Thread: dsetup.dll and false-positive virus flagging
View Single Post
  #2  
Old 09-06-2014, 07:06 PM
Derubael Derubael is offline
Retired GM


Join Date: Aug 2013
Location: Cabilis East, in the northwest corner of the zone-in from Field of Bone
Posts: 5,011
Default
Lyra - I copied your post into it's own brand new thread b/c I thought you did a good job of explaining this. I'd like to add this as well:

Quote:
Originally Posted by KOOLLAYD [You must be logged in to view images. Log in or Register.]
I just wanna know if it alters anything on your computer or changes anything to install anything in the background or if it just runs and pings simply because of how it was coded or what. It's reason or purpose doesn't doesn't bother me. If I seriously thought something wasn't on the level I'd have not even bothered to ask. I'd kept it moving. Since I am new I can't judge based on the last 5 years since I wasn't here. That's why I am asking you guys.
dsetup.dll doesn't modify any of your files, doesn't let us read your files, doesn't destroy your registry. It doesn't give us any kind of hands on access to your computer. It's there to detect cheats like Macroquest and ShowEQ so that we can have a truly hack free server. As a poster explained above, it is likely that someone submitted it to a (crappy, lazy) virus database and they filed it in the "well it does something but we can't be arsed to figure out what" section of their DB. So now it's going to flag on certain virus scanners.

I'm told a number of high end scanners like Kaspersky's (read: Mcaffee, Norton, are horrible at virus protection. Biggest scam in the industry IMO. AVG is good but since a lot of their business is free I'm betting they don't have the staff to check for false-positives like this and remove them).

For the longest time this file didn't get picked up on any scanner (~4ish years) and no one has ever reported it doing anything malicious to their computer. This leads me to believe the "someone submitted it" theory, possibly to try to thwart Project 1999 (Disclaimer: I'm pulling this out of my ass, but it makes sense). The DLL literally has not been touched in forever, so it's not like we added something in that would make it start getting flagged as malicious.

Quote:
Originally Posted by myriverse [You must be logged in to view images. Log in or Register.]
Much easier to get a better antivirus program. The better ones do not mistake it for a virus.
^ Kaspersky's if you're a savvy computer user, Webroot if you're not. If you really don't want to pay, AVG - but you'll have to add an exception for this file (as you stated in your OP). Spybot/adaware/malwarebytes as well, if you're not careful about the websites you visit (your computer is likely bogged with malware/adware/spyware, even if you dont know it; people in the IT field deal with this on a daily basis), you'll need these programs.

In order to circumvent the DLL flagging, simply disable your anti-virus software and re-enable it after launching EQ. This shouldn't be required with better scanners.
Last edited by Derubael; 09-18-2014 at 07:10 PM..