dsetup.dll is setting off malware alert

[phacemeltar]

Quote:

Originally Posted by Artaenc [You must be logged in to view images. Log in or Register.]

I run it on a virtual machine sometimes at work, video is slow. Let me know if you find a way to speed it up plz. I'm using VMware Workstation 9.x with a dedicated NIC for that VM.

i would not be the one to go to for this, as i have been avoiding VM due to the fact i have no idea how the concept of virtualization works. if i could figure out how to get Hyper-V i would totally give it a go, but as virtualbox is oracle and seems to do alot of unknown(to me) stuff to my machine, i have hesitated from installing any virtualization on my machine as of yet.

[Huck]

So if I have business version of AVG and it flags the .dll file - does some tech nerd at my company get an alert of this "virus" in my laptop or am I still okay to play on a work machine? LOL!

[Bugsy]

I'm having the same issue with AVG flagging dsetup.dll from the latest update as a Trojan horse. Is this something to worry about?

Microsoft Security Essentials and Malwarebytes have not indicated this file as a problem.

[Korben]

Quote:

Originally Posted by Ambrotos [You must be logged in to view images. Log in or Register.]

GMs/Guides can't even read tells/groupchat because Rogean want's to keep the privacy of the players. So I doubt he would go so far where he can be arrested for stealing numbers to bank accounts when he limits the staff to not reading people cyber tells.

That's exactly what he would want us to think.

/tinfoilhat

[getsome]

Quote:

Originally Posted by Huck [You must be logged in to view images. Log in or Register.]

So if I have business version of AVG and it flags the .dll file - does some tech nerd at my company get an alert of this "virus" in my laptop or am I still okay to play on a work machine? LOL!

I am not familiar with AVG specifically but the short answer to your question is they will most likely have a log of the detection on your pc. However very few help desk departments are going to investigate every time a file is quarentined. Are you exposed if play at work, of course, most corporations could determine what you are running on your pc with a few strokes of a key. Even if you bring in your own equipment, if you ride on company bandwidth they could discover your malfeasance.

Playing on your own equipment with your own bandwidth is about the only way to avoid big brother. But usually you will find that big brother is not watching unless you give them a reason too.

Just keep submitting your TPS reports on time and the management wont have a reason to view your productivity as shit and investigate.

[sabinrf24]

Quote:

Originally Posted by Ambrotos [You must be logged in to view images. Log in or Register.]

Not sure if you'll get an answer. Rogean had made a post in the past in response you can look up. I will say from what I know it doesn't do that at all. If it does other shady things I wouldn't have rl friends playing on the server, along with myself.

I expected worse, the functionality in the .dll seems reasonable honestly. I'm usually pretty privacy conscious, but after taking a look at it, I'm not concerned.

I know my opinion doesn't mean much, but I'm not involved in the development of the product, and I am not concerned by what it's doing...so I guess that's something?

[lvpa]

Well, AVG blocked it again; now EQ won't start.

Quote:

Originally Posted by sabinrf24 [You must be logged in to view images. Log in or Register.]

I expected worse, the functionality in the .dll seems reasonable honestly. I'm usually pretty privacy conscious, but after taking a look at it, I'm not concerned.

Can you give a rundown of exactly what it does? Or anyone?

I'm trying to figure out how to unblock it. In the meantime, this is not something I'm super happy about. Obviously it's a free server so I can't complain very much, but it is something I've gotten attached to, and it's not something the real EQ ever felt the need to do (or any other game I've played since I've had this computer. So, 2011.).

Edit: One of the processes blocked was in Windows/System32? No. I won't be unblocking that. That's not cool.

The other is eqgame.exe. I'll unblock that one and see what happens.

Edit2: Nope. I'm going to see if I can edit the DLL itself. If I can, and it works, then this whole thing is pretty silly because that's the first thing any malicious hacker would do.

The sytem monitoring is bad enough, but no one's making changes to my Windows system folder. One typo and I've let some amateur coder on the internet turn my computer into a brick.

[sabinrf24]

The AV is triggering on the obfuscation, not on the functionality of the .dll btw.

All I did was add the eq directory to my exceptions list under Tools --> Advanced settings --> Resident Shield --> Directory Excludes in AVG and all was good.

[Jepaxis]

When are you patching again next. I scanned that last .dll and it doesn't set off virus protection. Which seems pretty odd to me.

I'm another one who can't remove/modify my virus software from my machine, so haven't been able to play since the virus software updated.

[lvpa]

Quote:

Originally Posted by sabinrf24 [You must be logged in to view images. Log in or Register.]

All I did was add the eq directory to my exceptions list under Tools --> Advanced settings --> Resident Shield --> Directory Excludes in AVG and all was good.

Now that I know it's messing around in the system folder I'm not really comfortable doing that.

I'm looking at the DLL but while I've written plenty of code, I'm not experienced in reverse engineering it. Also, the decompiler gives a message that the headers have been destroyed, meaning it's been intentionally made difficult to reconstruct.

I tried replacing it with the DLL from the last update (update 32), but it's able to detect that it's not the right one. So finding out how it knows the DLL is different is the real challenge; fixing the DLL won't help if it can tell it's been changed and still not launch EQ.