dsetup.dll is setting off malware alert - Page 2

Derubael · #1 07-01-2014, 08:58 AM

Quote:

Originally Posted by getsome

McAfee is now flagging this file as well.

McAfee is garbage Anti-Virus software, and will flag innocuous files while missing the malicious ones. Would highly recommend staying away from that and Norton, as they do more damage to your system (bogs performance, has weird conflicts with programs they shouldn't, way too many false positives and doesn't actually catch the really bad virus' that it should be catching). Get Kaspersky if you're computer savvy, or Webroot if you're not. AVG is decent for a free program, but if you're going to pay go with Webroot or Kaspersky.

After many years doing IT work, including far too many malware and virus removals, this is the best advice I can give next to "stop clicking links that you aren't 100% sure are safe."

Quote:

Actually I have a friend who's got a fancy degree or two in computer security, and he says that P99 makes some disturbing changes to the registry or rootkits or something like that. He now refuses to play it, but I don't know, maybe he's just tired of being a noob and that's his excuse.

If you have a friend who actually cracked the dll's encryption and managed to put it back together and get the full code, I don't think he'd be that disturbed.

Yes, dsetup is our anti-cheat. No, it's not malicious software, no it doesn't affect your computers performance, and no we cannot steal your credit card numbers or do anything nasty with the file itself. No, it's not getting removed, because it's our primary method of detecting third party programs, and without it Project 1999 would be rampant with cheaters.

bluntzup · #2 07-11-2014, 07:05 PM

i have the same problem. glad to see a Gm's input but my problem is that i was fine exempting this file from being removed by the antivirus and the only place it was being picks up was in the EQ folder. i understand that it's their way of checking for hackers, but i now am getting the "generic11" file warning in other parts of my computer, like my systems folder.. this Trojan horse seems to be spreading which gives me worry now when before i just ignored it because i love classic everquest (project 1999), any explanation for this moving to other parts of the computer?

Somekid123 · #3 07-11-2014, 09:41 PM

I took the advice of Relbaic "If you use AVG go to Options > Advanced Settings > Exceptions and then just add your EQ folder."

For whatever reason it wouldn't accept it, claims it couldn't find anything I specificed, realized I could just disable virus scanner, load EQ, then enable it.

Just a tip to others.. maybe it was super obvious for you guys but I seem to over look that shortcut.

Derubael · #4 07-12-2014, 12:55 AM

Quote:

Originally Posted by bluntzup [You must be logged in to view images. Log in or Register.]

i have the same problem. glad to see a Gm's input but my problem is that i was fine exempting this file from being removed by the antivirus and the only place it was being picks up was in the EQ folder. i understand that it's their way of checking for hackers, but i now am getting the "generic11" file warning in other parts of my computer, like my systems folder.. this Trojan horse seems to be spreading which gives me worry now when before i just ignored it because i love classic everquest (project 1999), any explanation for this moving to other parts of the computer?

It's not a trojan, and it shouldn't be spreading - if you have a virus and you know it is spreading through your computer, there is another malicious file affecting you. Ours wouldn't/doesn't do this.

bluntzup · #5 07-12-2014, 05:25 AM

Quote:

Originally Posted by Derubael [You must be logged in to view images. Log in or Register.]

It's not a trojan, and it shouldn't be spreading - if you have a virus and you know it is spreading through your computer, there is another malicious file affecting you. Ours wouldn't/doesn't do this.

sounds good. i don't believe i have a virus i do extensive scans, and am very careful with what i do. I was just curious do to the fact i have never seen generic11 file until it picked up the one in the EQ folder. as of now i see no other malicious files in my system, and have gotten rid of the others. so all seems to be well so far. [You must be logged in to view images. Log in or Register.]

George_Smith · #6 02-12-2015, 06:15 PM

Instead of suggesting that people not use McAfee, Norton, AVG, etc and wasting a lot of time trying to explain to us why dsetup.dll is safe. Could you guys send an explanation to these Antivirus companies telling them why it is a false positive so they can add it to their trusted list. I looked up the McAfee site to do this (see below). I would do it myself, but I do not actually know what this file does. So my explanation probably will not convince them.

