quote:
Originally posted by Spazy
i have scanned the file with 3 different programs, it cant find anything, though yeah i probably need to install it before a scanner works.
Virusscanners will rarely detect such stuff as a threat!
It is a major misconception that many people have about virusscanners (
unfortunatly, yet another example of this here). Virusscanners can only detect 'real' virusses created by real hackers if you know what I mean.
They very very rarely detect malware created by script kiddies like this because such stuff is created using simple common instructions and logic which so many legit programs use.
A scanner would only detect it if it was, for example, made by some known trojan/virus SDK using some known programming patterns or variations on it. Or if the malware was submitted to one of the major anti-virus companies and deemed a threat.
As such, imho, malware like this is even more dangerous because scanners will most likely not pick up on it. This is exactly the same for extremely many Messenger malware which is floating around and the cause of so much hacked accounts.
A virusscanner is just a simple first defense against malware. It is not at all an absolute protection. For stuff like this there is one golden rule: if it sounds too good to be true, it really is...
quote:
Originally posted by matty
I wonder why the app is calling GetAsyncKeyState... keylogger maybe?
After looking a bit at the VB project source (see below) I actually doubt he is capable of programming something like that. I think the GetAsyncKeyState API is rather called from VB's own functions. eg: to detect the hotkey from a button. IRC, that API is also called nativly by VB in the MouseMove event (to get the state of the mouse buttons), ...
--------------------------------------------------------------------------------
Anyways, I had some time to spare and attempted to decompile the program myself.
And looking at the results, it seems that we overestimated this guy's capabilities to code.
As such, I strongly doubt there is a keylogger build-in or a client/server method. I think
Menthix is correct by suggesting this might simply be a money making scam.
The decompiled Visual Basic project is attached to this post. You can clearly see how the thing is created (shitload of timers and everything is hardcoded). I wouldn't even be surprised if this is also the exact same program which is used to create that fake YouTube video because it think the program first tries to find some files (the premade videos?) and if it can't find them it will show the "Error loading contactlist", or something like that.
PS: the program is signed with the company name 'Wiesehahn Media'. Looking a bit around for that name and you'll find some dodgy Messenger related sites which are full of crap tools like this (
I strongly suggest not to use any of their stuff - many stuff is fake/malware). Looking a bit around on those sites and you'll come across many tools made, or at least designed by a
'M. Wiesehahn'.
btw, it's funny how the contact '
Barry' from that YouTube video (around 2:25), looks extremely similar to the Facebook user Wiesehahn.