Security Information

This page provides detailed information about antivirus false positives and the security aspects of the Visual Aim Assist Tool.

⚠️ Antivirus False Positive Notice

If your antivirus flags this software as malicious (e.g., "Trojan:Win32/Wacatac.B!ml"), this is a FALSE POSITIVE.

---

Why Does This Happen?

This tool uses several legitimate Windows and Linux APIs that are sometimes misused by actual malware. Heuristic-based antivirus engines flag these APIs because they can be used for both legitimate and malicious purposes.

APIs Used by This Tool

Windows APIs

1. SendInput() API
2. Purpose: Simulates mouse movements and clicks
3. Legitimate Uses: Accessibility tools, automation software, gaming peripherals, remote desktop applications
4. Why Flagged: Also used by malware for automated actions

5. Our Usage: Only for legitimate mouse movement simulation based on screen detection

6. GetDC(), BitBlt(), PrintWindow() APIs

7. Purpose: Screen capture functionality
8. Legitimate Uses: Screen recorders (OBS, Fraps), screenshot tools, remote desktop software, video conferencing apps
9. Why Flagged: Can be used by spyware to capture screen content

10. Our Usage: Only captures the specified game window for color detection

11. RegisterHotKey() API

12. Purpose: Registers global keyboard hotkeys
13. Legitimate Uses: Hotkey managers, accessibility tools, media players, gaming software
14. Why Flagged: Can be used by malware to intercept keystrokes or maintain persistence
15. Our Usage: Only for F1-F4 feature toggles and exit commands

Linux APIs

1. /dev/uinput
2. Purpose: Creates virtual input devices from user-space
3. Legitimate Uses: Gaming peripheral software (Logitech, Razer), accessibility tools, automation scripts, remote desktop
4. Why Flagged: Can be used by keyloggers or input hijacking malware

5. Our Usage: Only for simulating mouse movements based on screen detection

6. X11/XShm APIs

7. Purpose: X Window System screen capture
8. Legitimate Uses: Screen recorders, screenshot tools, remote desktop applications
9. Why Flagged: Can capture sensitive screen content
10. Our Usage: Only captures the specified game window for processing

---

What This Tool Does NOT Do

✅ Does NOT read or write memory of other processes ✅ Does NOT inject DLLs into other processes ✅ Does NOT hook into game executables ✅ Does NOT modify game files ✅ Does NOT communicate over the network ✅ Does NOT persist itself in your system ✅ Does NOT steal any data ✅ Does NOT contain any obfuscated or encrypted payloads ✅ Does NOT use rootkits or stealth techniques ✅ Does NOT disable security software

---

How to Verify Safety

1. Review the Source Code

All source code is publicly available in this repository. You can verify:

• No memory reading/writing functions
• No network communication code
• No DLL injection or process manipulation
• No obfuscated or hidden functionality

Key Files to Review: - src/main.cpp - Main application logic - includes/capture.hpp - Screen capture implementation - includes/mouse.hpp - Mouse input simulation - includes/config.hpp - Configuration handling

2. Compile It Yourself

Build from source to ensure the binary matches the source code:

# Clone repository
git clone <repository-url>
cd <repository-directory>

# Build (see building.md for detailed instructions)
mkdir build && cd build
cmake ..
cmake --build . --config Release

3. Analyze with Multiple Engines

Submit to VirusTotal to see analysis from multiple antivirus engines:

• Individual engines may flag it (heuristic false positives)
• Look at the behavioral analysis (should show no malicious activity)
• Check the community score and comments

4. Monitor Behavior

Use tools like Process Monitor or Wireshark to verify:

• No unexpected file access outside config directory
• No network connections
• No registry modifications
• No process injection attempts

---

How to Add an Exception

Windows Defender

1. Open Windows Security → Virus & threat protection
2. Click Manage settings under Virus & threat protection settings
3. Scroll to Exclusions → Add or remove exclusions
4. Click Add an exclusion → Folder or File
5. Select the folder containing the executable or the executable itself

Third-Party Antivirus

Refer to your antivirus documentation for adding exclusions. Common locations:

• Avast: Settings → General → Exceptions
• AVG: Menu → Settings → General → Exceptions
• Bitdefender: Settings → Protection → Exclusions
• Kaspersky: Settings → Security Settings → Threats and Exclusions → Exclusions
• McAfee: Settings → Real-Time Scanning → Excluded Files
• Norton: Settings → Antivirus → Scans and Risks → Exclusions

Reporting False Positives

If you believe the detection is incorrect, you can report it to antivirus vendors:

• Microsoft: Submit a sample for analysis
• Avast: Submit a false positive
• Kaspersky: New Kaspersky Lab Anti-Virus Database

---

Understanding Heuristic Detection

What is Heuristic Analysis?

Heuristic analysis is a method used by antivirus software to detect previously unknown viruses by analyzing code behavior and characteristics rather than specific signatures.

Why False Positives Occur

1. API Usage Patterns: Certain API combinations resemble malware behavior
2. Code Structure: Similar patterns to known malicious software
3. Packing/Compression: Some build processes resemble malware packing
4. Lack of Digital Signature: Unsigned executables are viewed with suspicion
5. Low Prevalence: New or uncommon software gets extra scrutiny

Wacatac.B!ml Explained

• Wacatac: Generic detection name used by Microsoft Defender
• B: Variant identifier
• !ml: Machine Learning indicator (detected by ML heuristic)

This is a generic heuristic detection, not a specific signature match. It means the ML model identified patterns that resemble malware, not that it found actual malicious code.

---

Transparency Commitment

We are committed to maintaining transparency and trust:

1. Open Source: All code is publicly auditable
2. No Hidden Features: What you see is what you get
3. Regular Updates: Security improvements are documented
4. Community Review: We welcome security researchers to review our code
5. Responsive: We address security concerns promptly

---

Legal and Ethical Considerations

Terms of Service

⚠️ Important: Using this tool may violate the Terms of Service of some games or applications.

• Check ToS: Review your game's terms before using
• Single-Player: Generally safer for single-player use
• Multiplayer: May result in bans in competitive multiplayer games
• Responsibility: You are responsible for understanding and complying with applicable rules

Ethical Use

We encourage ethical and responsible use:

• ✅ Educational purposes
• ✅ Single-player games
• ✅ Games that explicitly allow assistive tools
• ✅ Accessibility needs (with appropriate accommodations)
• ❌ Competitive multiplayer where prohibited
• ❌ Gaining unfair advantage over other players
• ❌ Commercial cheating services

---

Contact

If you have security concerns or questions:

1. Review the source code
2. Compile from source yourself
3. Submit false positive reports to antivirus vendors
4. Open an issue on the repository for clarification

---

Additional Resources

• Building Guide - Compile from source
• Usage Guide - How to use the tool safely
• Configuration Guide - Understand all settings

---

Last Updated: 2026