PDA

View Full Version : EQextracter2 Loaded with viruses?

Sarcasm
09-06-2014, 02:30 PM
On a recent scan by avg came up with 4 threats all coming from eqextracter2 in the utils folder of my source dir.

the actual files are : PacketDOTNET.dll

log4net.dll

Zlib.net.dll

sharpPcap.dll

They are coming up as a "EID_pe_iscorrupted" type malware. Are these actual problems or is my AV being over sensitive. I know it tends to happen on certain Keygens and cracks or hacks but not sure in this case.
vsab
09-06-2014, 04:24 PM
Where did you get it from? https://github.com/EQEmu/EQExtractor/tree/master/EQExtractor2 ?

I don't recall adding log4net in there.
Sarcasm
09-06-2014, 09:18 PM
I downloaded everything from links off of the Wiki
vsab
09-08-2014, 03:50 AM
Can you provide a link to that page? This page? http://wiki.eqemulator.org/p?EQExtractor&frm=Main

You're antivurus could be right, and if it is we need to take that link down. (There are no usable precompiled versions that I know of anyway).
Noport
09-08-2014, 05:45 AM
I have a dll reader program this is whats inside of them

PacketDOTNET.dll
"LegalCopyright", "Chris Morgan (chmorgan@gmail.com)"
Zlib.net.dll
"LegalCopyright", "ComponentAce"
vsab
09-08-2014, 06:16 AM
Noport; that could easily be faked and also if I were to hijack a known dll to insert a virus, I'd change as little as possible.

http://www.telerik.com/products/decompiler.aspx would actually show the code that would be run. .Net binaries are very very easily decompiled, even when run through an obfuscator.

But the point is, the current version only links to these compiled binaries: https://github.com/EQEmu/EQExtractor/tree/master/lib

The dll's mentioned are well known and used binaries by name, but it doesn't mean the actual versions he downloaded arent compromised.

To state; there is no currently working version of EQExtractor available,the latest version is 4 months worth of patches out of date.

Sony were patching and changing the structs at least once a week and so by the time I got it working again, they broke it., so I never bothered releasing binaries. I never did (re-)crack the merchant lists so I don't think anyone was particularly interested in using it.
Sarcasm
09-08-2014, 07:28 PM
this is where i got everything in my source folder :

git://github.com/EQEmu/Server.git .
demonstar55
09-08-2014, 08:27 PM
The source is here https://github.com/EQEmu/EQExtractor

The code included in the server repo is deprecated. All the dlls pass through VirusTotal fine. (ClamAV also had no issues with them, don't feel like rebooting into Windows)