2018-12-31 17:42:24 (edited by sunshine 2018-12-31 18:03:32)

@42, I really don't understand the point of you becoming that much confrontational. agreed, we don't scan each and every program we download, but how many programs do we get alerts for, except for those which are written in bgt scripting language, which in itself is a whole different matter? answer: almost none of them. is this program written in bgt? I really don't think so. if it's written in bgt, then of course, those alerts make sense. but then, it's highly  unlikely, too, not because bgt in itself is a scripting language made for games, but because of it's networking limitations. so, if you decide to use it, use it. if you decided to post it here, no problem, either. but if it's malicious in it's intent, then it doesn't really make sense for you to tell the people, who are more experienced and have  more knowledge about the Cyber-security than you, and  who are trying to, indeed, make the community aware about the threat to "go get a life and be real, come down to Earth". how about you confront the developer of the program, and demand an explaination for these alerts first, and then get back to us with his reply?

2018-12-31 17:51:52 (edited by jack 2018-12-31 17:59:22)

And @42, what do you stand to lose? You're not even a developer of this software, you're just a user. So, one of two outcomes.
1. If you yourself fell for this program, well then I will say while no one necessarily deserves that absurdity directed at them persay, you should've read what we've been saying, and if you are confused, just ask.
2. If you're friends with ahmad Star and are in kahootz with him and are knowingly being his liaison then shame on you. Judging by your confrontation attitude in post 42, that does imply a bit of bias towards him, but prove me wrong and I will gladly eat my words.
Notice how I picked both possibilities, so as not to jump to conclusions.

2018-12-31 18:15:04

warning! I have not! and will not! for I have no need for such utilities, download it. but, let's assume for a second, it has no viruses. or let's assume it does. it doesn't really matter, at least, not for what I'm about to ask. has anyone noticed that NVDA add-ons such as speech master, or hell, even blind extra requested firewall access? I'm far from being a security adviser, hell, uh, I'm running my win7 without antivirus (don't judge) but I know this much. firewall only pops up for incoming connection. and I never allow such apps through mine, ever. so there are a few questions we have to ask ourselves.
1) does media extra require firewall access? 2) if it does, why does it?
3) did you guys allow it?
4) if one doesn't allow it, can the guy still get one's details? that last one, I'm absolutely clueless of, but would be interested to learn of. as for the antivirus bullshit, I won't go into that. everything flags BGT, hell, even things like oh shit were flagged. at one point, think it was avast or AVG, deleted some part of JAWS, leaving it in an unusable state. we will not know whether something is a virus or not, at least we won't know that for 100% certainty. but let's see about my firewall point, if anyone can tell us whether that pops up or not.

2018-12-31 18:31:06

I agree with what everyone has said. I have written programs in Python (which this program is written in) and have never, once, received a notification from any antivirus programs I've used or run them through that "hey, this is a virus....". I can see how the packing would cause the antivirus software to consider it harmful, but all the software has to do is look at the files the program is extracting to determine what itsdoing. I ran the program in a sandbox, in fact. (Surprisingly, NVDA was able to inject itself into the sandboxed program, which may or may not be a security risk to the system, since if a program managed to inject itself into NVDA,it gets access to the rest of the system; but that's presupposing that this program is capable of breaking out of the sandbox in the first place.) I noticed no unusual or strange behaviors, but I did not run it for a long period of time, perhaps about 1-2 minutes. (I even installed it in the sandbox, to ensure 100-percent complete isolation, in case the setup file contained malicious Pascal code.) What I found, upon exploring the sandbox, was... interesting to say the least. In summary:
* This program was written in Python 3.6. I don't know the patch version.
* The program had the following programs that it seemed to be a wrapper for in its installation directory:
1. ffmpeg, A complete, cross-platform solution to record, convert and stream audio and video.
2. ffprobe, apart of ffmpeg, which gathers information from multimedia streams and prints it in human- and machine-readable fashion.
3. youtube-dl, a command-line program to download videos from YouTube.com and a few more sites.
Strangely, I also found a plugins and locale folder. The locale folders function was obvious to me, but the plugins folder was not. Upon examination, there were well over 30 DLLs and other libraries within that folder, with no obvious function I could determine. Searching the ffmpeg website, it has no concept of plugins, and neither does youtube-dl; in other words, those plugins were not for either program (and youtube-dl and ffmpeg were the only programs it wrapped, besides ffprobe, which is apart of ffmpeg). This makes me even more suspicious, and raises some interesting questions.
First, what are those plugins for? Is their source code available to the public? Are they well-known?
Second, why are those plugins there? Do they actually serve any function, or are they, in fact, malicious?
* Other than that, I found nothing odd (other than the fact that the program was written in Python 3.6, and uses pyinstaller, which is poor obfuscation practices if your trying to hide malware or other forms of harmful software, unless their contained in the "plugins"). Perhaps I'll reinstall it in the sandbox and attempt to decompile it and look at its code.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2018-12-31 18:33:30

