it so if it
00:08:07
did anything it's done it
00:08:10
okay cloud like these are not super well
00:08:13
known secure age
00:08:15
apex is something that many people
00:08:18
on my video on my last video commented
00:08:21
and saying that this is useless
00:08:24
false positive so
00:08:28
yeah so secure age apex apparently
00:08:33
has had some sort of looks interesting
00:08:38
so his laptop has become slow
00:08:42
is it a bitcoin miner
00:08:51
so it must have been some sort of
00:08:54
so it buried itself in windows and
00:08:58
that's incredible yeah it was obviously
00:09:01
some sort of bitcoin miner
00:09:05
so what i think is happening
00:09:09
that's an ai it's not very good it's
00:09:10
completely rubbish but
00:09:12
so i think that one it was some sort of
00:09:14
boot kit
00:09:15
and sometimes they can reinstall
00:09:17
themselves they can survive windows and
00:09:18
stalls
00:09:19
if they're able to get into the right
00:09:22
places if you
00:09:23
don't format the drive it can hide out
00:09:26
in windows.old which windows will still
00:09:28
look at and
00:09:29
probably it figured out how that process
00:09:31
works
00:09:32
and came back from the dead okay let's
00:09:36
try
00:09:37
so far so good so far our auto clickers
00:09:39
are legitimate
00:09:40
so to the viewer who sent this question
00:09:43
i strongly recommend using malwarebytes
00:09:45
not windows defender which can be quite
00:09:46
ineffective at
00:09:48
catching actual malware and
00:09:52
not paying for it you don't need the
00:09:53
paid version all you need is the scan
00:09:55
you don't need the real-time protection
00:09:57
all you have to do is scan
00:09:59
your full scan of your pc just go here
00:10:01
and want to do advanced
00:10:04
and we want to be scanned now actually
00:10:05
we just want to do the regular skin
00:10:08
and that will go through and that will
00:10:09
find any problems
00:10:13
hopefully it's not nothing is perfect
00:10:18
no okay these are all
00:10:21
so opi auto clicker is very popular
00:10:25
i can't comment on if there is a
00:10:26
malicious version but i i think it's
00:10:28
real
00:10:29
free roblox i want a free roblox
00:10:35
so can i i can get free robux and
00:10:39
this looks like some kid's video this is
00:10:41
probably not malware
00:10:45
sometimes malware can be really
00:10:46
disappointing like sometimes it's
00:10:48
everywhere
00:10:50
pre-private auto clicker release
00:10:53
how to use the best free autoflicker
00:10:57
forge auto clicker it's interesting how
00:10:59
they're all on sourceforge
00:11:01
like all of them
00:11:04
so here we go let's install this one
00:11:08
no complaints about the real one
00:11:12
i know it's really a virus it'll
00:11:14
probably get more hits on virus total
00:11:18
but we don't oh
00:11:22
that's weird that
00:11:25
that's sketch most legitimate software
00:11:29
does not come in a one file zip
00:11:33
it's kind of a weird place to store
00:11:35
legitimate software it's a great place
00:11:37
to store malware
00:11:40
okay so this one
00:11:43
seemingly virus total has never seen
00:11:45
before which makes it all the more
00:11:46
exciting to see
00:11:47
whether it will turn out to be malicious
00:11:50
oh
00:11:52
heuristic agent
00:11:55
trojan generic okay
00:12:00
so secureage apex is seemingly attacking
00:12:02
a microsoft
00:12:04
yeah if microsoft is hitting it
00:12:08
you know a lot of people ask me do i
00:12:09
disable windows defender no i do not i
00:12:11
don't need to microsoft is horrible at
00:12:13
catching
00:12:14
as is most antiviruses like i i'm not
00:12:16
going to recommend one
00:12:18
what i recommend is common sense and
00:12:20
caution because
00:12:21
none of these programs are perfect some
00:12:24
have really like bit defender is one of
00:12:26
the
00:12:26
most reputable casper ski is that here
00:12:29
is that
00:12:30
anything oh undetected
00:12:33
so how about we find out if this one is
00:12:38
and judy boxes ready so
00:12:41
details nothing
00:12:44
nothing overly you know set up oh that's
00:12:47
interesting because the redditor who
00:12:49
pointed out to the virus they said there
00:12:51
is used inno setup
00:12:53
so give it a moment just to see how the
00:12:57
jujubox is going to
00:13:00
catch anything
00:13:04
so i don't think we can
00:13:08
no winzip is completely useless i
00:13:11
hate it really there is nothing more
00:13:14
useless than winston let's see what
00:13:15
malwarebytes
00:13:16
says this is
00:13:21
nope
00:13:26
oh small screen though doesn't like it
00:13:28
but okay let's just run it anyways
00:13:34
install from me only
00:13:39
okay this is super sketchy
00:13:46
are we even gonna get an order oh
00:13:50
that's that's no that's a nope that's
00:13:56
flynn's forge this is such a weird
00:14:00
software okay
00:14:04
flynnforge.com you know maybe
00:14:08
that's such weird software
00:14:13
okay let's go hunting see if we've got
00:14:16
any
00:14:17
if this one is not malware i'm going to
00:14:19
give up on this concept and just assume
00:14:21
that
00:14:22
most auto clickers are in fact safe and
00:14:25
the malware in that case was probably
00:14:28
already installed on our user's computer
00:14:30
which is quite common that the malware
00:14:32
either he found a malicious link for
00:14:35
legitimate software which does happen he
00:14:37
may have ended up on a different website
00:14:40
or did malware already that may have
00:14:44
slipped more malware into his installer
00:14:46
that's quite common
00:14:48
so okay let's go to app data let's take
00:14:50
a look
00:14:52
you want to go up i want to go to local
00:14:55
because this is where the juicy stuff
00:14:58
this is where the sneaks are gonna be
00:15:02
something there's something hiding in
00:15:05
here
00:15:07
it's oftentimes gonna be i'm gonna be
00:15:08
useful i'm gonna sad no
00:15:13
low actually yes let's check local low
00:15:17
nothing too interesting
00:15:21
let's also do folder options or file
00:15:24
explorer options as they're now called
00:15:25
which
00:15:25
actually makes more sense but i'm still
00:15:28
upset about it because it was one way
00:15:30
for so long
00:15:31
then they're like oh you know what you
00:15:34
didn't actually want it to be that one
00:15:35
way that we'd all agreed it would be
00:15:37
no you're happy with it now
00:15:41
so nothing too interesting virtual store
00:15:45
one zip micros malwarebytes
00:15:49
so i'm gonna i'm gonna rate inconclusive
00:15:51
i strongly
00:15:53
do not recommend installing
00:15:57
any of this rubbish because you don't
00:16:00
you really you never know what you're
00:16:01
getting
00:16:03
i think there's one commenter in the
00:16:05
reddit thread pointed out the most
00:16:07
secure way to use an
00:16:10
auto clicker for whatever video game
00:16:13
cheating desires you may have
00:16:14
is to instead of doing this
00:16:18
just use auto hotkey and write a script
00:16:20
that's what i would recommend doing
00:16:23
i can say from what i can see not a
00:16:25
comprehensive thing
00:16:26
this one op auto clicker looks pretty
00:16:29
safe
00:16:30
don't quote me on it but i think you'll
00:16:32
be fine with that one so this is going
00:16:33
to be
00:16:34
all for that video i hope hope you enjoy
00:16:36
it and i hope up to the commentary i
00:16:38
hope this is helpful
00:16:39
if you're wondering if it's legitimate
00:16:40
or not you know
00:16:42
i'm gonna focus on my bakery now bye