Thanks

https://secure.mcafee.com/apps/mcafe...aspx?region=us

some instructions from the website I found the link on:

If you are the owner of the software being detected see: Detection Dispute Submission | McAfee Labs (If it doesn't hyperlink here, it's the link I copied and pasted just above)

Email file to: virus_research@mcafee.com and make the header of the email start with the word FALSE - for example FALSE: In-house file being detected by McAfee

When submitting samples via E-mail all samples must be packaged in a .ZIP file.

Additionally, any .ZIP file created must be password-protected (encrypted) using the password "infected" (minus the "") - using the basic or default zipping level - some compression software offers varying degrees. Failure to follow these guidelines will cause your submission to be rejected.

If you've done that properly an automated response should be received almost immediately, followed by a manual one, usually within 24 - 48 hours.

If you don't receive anything it either means the file was submitted incorrectly or the response is sitting in your Junk or Spam mail folders.

**If they respond that it is an infection and you are sure it is not, reply to that email immediately ( to virus_research@mcafee.com ) and insert the word 'False' (minus the '') in front of the header, but keep the rest of the header intact.

To be on the safe side scan with an outside anti-malware agent such as MalwareBytes (Free) or SuperAntispyware (Free). Let them clean everything they find.

NOTE: Due to the large volume of detections on a daily basis (150,000 or more) please allow 4-5 business days for the submission to be analyzed & processed.

legionofstorm · #7 02-22-2015, 09:16 PM

Yes could someone with the project contact them. I have submitted to them twice on the issue. Nothing. I am willing to to donate to get this fixed if need be. driving me crazy. I have to turn of monitoring but everytime i reboot i have to redo the dll.setup thing. ugh.

Mentathiel · #8 02-23-2015, 05:26 AM

Quote:

Originally Posted by George_Smith [You must be logged in to view images. Log in or Register.]

Instead of suggesting that people not use McAfee, Norton, AVG, etc and wasting a lot of time trying to explain to us why dsetup.dll is safe. Could you guys send an explanation to these Antivirus companies telling them why it is a false positive so they can add it to their trusted list.

Because that would be a lie. The issue is not that dsetup.dll is a false positive so much as it just doesn't make use of its monitoring code to do anything malicious. McAfee, Norton, AVG, etc. are right to flag it, but they should respect your decision to trust it anyway.

**Haynar** · #9 07-01-2014, 09:41 AM

Quote:

Originally Posted by BiggHurb [You must be logged in to view images. Log in or Register.]

yea right now only abacab knows how to circumvent it... /sarcasm

i mean, how do u catch the people who hide their cheating from your .dll, ie the real cheaters... u cant i guess... shame on all of u

We keep trying is what we do. I think doing bans once a month is way to go for cheaters. That way its harder for them to tell what busted them. But cheaters will always cheat. Its in the blood.

If you are used to using seq, and have been for 10 years, its hard to play without.

H

abacab-101 · #10 07-04-2014, 12:23 AM

Quote:

Originally Posted by Haynar [You must be logged in to view images. Log in or Register.]

We keep trying is what we do. I think doing bans once a month is way to go for cheaters. That way its harder for them to tell what busted them. But cheaters will always cheat. Its in the blood.

If you are used to using seq, and have been for 10 years, its hard to play without.

H

The file is obfuscated, and has two anti-cracking methods put into place; the first is the encryption and the block against .NET Reflector editing, it jumbles up the text and actively block compilers there are ways around that but I won't post that here.

The second is when it's edited a Project1999 pop-up comes up that says "this file has been corrupted, modified, and changed" as well as the DLL-2 error that pops up; the trick here is to maintain the file integrity and size; since most of the file has bullshit hex for filler (the lines upon lines of CC CC CC CC CC and 00 00 00 00 00) that must be maintained to keep the file from being rejected by the p99 client.

DLL has been cracked it's not hard at all.