Project 1999

Project 1999 (/forums/index.php)
-   Technical Discussion (/forums/forumdisplay.php?f=40)
-   -   dsetup.dll and false-positive virus flagging (/forums/showthread.php?t=164472)

Lyra 09-06-2014 10:22 AM

I think people need to understand the reason THIS file is triggering the security warning.

If you have websites blocked at work, it is likely a list of websites your employer purchased to meet their internet viewing policies. (It's likely a service the company purchased and this list is a part of it) The people making the list, add websites to it all the time, as they created, or as they are discovered as fitting the criteria of the category they are blocking.

This is the same type of thing. One of the many players here likely submitted the file to McAfee for evaluation. This may have been malicious, it may have not. McAfee looked at the file and determined "We don't know what this is. It could be dangerous". Not because they KNOW it's dangerous, but because they don't know what it is and therefore can't guarantee it's safety. They added it to it's list of things to flag as "Generic11". You see they didn't give it it's own name. They added it to a list of generic stuff, all of which fits this same category of "we don't know, but just in case here is a warning" warnings. The file is now on a "list" and they buy each others lists.

Misflagging happens ALL THE TIME. Google Generic11 to read. Here is one example:

https://forums.adobe.com/thread/391984?tstart=0

http://securityandthe.net/2008/11/10...-windows-file/
Quote:

AVG virus scanner removes critical Windows file
I'm sure they fixed their scan to not flag a windows file. Project 1999 is not going to be that lucky.

You could play "safe" and not join the fun or you can trust the guy providing free Classic Everquest gaming to thousands of people for the last five years without incident.

Derubael 09-06-2014 07:06 PM

Lyra - I copied your post into it's own brand new thread b/c I thought you did a good job of explaining this. I'd like to add this as well:

Quote:

Originally Posted by KOOLLAYD (Post 1606263)
I just wanna know if it alters anything on your computer or changes anything to install anything in the background or if it just runs and pings simply because of how it was coded or what. It's reason or purpose doesn't doesn't bother me. If I seriously thought something wasn't on the level I'd have not even bothered to ask. I'd kept it moving. Since I am new I can't judge based on the last 5 years since I wasn't here. That's why I am asking you guys.

dsetup.dll doesn't modify any of your files, doesn't let us read your files, doesn't destroy your registry. It doesn't give us any kind of hands on access to your computer. It's there to detect cheats like Macroquest and ShowEQ so that we can have a truly hack free server. As a poster explained above, it is likely that someone submitted it to a (crappy, lazy) virus database and they filed it in the "well it does something but we can't be arsed to figure out what" section of their DB. So now it's going to flag on certain virus scanners.

I'm told a number of high end scanners like Kaspersky's (read: Mcaffee, Norton, are horrible at virus protection. Biggest scam in the industry IMO. AVG is good but since a lot of their business is free I'm betting they don't have the staff to check for false-positives like this and remove them).

For the longest time this file didn't get picked up on any scanner (~4ish years) and no one has ever reported it doing anything malicious to their computer. This leads me to believe the "someone submitted it" theory, possibly to try to thwart Project 1999 (Disclaimer: I'm pulling this out of my ass, but it makes sense). The DLL literally has not been touched in forever, so it's not like we added something in that would make it start getting flagged as malicious.

Quote:

Originally Posted by myriverse (Post 1606146)
Much easier to get a better antivirus program. The better ones do not mistake it for a virus.

^ Kaspersky's if you're a savvy computer user, Webroot if you're not. If you really don't want to pay, AVG - but you'll have to add an exception for this file (as you stated in your OP). Spybot/adaware/malwarebytes as well, if you're not careful about the websites you visit (your computer is likely bogged with malware/adware/spyware, even if you dont know it; people in the IT field deal with this on a daily basis), you'll need these programs.

In order to circumvent the DLL flagging, simply disable your anti-virus software and re-enable it after launching EQ. This shouldn't be required with better scanners.


All times are GMT -4. The time now is 01:00 AM.

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.