made an account just to post this, because the files in OP are alarming
would be one hell of a false positive
>hurr he even says use inside a vm
that doesnt change the fact that these files are suspicious and that not everyone is going to follow the directions or even read him saying that, which is pretty damn good motive
hitler was trusted
incoming wall of textvirustotals:
original ollydbg.exe, same version:https://www.virustotal.com/gui/file/1a6 ... /detectionZERO DETECTIONSexe provided by op:https://www.virustotal.com/gui/file/77d ... /detection60/65 detectedScyllaHideIDASrvx86 orig, found on githubhttps://www.virustotal.com/gui/file/ad8 ... a2/details1/56 engines detected
ScyllaHideIDASrvx86.exe provided by op:https://www.virustotal.com/gui/file/2fe ... 64/details51/56 engines detected
These exe files call WH_MSGFILTER? "The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to monitor messages about to be processed by a menu, scroll bar, message box, or dialog box". im thinking possible keylogger here, windows antivirus even reports this as a password stealer.
And other antiviruses report these files as a worm
Sure enough, the files in the op behave just like that--strange behavior such as communicating on the local network, makes suspicious registry accesses, and even infects other olly installs according to kees, ALL OF WHICH THE ORIGINAL FILES DO NOT DO
avg detected as w32/morfksys:
"W32/Mofksys can spread via copying itself to network shares and removable drives."
wouldnt be surprised if these files did exactly that to leave the VM, also the file communicates on the local network
if that were the case, they might not even be super safe running inside a vm if you were to execute one of the files he modified outside of the vm
finally, the infected files also load a bunch of extra system dlls that the original didnt needUnless OP has an explanation for this, these files shouldnt be used and the safest bet would be to download all the files from other sources.
Tutorial was at least okay though