You know what they say: If it looks like shit, smells like shit, and tastes like shit, then, well.
Not sure what the huge fuss is though. if people feel like downloading it and maybe infecting their systems, all power to them. it's their system, not yours. not so sure why people are so heated about it, I'd think a warning would have been enough.
I'll definitely be giving this one a pass, though, considering the guy's literally been caught out at distributing malware before and his response was to then frantically say he'd abandon the project, not abandon the project, abandon the project, and subsequently  delete a shit tun of posts off his website, which in my book is not particularly confidence boosting.

2018-12-31 18:55:56 (edited by Ethin 2018-12-31 19:08:16)

Update: I missed one program in post 54. It is:
* aria2c, The next generation download utility.
Curious why that's there too, since Python already has libraries for just this. Also, the program also seems to use libvlc, which is VLC Media Players library for streaming audio. Even stranger...
Also, just updated the sandbox to block all internet access. Loading the program yields... nothing. It doesn't even start. Which makes me think it was trying to send some kind of internet command or something when it started, but the sandbox prohibited it. I also have a full list of plugins, with the directories followed by the DLLs:
access
audio_filter
audio_mixer
audio_output
codec
d3d11
d3d9
demux
keystore
logger
lua
meta_engine
misc
packetizer
stream_extractor
stream_filter
text_renderer
video_chroma
video_output
access\libdvdnav_plugin.dll
access\libfilesystem_plugin.dll
access\libhttps_plugin.dll
access\liblibbluray_plugin.dll
access\libvdr_plugin.dll
audio_filter\libsamplerate_plugin.dll
audio_filter\libscaletempo_plugin.dll
audio_mixer\libfloat_mixer_plugin.dll
audio_output\libdirectsound_plugin.dll
audio_output\libmmdevice_plugin.dll
audio_output\libwasapi_plugin.dll
codec\libaes3_plugin.dll
codec\libaraw_plugin.dll
codec\libavcodec_plugin.dll
codec\libcdg_plugin.dll
codec\libcvdsub_plugin.dll
codec\libd3d11va_plugin.dll
codec\libfaad_plugin.dll
codec\libflac_plugin.dll
codec\libg711_plugin.dll
codec\libjpeg_plugin.dll
codec\liblpcm_plugin.dll
codec\libmpg123_plugin.dll
codec\liboggspots_plugin.dll
codec\libopus_plugin.dll
codec\libpng_plugin.dll
codec\librawvideo_plugin.dll
codec\libschroedinger_plugin.dll
codec\libspdif_plugin.dll
codec\libspeex_plugin.dll
codec\libspudec_plugin.dll
codec\libsvcdsub_plugin.dll
codec\libtheora_plugin.dll
codec\libvorbis_plugin.dll
d3d11\libdirect3d11_filters_plugin.dll
d3d9\libdirect3d9_filters_plugin.dll
demux\libasf_plugin.dll
demux\libavi_plugin.dll
demux\libes_plugin.dll
demux\libmp4_plugin.dll
demux\libplaylist_plugin.dll
keystore\libmemory_keystore_plugin.dll
logger\libconsole_logger_plugin.dll
logger\libfile_logger_plugin.dll
lua\liblua_plugin.dll
meta_engine\libfolder_plugin.dll
meta_engine\libtaglib_plugin.dll
misc\libgnutls_plugin.dll
packetizer\libpacketizer_dirac_plugin.dll
packetizer\libpacketizer_flac_plugin.dll
packetizer\libpacketizer_h264_plugin.dll
packetizer\libpacketizer_hevc_plugin.dll
packetizer\libpacketizer_mlp_plugin.dll
packetizer\libpacketizer_mpeg4audio_plugin.dll
packetizer\libpacketizer_mpeg4video_plugin.dll
packetizer\libpacketizer_mpegaudio_plugin.dll
packetizer\libpacketizer_mpegvideo_plugin.dll
packetizer\libpacketizer_vc1_plugin.dll
stream_extractor\libarchive_plugin.dll
stream_filter\libadf_plugin.dll
stream_filter\libcache_read_plugin.dll
stream_filter\libhds_plugin.dll
stream_filter\libinflate_plugin.dll
stream_filter\libprefetch_plugin.dll
stream_filter\librecord_plugin.dll
stream_filter\libskiptags_plugin.dll
text_renderer\libfreetype_plugin.dll
video_chroma\libgrey_yuv_plugin.dll
video_chroma\libi420_10_p010_plugin.dll
video_chroma\libi420_nv12_plugin.dll
video_chroma\libi420_rgb_mmx_plugin.dll
video_chroma\libi420_rgb_plugin.dll
video_chroma\libi420_rgb_sse2_plugin.dll
video_chroma\libi420_yuy2_mmx_plugin.dll
video_chroma\libi420_yuy2_plugin.dll
video_chroma\libi420_yuy2_sse2_plugin.dll
video_chroma\libi422_i420_plugin.dll
video_chroma\libi422_yuy2_mmx_plugin.dll
video_chroma\libi422_yuy2_plugin.dll
video_chroma\libi422_yuy2_sse2_plugin.dll
video_chroma\libswscale_plugin.dll
video_chroma\libyuvp_plugin.dll
video_chroma\libyuy2_i420_plugin.dll
video_chroma\libyuy2_i422_plugin.dll
video_output\libdirect3d11_plugin.dll
video_output\libdrawable_plugin.dll
video_output\libwinhibit_plugin.dll
I also just ran the program again in the sandbox. To my amazement, it was instantly and unceremoniously deleted almost immediately. That makes me believe that malwarebytes is now aware that it is, indeed, a threat.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-01-01 05:33:50 (edited by Slender 2019-01-01 05:48:03)

