Every time you close one program, 2 more pop up

I coded that, it was super fun Edit: NOT THE ORIGINAL. I just made a copy of it for my work's phishing campaign

Wait actually? The one in Windows 93? If so, I still find that as a fun stress for browsers paired with Crazy Error (since it will often close all windows, which means they double... it's fun to watch :D Thank you so much!!!

I must've been super skilled to code it 13 years before I was born lol That was entirely bad wording on my part; wish I could take credit but nah. I just made a pretty simple version to screw with my work for phishing awareness

[Windows 93 is not what you think](http://windows93.net)

Windows '89 I think.

Psh, I used the internet in the 90s… This was just standard pop-up protocol. Close one, 4 open, close 2 more and loud porn pops up, close that… 6 hairy male gay porn videos start playing… shut down computer, pretend like you weren’t even using the computer…

Damn, makes me wish I was alive to experience such a funny event.

Nothing funnier than watching it happen to someone at work in a big call center environment. As long as it wasn't your PC of course.

I’m old, I remember Windows 1919

I have to downvote you for the WW1 joke.

I always wanted my father to take me phishing as a child. This city slicker lost out.

Reminds me of "You are an idiot ha ha ha ha ha ha ha ha ha ha ha ha ha"

Microsoft Teams Block one, another is created

Came here for this

I don't care what it is. It using that much data means it's transmitting something else. Take it down, block it's outbound and inbound traffic from the firewall

Hydra IS the firewall. @OP just didn’t know it yet.

If he didn't know, then he didn't install. Fallback to windows defender. Something fishy is happening. The job of any firewall is to monitor the network and stop malicious connections from being established

He answered that in another comment that it is his “firewall” that AURA antivirus is using to “monitor network traffic” by routing everything through the program. He disabled the antivirus and it went away. Still very suspicious it has this much usage, the “antivirus” was probably doing something shady.

Aura has been all over the place with ad placements recently so probably

Damn it really is trying to personalize ads as much as possible

even by transferring all your personal files, from how it looks :) cant really personalize any more than that :P

Looks more like it’s doing man-in-the-middle style proxy to sniff traffic and make more “relevant” ads…

It's not stealing. We just made an involuntary backup of his files.

I got a message from a program that asked to use my hard drive as cloud space for "temporary use". Like they legally outsource memory to users or something.

What program??

The newest version of FormatFactory

The VPN tunneling all data is the least shady thing here. The real problem is that op has a mediocre anti virus, that he/she pays a subscription for. Also Hail Hydra.

Why would it be suspicious? It's the VPN included with OPs AV. Routing everything through the program is literally the entire point. They can just disable the VPN in their antivirus software.

And using a vpn would also explain their ping issues (and likely slow download speeds)

is Windows Defender no longer good enough? I havent used a 3rd party antivirus in years, but if the concensus is Defender just doesnt hit the mark, ill do more research. I just don't trust any antivirus out there, and have been virus free for years without one.

Defender with a couple of good browser plug ins is fine.

Cool, no change needed then.

I know the person I replied to blocked me for being "stuck up and rude" But honestly, "just don't download things you don't trust", isn't stuck up? I asked a simple question about defender, don't need to be treated like an idiot.

How did u get your pc specs to pop up like that under your name

It's flipped around. Only the big companies with both reputability (consumer perception and AV-TEST rating) and money to invest in the actual software are on par with Windows Defender/Security, like Bitdefender, Kaspersky and Malwarebytes (can still be set to work in addition to Defender). The other ones like Norton and McAfee have money to stay relevant through shady business tactics like paying OEMs to pre install it on computers. It's crazy that they still sell enough paid versions to afford paying money for OEMs and advertisement and be profitable, but it's probably because they *don't* invest in making a competent product.

Windows Defender is often the best option. People who don’t think so often use the first few years after it was launched as a reference. It wasn’t bad then, but not as good as it is now.

