- Joined
- Sep 13, 2022
- Messages
- 11,231
- Solutions
- 5
- Reaction score
- 33,067
- Trophies
- 7
- Website
- m4x1mumrez87.neocities.org
- XP
- 30,938
- Country

The most popular tool used by millions to install an OS through the network, called "iVentoy," has been recently updated to include unsafe kernel drivers for Windows-based operating systems. Inside of the archive for Ventoy is a file called "iventoy.dat" located in the "data" folder containing most of its distribution files that it drops. Once it is decrypted in conjunction with a Python script and unpacked, there have been huge red flags detected by major anti-viruses and online cloud scanners such as VirusTotal, labeling the files as 'HookSignTool' and 'Riskware.FakeCert,' even going as far as to label it as a 'rootkit.'
The following malicious files are as follows:
Source (mirror)
The following malicious files are as follows:
- iventoy.dat.xz\iventoy.dat.\win\wintool.tar.xz
- iventoy.dat.xz\iventoy.dat.\win\wintool.tar.xz\wintool.tar\wintool\64\httpdisk_sig.sys
- iventoy.dat.xz\iventoy.dat.\win\wintool.tar.xz\wintool.tar\wintool\32\httpdisk_sig.sys
- iventoy.dat.xz\iventoy.dat.\win\vtoypxe64.exe
- iventoy.dat.xz\iventoy.dat.\win\vtoypxe32.exe
Important sidenote:
To make this clear to anyone to avoid confusion. Ventoy and iVentoy (PXE) are two separate programs! You can continue using Ventoy without any problems for now, except iVentoy. I would, however, still proceed with caution just in-case.
To make this clear to anyone to avoid confusion. Ventoy and iVentoy (PXE) are two separate programs! You can continue using Ventoy without any problems for now, except iVentoy. I would, however, still proceed with caution just in-case.
Last edited by SylverReZ,