@56, Those seem to be, for the most part, VLC libraries, if it's using libvlc. A surprising number of plugins appear to have been removed, though. And @49, foo_youtube doesn't offer the option to download videos, though you can sort of download them by using the converter component. It seems there may be some quality loss in the conversion process, though.

Oh no! Somebody released the h key! Everybody run and hide!

2019-01-01 06:26:32

Yeah, I made it clear Foobar was for streaming but held other benefits too like parsing information from the youtube videos more accessibly.

2019-01-01 07:02:48

@57, I know their VLC plugins. But my question remains unanswered -- why is it using libvlc when libvlc is superfluous?

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-01-01 21:20:28 (edited by defender 2019-01-01 21:21:01)

With the amount of false positives that tend to get thrown by anti virus programs when scanning these types of hobbyist applications, where security is nearly always an afterthought, it's a very unsure thing weather or not their is a real threat.
Not to mention that their are some big names missing from that list of hits, and as Ethin showed, other common programs in our community get similar results (even if they aren't using BGT) though not, quite, to the same degree.
And with all the conjecture by those not officially educated in cyber security, or coding for that matter, their are bound to be tons of false flags turned up do to bias or simply lack of knowledge.


At the same time though, those with their heads in the sand, who simply keep repeating the mantra (I haven't noticed anything bad yet) aren't helping either.
If the program truly does contain a selectively activated remote access component and nothing else more obvious, such as a bitcoin minor or adware virus,then of course you wouldn't notice anything until the author decides to use it, and maybe not even then, if it's built well.


Honestly, until this thing provides something significant that Youtube DL can't, then I just wouldn't risk it personally, but by all means, if those people convinced that this guy is harmless want to be the guinea pigs, I don't think we should stop them.


Until then I'd suggest most people keep using Pontes Media Downloader instead, unless you want to grab an entire channel's videos or something, in which case you can learn Youtube DL, which apparently isn't that hard to use.

2019-01-01 22:04:48

@60, good post. Though I may have been extremely pushy, I did try my best to prove my case (and I think I mostly succeeded). Those who wish to keep their heads in the sand won't listen no matter what we tell them until their hacked with this program. Malwarebytes yesterday went from being fine with it running to classifying it as "generic.malware/suspicious". Like I said, perhaps one of these days I'll reload it in the sandbox that I have and decompile it, if Malwarbytes doesn't delete it first. (I like it when Malwarebytes and I work together like this! smile)

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-01-01 23:05:48

Malware Bytes is awesome. Maybe not as awesome as it used to be, but still awesome.
And I appreciate that you gave the results of that other program honestly without trying to hide it to make your point, not everyone would do that.
But yes, especially this original poster seems almost cultishly sure of the good intentions  of the developer... Makes you wonder if they are close friends or that it's the developer him self even...


I gotta say though any time an AV classifies an audio game as a machine learning threat it's hard not to laugh.

2019-01-01 23:42:20

@62, true. Though it only does that with BGT games, and like I said previously, this isn't written in BGT. smile And yeah, I tried to be as objective as possible, and gave my analysis as I found it. It was hard to do though. But I tried, and I (hope) I did.

