dsetup.dll is setting off malware alert - Page 3

Grimjaw · #21 07-04-2014, 12:43 AM

Quote:

Originally Posted by abacab-101 [You must be logged in to view images. Log in or Register.]

The file is obfuscated, and has two anti-cracking methods put into place; the first is the encryption and the block against .NET Reflector editing, it jumbles up the text and actively block compilers there are ways around that but I won't post that here.

The second is when it's edited a Project1999 pop-up comes up that says "this file has been corrupted, modified, and changed" as well as the DLL-2 error that pops up; the trick here is to maintain the file integrity and size; since most of the file has bullshit hex for filler (the lines upon lines of CC CC CC CC CC and 00 00 00 00 00) that must be maintained to keep the file from being rejected by the p99 client.

DLL has been cracked it's not hard at all.

so what does it do then lol? U can read pcode?

abacab-101 · #22 07-04-2014, 12:49 AM

Quote:

Originally Posted by Grimjaw [You must be logged in to view images. Log in or Register.]

so what does it do then lol? U can read pcode?

1. It's a callback
2. It causes an overflow on third-party programs, when you D/C it flags you because it sends out bad packets that the server then collects from your client; since MQ2 can't function well when the dsetup.dll is running at x100000 as opposed to the normal x0200 of eqgame.exe it disconnects the moment your character hits the world and reads the very first packet.

abacab-101 · #23 07-04-2014, 01:37 AM

P99's handle:
eqgame.exe (5556), DLL, C:\p99\dsetup.dll, 0x10000000

Normal handle:
eqgame.exe (5556), DLL, C:\everquest\dsetup.dll, 0x02000

abacab-101 · #24 07-04-2014, 01:38 AM

MQ2 reads 0x02 as that is what the client normally pushes, since p99 puts out 0x10 MQ2 cannot handle it and disconnects, thus the flagging occurs.

phiren · #25 07-04-2014, 10:11 AM

For the record, I don't think DSETUP.DLL is a big conspiracy to steal information on my computer.

I'm probably part of a minority of people who play on a machine where I have no control over my anti virus settings.

So -- if the devs feel that what they did is fine, and it's McAfee + other anti virus just being lame (which I completely agree with actually)... then that's fine.

I just wanted to bring it to the attention in the hopes that maybe the Devs can find an alternative.

~Phiren

lvpa · #26 07-09-2014, 02:15 AM

AVG just picked this up. It was odd because I hadn't done anything for like an hour, was just sitting afk, and it popped up.

Should I let AVG remove it? It's already quarantining it and not giving me the option to leave it alone; the options are quarantine or remove completely.

Ambrotos · #27 07-09-2014, 04:27 AM

then you won't be able to play on the server. It isn't a virus

lvpa · #28 07-09-2014, 04:40 AM

Quote:

Originally Posted by Ambrotos [You must be logged in to view images. Log in or Register.]

then you won't be able to play on the server. It isn't a virus

I know; I'm saying AVG didn't give me a choice, it was either delete or quarantine; both amount to the program becoming inaccessible.

Ambrotos · #29 07-09-2014, 05:57 AM

Derubael made a good post on the first page I think. Just switch scanners, and don't deal with avg.

Argh · #30 07-09-2014, 06:07 AM

Malwarebytes