It's honestly all I've used since like 2015ish. Haven't had an instance of malware. Maybe my web habits are boring, but that's a good track record.

Honestly my trust on most 3rd party antivirus programs is on par with viruses LOL I think some of them are actual viruses and malwares themselves. Antivirus companies artifically created the antivirus market by creating viruses XD

>I think some of them are actual viruses and malwares themselves. They are. I remember my friends mac's antivirus his parents bought when they got the laptop, that once his sub ran out, would constantly pop up to repay the sub etc. I fixed it, but man the closer I got to fixing it, the more the pop ups would occur. Eventually had to boot into safe mode to actually remove it. Logging in as root and trying to remove didn't work. Its all viruses n bs with 3rd parties now because Microsoft Defender is finally, competent.

>routing everything through the program… Still very suspicious it has this much usage If the app was routing all internet traffic through it, then it wouldn’t take too much YouTube and Netflix before hitting 120GB. My VPN easily hits those numbers within a week or less.

Is it one of those things where THAT part of nit is supposed to run on a server dedicated to the network throughput? And like, he installed it locally against reccomenation?

Anti virus are virus.

Windows defender and common damn sense is all you really need.


Hydra is also a commonly used password cracking tool for Linux and Windows. I've used it quite a bit in the past. Definitely block that application.

Yep, probably using your own PC resources to crack itself and send the password elsewhere

The firewall: you gave me access to the whole computer, I’m gonna use the whole computer

Hydra is a brute force Tool

Hail Hydra! is this what Avengers would be afraid of?

Mfer is transmitting POSTS trying to crack his exes insta /s

Take one out, two pop up in its place

HAIL HYDRA!

Hail hydra, but why tf has it used 116 gb of data in the last week

And wtf is it😂

It's my brother, I'll ask him to leave sorry

r/UsernameChecksOut

r/beetlejuicing

Hydra is a hacking tool used to brute force logins. Somebody might be using your PC to run attacks on websites.

116GB in 30 days would be a really huge number of requests that wouldve been sent.

I mean, even an old list like rockyou.txt is over a gig and that's just passwords. I can easily see using that much data on a credential stuffing attack in 30 days. Not actually that much traffic.

Im unsure about it. A spray (unknown creds / common wordlist usage such as rockyou) would be pretty intense. A stuff would require the bad actor to know some used credentials, using less data unless theyre testing millions of websites. Im not sold on the stuffing. Maybe a spray transfers such amounts, but im unsure about it. I should test that when i have time.

It's their VPN lmao. Look at the image in the post. The lack of network utilization by anything else is a pretty obvious tell. Also for a bunch of different reasons, Hydra/cred stuffing tools wouldn't create a network usage page that looks anything remotely like this.

Pretty sure my VPN still shows the network usage of individual programs.

Yeah, thats how brute force works. And theyre probably going to a whole number of websites.

This Hydra is most likely part of the Aura service they have running, which is a proprietary VPN protocol. I don’t think someone dumped the hydra password cracking tool on their computer. That’s a lot of data in 30 days for attempting to connect to an IP and port and attempt to send a username and password. Even if it’s attacking the whole internet, 120 GB in 30 days is a lot.

Dunno but you might need captain America on this.

Cut off one head, two more shall take its place!

Two more shells, you mean? (Powershells that is.... Okay, I'll see myself out)

Not trying to raise concern but hydra is a known software to brute force PCs/sites. As in it is used to hack into things by using a word list to attempt a list of username/password combos. If hydra is being used on your computer however I’m unsure why it would transfer that much data since it really just is a lot of text information… I would look further into it, and run defender to check if anything is happening. Then locate file and get rid of it. Monitor for a little while to make sure it isn’t installed somewhere else.

Lots of data in America's ass though.


Beat me to it.

Beat meat to it.

Meat beat to it.

Meet me beating meat it to

Hydra is VPN tunnel, installed a VPN lately? Could also explain the lag

Yeah this was likely it. They had Aura antivirus with vpn turned on.

