EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   General::Server Discussion (https://www.eqemulator.org/forums/forumdisplay.php?f=601)
-   -   EQextracter2 Loaded with viruses? (https://www.eqemulator.org/forums/showthread.php?t=38729)

Sarcasm 09-06-2014 02:30 PM
EQextracter2 Loaded with viruses?
 
On a recent scan by avg came up with 4 threats all coming from eqextracter2 in the utils folder of my source dir.

the actual files are : PacketDOTNET.dll

log4net.dll

Zlib.net.dll

sharpPcap.dll

They are coming up as a "EID_pe_iscorrupted" type malware. Are these actual problems or is my AV being over sensitive. I know it tends to happen on certain Keygens and cracks or hacks but not sure in this case.

vsab 09-06-2014 04:24 PM
Where did you get it from? https://github.com/EQEmu/EQExtractor...r/EQExtractor2 ?

I don't recall adding log4net in there.

Sarcasm 09-06-2014 09:18 PM
I downloaded everything from links off of the Wiki

vsab 09-08-2014 03:50 AM
Can you provide a link to that page? This page? http://wiki.eqemulator.org/p?EQExtractor&frm=Main

You're antivurus could be right, and if it is we need to take that link down. (There are no usable precompiled versions that I know of anyway).

Noport 09-08-2014 05:45 AM
I have a dll reader program this is whats inside of them
Code:
PacketDOTNET.dll
"LegalCopyright", "Chris Morgan (chmorgan@gmail.com)"
Zlib.net.dll
"LegalCopyright", "ComponentAce"

vsab 09-08-2014 06:16 AM
Noport; that could easily be faked and also if I were to hijack a known dll to insert a virus, I'd change as little as possible.

http://www.telerik.com/products/decompiler.aspx would actually show the code that would be run. .Net binaries are very very easily decompiled, even when run through an obfuscator.

But the point is, the current version only links to these compiled binaries: https://github.com/EQEmu/EQExtractor/tree/master/lib

The dll's mentioned are well known and used binaries by name, but it doesn't mean the actual versions he downloaded arent compromised.

To state; there is no currently working version of EQExtractor available,the latest version is 4 months worth of patches out of date.

Sony were patching and changing the structs at least once a week and so by the time I got it working again, they broke it., so I never bothered releasing binaries. I never did (re-)crack the merchant lists so I don't think anyone was particularly interested in using it.

Sarcasm 09-08-2014 07:28 PM
this is where i got everything in my source folder :

git://github.com/EQEmu/Server.git .

demonstar55 09-08-2014 08:27 PM
The source is here https://github.com/EQEmu/EQExtractor

The code included in the server repo is deprecated. All the dlls pass through VirusTotal fine. (ClamAV also had no issues with them, don't feel like rebooting into Windows)


All times are GMT -4. The time now is 09:27 PM.

Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.