It's never been confirmed by hard evidence, but here are all the peaces we know:
1. Storm installed the addon. Afterwards, he started spamming, sending garbled messages etc. He claims not to have sent them himself, and AhmedStar admitted to having typed some of those messages
2. The addon is detected by some, but not all, antivyrus engines. The type of vyrus has been differing, and I don't know the exact names.
3. It is all compiled, and the fact there is a special tool on AhmedStar's website to remove it, is troubling. It hooks very, very deep into your system, which shouldn't be necessary.
There are probably more, these are just the ones I remember. So is this addon a virus, probably. There's just a tiny chanse that it is not
And no, the code can't be examined, only the code which bridges nvda menu's and switches synths is available, the rest is all closed source. You could disassemble them, but that would take ages, and noone is going to but in that much work just to confirm what most people already believe.
And here is the saddest part. How are you going to remove a virus, that might be undectable by av? If I were Ahmed, I'd make sure I had multiple viruses with multiple startup methods, so it'd be nearly impossible to remove. You can only be truly safe if you download windows media on another pc, create install media with that same pc, turn off your infected pc and boot from usb and do a full reinstall.
Roel
golfing in the kitchen