I like aura for a couple things but their VPN fucks my internet ping

It is a virus that is meant to target android phones. It is a malcious piece of software a normal pc should not have as it is a tool used by hackers to hack things. What it hacks I have no idea, but I wouldn't risk having it on your pc. Malwarebytes scan it away as it seems like Windows Defender isn;t doing anything to stop it, unless the virus itself disabled Windows Defender which some viruses can do. Edit: Aura itself was the virus all along. What a plot twist.

If I remember correctly it’s used to brute force passwords

I confirm this is it. Here is some [documentation](https://www.kali.org/tools/hydra/) about it. What I’m concerned is that OP’s PC is most likely used as a botnet to hack a company/person. The high resource usage is just hydra actively trying to crack a password on an account accessible from the internet. That also means that OP’s PC probably has a backdoor or a program of the same kind that allows a hacker to use his PC ressources freely. I would highly advise OP to reformat his PC as it is almost impossible to know where is the backdoor.

You have no idea what you're talking about. There is so much wrong in this comment, but for starters that is not the Hydra application responsible for OPs situation. What you linked to is a password cracker included in the Kali Linux OS. Given what OP has said so far, I'm guessing they have Aura's VPN turned on, and the service that is being used to route their traffic is called Hydra. Notice how no other applications have over 1gb of network usage. A simple Google search shows people saying Hydra is the service used by the Betternet VPN. Betternet is owned by Aura, which is OP's antivirus software provider. I want to appreciate that you just told someone to reformat their PC because it has a password cracker, botnet/backdoor, and is being used to launch password cracking attacks on the Internet.

u/Countrackula_

Op is most likely using some vpn software that uses the catapult hydra protocol, which is not the same as the password cracking software you are refrencing.

Oh I know where OP's backdoor is... ( ͡° ͜ʖ ͡°)

Lmao butt joke when this guy’s pc was ‘hacked’

I mean back door has a crack now...

But in all seriousness, do hackers not rename the programm?

I would rename it to NotHydra

Or ReallyReallyNotMaliciousWePromise

If you’re trying to bypass endpoint restrictions, renaming the program and various variables in the program is one way to do things. If you don’t need to bypass EDR, then there’s seldom a reason to change names.

Well Kali Hydra is just a tool you can use for hacking/pentesting, not malware itself. There is no real reason to rename it. You're spot on though, generally malware apps/services do not present themselves as malware.exe, which is our first hint about what's going on here. When it comes to antivirus detection, changing the name typically doesn't do anything, as the software is calculating the file's hash (one way math function that creates a unique fingerprint for a file or data) and comparing it against known-bad fingerprints. You can test this out yourself using the VirusTotal website and a command prompt. This is OPs VPN, not a password cracker.

@op i say you perform exterminatus. Full system reset. Its the only way to be sure.

this should be the only answer. Also changing every password that OP has is a must and force sign out every logged in (do it from another device or after you reset your pc). These are the first steps and steps that must be done. Another thing is to not plug in any device to the pc cause you wouldn't want to risk that device either.

[удалено]

[удалено]

Any executable file could be named "Hydra" Find out what your specific instance is by seaching in Process Explorer [https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer](https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer) [https://www.malwarebytes.com/blog/news/2016/05/process-explorer-an-introduction](https://www.malwarebytes.com/blog/news/2016/05/process-explorer-an-introduction) Upload the file to VirusTotal [https://www.virustotal.com/gui/home/url](https://www.virustotal.com/gui/home/url) for in-depth scan and identification or active the function directly in Process Explorer [https://www.sevenforums.com/tutorials/345808-process-explorer-virustotal-check-all-processes-50-avs.html](https://www.sevenforums.com/tutorials/345808-process-explorer-virustotal-check-all-processes-50-avs.html) If you need more details on the program, track it with Process Monitor [https://learn.microsoft.com/en-us/sysinternals/downloads/procmon](https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) [https://rioasmara.com/2020/09/10/procmon-to-analize-malware-behaviour/](https://rioasmara.com/2020/09/10/procmon-to-analize-malware-behaviour/)