"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."    — Charles Babbage.
My Github

2019-01-02 16:07:43

I'm rather late to this, but from looking at the beginning of it, this program is just a cheap wrapper around youtube-dl and FFmpeg, and it forces you to use mp3 which kills quality. No thanks, I've already got enough knowledge to use those programs at raw.

----------
An anomaly in the matrix. An error in existence. A being who cannot get inside the goddamn box! A.K.A. Me.

2019-01-02 16:28:55

Peace onto you all.
I, for myself will admit and be honest, that I don't have any knowledge of programing or what soever. I am also happy that, you gave some knowledge instead of only stating any facts. smile I love when there are proves because I don't believe without any proves. the plugins list made me enough curious to even ask why there are so many wow, of them.
Secondly, I have always said and will say it. I try to deal with stuff justly. It doesn't matter if someone is my friend or not. I have said, even to my best friend that if something happens with her and she things it's good, but it's bad, I will not support it and I have stood up to what I've just said.
I love these few posts with facts and I would definitely look at all those.
Also I wonder about something else and I will ask it.
Is it possible to develop a program and your computer to be affected by those viruses without your knowledge?
Plus, I am not scared of trying any programs as this computer I am currently using is full of viruses already that attack my browser and I had to put Avast from preventing them to load up and take my data. I can't remove it now though. big_smile
And the last but not least, how to remove these Russian viruses? lol.
<3 peace.
ameena.

Beware! If you know me it will be mischief around. I want my peace, your peace and our happiness.
YES(Youth Exchange&study) alumni 2016-2017
Follow. ME.

2019-01-02 16:58:15

Backup your important data manually (do not use an image backup) then reinstall windows. It's the best way. It's a shit ton more effective then weeding them out yourself. Some viruses are even beyond ridiculous enough to have a visual captcha in their uninstaller, but fortunately I knew what to do, to delete the dll after quitting regsvr32.exe (yes, it had embedded its way into the system pretty deep for a browser adware virus.)
If you're on windows 7, grab a talking windows preinstllation environment. If you're on 10, you already have a talking installer, so just grab an iso off Ms's site and you're good to go.

2019-01-02 18:44:42 (edited by sid512 2019-01-02 18:47:22)

hi,
a quick question, though.
when checking the pontes media downloader websites, it is stated that pontes media downloader has been downloaded x amount of time, from a particular date.

but how exactly, and why, does it keep track of downloaded videos and playlists?

it says:
Since 29 October 2014 there were 755432 tracks and 59918 playlists downloaded using Pontes Media Downloader (version 2.1).

now, suppose I want to keep my tracks hidden from that stat counting, is there really much of a choice?

although the numbers alone don't pose a risk compared to above programme, but just curious what method is employed for the same, as it is impossible to count the number without relaying the information to a server or an online source.

He picked up the wrench and broke the guy’s wrist with it, one, and then the other wrist, two, and turned back and did the same to the guy who had held the hammer, three, four. The two men were somebody’s weapons, consciously deployed, and no soldier left an enemy’s abandoned ordnance on the field in working order.

2019-01-02 19:12:17

I'll bet it's just a hit counter.

2019-01-03 03:42:27

I really like Pontes Media Downloader. it's not as good as foober in it's configuration tweaks, but it's not as daunting to set up, either.

2019-01-08 16:58:40

Yeah. I mean I can only speak for myself here, but None of my games have viruses. I've spent 15 years or so building up the community's trust. To do anything malicious would just be dumb.

Much less active on this forum than in the past.

Check out my live streams: http://lerven.me
follow me on Twitter: http://twitter.com/liamerven

2019-01-08 23:18:30

Hello evry one!
I am not completely sure, but this guy ahmed did attempt to get me to download his software, so yeah, i won't be using his software

My main interest is tech.
Follow me on twitter if you would like, my username is @stealthy153

2019-01-12 11:42:56

Peace onto you all,
And hi!
I don't come here very often. Thanks for the help with the viruses issue. big_smile I have backup in the form of another whole computer. I fell on the stairs and the pixels in the screen broke, eh, so no screen. big_smile
Now, to the actual thing that the topic was about, we all have our opinions and we all gotta respect each other. This is the key to a good community. smile thanks all for your help and views. I hope you're having a good weekend!
<3 big_smile

Beware! If you know me it will be mischief around. I want my peace, your peace and our happiness.
YES(Youth Exchange&study) alumni 2016-2017
Follow. ME.

2019-02-09 19:58:18

sorry for reviving this, but is this trustable or is it a hacking software like that guys other projects?

2019-02-09 20:28:12

I definitely wouldn't trust it.

Facts with Tom MacDonald, Adam Calhoun, and Dax
End racism
End division
Become united