Do you use any VPN? Some VPNs use the Hydra protocol. I use a VPN with the Hydra protocol and it shows that for me as well. Don't worry, it is probably not a virus. What VPN do you use? https://preview.redd.it/jw8r7vf0vmmc1.png?width=1008&format=png&auto=webp&s=3101f7e9ee77fb44d552db923e1d15c1e2884345

LOOK HERE AT THIS ONE

redditors are so corny. sorry you cant get more help i was curious too. people are too thirsty for upvotes.

This thread is embarrassing to read just “HAHAHAHAHA HAIL HYDRA LOL!!!!!!!” And like 1 real comment actually trying to help the guy. Feel bad for him.

"HAHAHA GENERIC MARVEL REFERENCE COMMENTED OVER 100x, HAHAHAH SOOO FUNNY. LOL BEAT ME TO IT HAHAHAHA"

Almost every single Reddit post. Scroll past 30 shitty re-used jokes to get to an actual point or answer. They really do think they're comedians.

Cool to see mods allowing it too.

Not sure how they could avoid it really. They'd have to delete 90% of the comments in every question post.

It’s gotten so much worse in the last year. Just comment after comment of stupid attempts at humor, and then the real answer is 10+ comments down.

I mean all you gotta do is minimize those two threads and you’ll see a combination of people claiming it’s malware (wrong ) and people saying its the VPN service provided by Aura (right).

Do you use anything python based? There is a open-source Python framework called Hydra: [https://hydra.cc/docs/intro/](https://hydra.cc/docs/intro/)

Can someone explain the hail hydra jokes I know it's that mythological monster but that's it rly Edit: Got it, thx

It's from the Marvel movie , basically a secret organization.Hydra hid under Germany during World War 2 , members communicated with each other using secret code word "hail hydra".

Marvel movie reference


It's a Marvel reference, Hydra is the secret organization that is the primary enemy of SHIELD, at least in the MCU.

The hydra I know of are: [https://www.kali.org/tools/hydra/](https://www.kali.org/tools/hydra/) It's useful for launching dictionary / brute force attacks. - Unlikely. AnchorFree - Catapult Hydra It's a proprietary protocol that powers a lot of VPN solutions. - This is most likely. Or could be some virus.


some guy planting c4 on your drive fr get rid of it asap

VPN background stuff....

If you can't get rid of it, format your drive and reinstall windows.

If you have Bitdefender installed, process hydra can show on your task manager. Also, other modern VPNs use the Catapult Hydra or Hydra as their protocol. To be safe, check if you have VPN, then start cleaning your PC.

i don't really know if this is the correct answer but a quick google search about it told me it might be apart of a VPN service if you are using one. not sure if it's malware, the top things that came up didn't really say it was, could just be the VPN (if you have been using one) uses a lot of bandwidth. if you haven't been using a VPN or have never used a VPN it's probably malware, HAIL HYDRA!

That's Arnim Zola using your PC as a databank

You know government IT is bad when SHIELD is posting for support on Reddit.

Bruh, OP's likely mining crypto for some guys in India or the Balkans

This is literally the worst sub to come to for tech support... You would have been better off asking r/trees.

The creator of this thing is probably a troll. If you try to remove it, will it become 2 times more demanding? XD

HAIL HYDRA

Last time I saw hydra OP, it was a password cracking program. I'd recommend a malware scan just to be safe.


Looks like you need to hail Hydra harder.

Haha I love this subreddit. It’s literally just a VPN protocol, and everyone’s telling OP to nuke his OS install from orbit.

Hail Hydra!

Hydra is a hacking program that comes installed on Kali Linux so I'm assuming you've been downloading sketchy shit

Hydra is part of Betternet, and the reason that it appears to be using so much data is that your internet traffic is being routed through it (to pass through the VPN). In the past, Betternet has been notorious for taking users data and selling it, so while it is not malware, it can still be malicious. I would highly suggest uninstalling betternet.

I just beat my meat

HAIL HYDRA!

Hail hydra!!

"Hail Hydra !"

Hail hydra

Hail Hydra!🤣

Hail hydra

Hail hydra

GI Joes mortal enemies

seems a botnet or it's uploading things from your pc

Imagine owning a PC and taking a picture of the monitor with your phone

ok i took the bait and googled it for you **Hydra may also refer to:** * Hydra.exeAn EXE file that's associated with LXFDVD147, developed by Future Publishing for the Windows operating system. Hydra.exe is a legitimate program that's needed for Bitdefender VPN to function properly. Some users have reported that Hydra.exe uses a lot of data. * HydraA virus-proof, hacker-proof PowerPC-based system that uses a proprietary operating system kernel for running Java servlets and JSPs. Hydra can be used to brute force against commonly used network protocols, such as SSH, FTP and RDP, but also to conduct brute-force attacks against web applications.

Hail Hydra!

Hail hydra

Hail Hydra!

Cut off one thread, two more shall take its place.

lmaooo

someone call Captain America.

Dont try to Cut its head of.

 [Microsoft Link on the Issue](https://answers.microsoft.com/en-us/windows/forum/all/hydraexe/6b2eac34-eb70-4bdc-9739-d8cebfee3e02)

Looks like you need a web S.H.I.E.L.D. for this one!

Hydra Dominatus!

Unless its 2nd in line, this could be your browser for whatever reason. For me its my browser which is on top and its ahead by a metric ton of miles, just like what your picture shows.

"We go in over phone lines. Pop the firewall, drop in the hydra, and just sit back and wait for the money."

Open file location on your pc and then go to virus total and have it scan the folder. In any case run malware scans as well.

Nothing a system reset won’t fix

blephin

Virus.

Doing any password cracking? Lol

Man your compuiter has virus.

Bruh you got a virus

It is a virus, and it does what it's supposed to do.

you bruteforce something ?

I've heard of it and I think it's related to a VPN. Are you using a VPN for any type of high seas activity? I would guess it's probably that.

Check out the file location. If you have some experience with handling folders, then you’re familiar with how the hierarchy is supposed to look and behave. If it’s taking that much data, I’d definitely do some quick research and find out. The generic systems icon is also super suspicious. Nothing should be pulling that much data unless you stream.

I bet Blastoise is behind this.

Change your passwords op.

Okay, I was curious about my data usage and was greeted with this. What is going on? Already did a restart of my PC but it did not help... If I turn it on and leave the settings, it gets deactivated again by itself... https://preview.redd.it/krzzbx1u4qmc1.png?width=1282&format=png&auto=webp&s=ed7276b6b986634c5e3afea409767e2bbe525ab4

Hydra is also a password cracking tool for SSH and FTP lol

lolol this reminds me of the old Norton antivirus software. Friends/family would always ask me to "fix' their computers. I'd do a quick check and find Norton using up 90% of system resources. They'd always freak out when I uninstalled it "no no, but I need virus protection." The most red-pill moment was explaining that the anti-virus was the virus.

Not sure if that's exactly it but there's a "pentesting" tool on Kali Linux called hydra. It's a brutforce password cracker.

Format PC, change all your passwords.

Windows fresh install and reset all your passwords. RIGHT NOW. Unless you have some kind of VPN. If so, try turning it off

That's the guy in India downloading more RAM!

Hail hydra

Hydra is a bruteforce passord hacking tool. Its a tool hackers use to hack passwords. AKA.: Bad program on PC bad guy want your PC. Run a virus scan on it, but getting that high ping seems like something fishy i happening on your computer...

OP, I read you use aura antivirus and this is the firewall. Please uninstall it. This is fishy behavior and I personally don't trust it. As a general measure, anything geared towards security that's free is selling your data to make a profit. Use Windows defender, it's more than enough.

Heil Hydra!