Virus detection in ephinea.dll?

Qwixilver

Member
I've been playing on this server for a little while now, and as with most private servers it's not terribly uncommon for my security software to alert me about the encryption and packaging methods used to create the server's custom DLL files. As such I wasn't too surprised when the latest launcher update I downloaded alerted me that there was potentially malicious code in the DLL.

Having dealt with this before on other private servers, I did some double checking and when I felt comfortable that the file was likely clean, I made an exception for it.

However, what surprised me was that the DLL file was accessed and seen actually taking malicious action on my computer by my security software on my next reboot! This is not cool guys. I was not anywhere near loading up your files at that point in my boot up, so they shouldn't have been getting accessed at all. Let alone trying to make/copy files around on my system...

Why is it that all the good private servers can't stay away from putting malware on my system? do you all get some kind of compensation for botnet time or something?
 

tofuman

Administrator
Staff member
The DLL doesn't download any 'malware'. It replaces functions in the game allowing us to add to the game. There is anti hack functions but the DLL will crash psobb if its detected. It doesn't touch anything else.

I'd like to see this proof of malicious actions on your system. Because I'm sure its just a false positive.

A DLL that alters an exes functions while in memory can trigger an av's behavior monitoring. But like I said this will be a false positive.
 

Sodaboy

Administrator
Staff member
There isn't any malware in the DLL nor does it do anything malicious. Your antivirus is shoddy. Antiviruses that use signatures aren't fail proof, bro.

Here's some examples I actually pointed out to Microsoft because their latest Windows Defender definitions are too sensitive to whatever "Trojan:Win32/Spursint.A!cl" is.

Look at all these false positives:

http://answers.microsoft.com/en-us/...ve-alert/67d1a2dd-3bcf-4a7f-a98b-52a2049db0d9

http://answers.microsoft.com/en-us/...wnloaded/54141574-b4cf-4544-86fd-1750ab382cbf

https://groups.google.com/forum/#!topic/smartgit/YVBLCz73_QQ

http://forum.xda-developers.com/showthread.php?p=66165203#post66165203

http://forum.fractalaudio.com/threa...-device-multitool.112538/page-32#post-1370034

http://forum.xda-developers.com/showpost.php?p=66711028&postcount=8

http://www.moddb.com/downloads/nt-core-20

But, yeah, if you don't believe me, that's on you. Can't force you to do anything nor do I have any interested in botnets or the porn on your HDD.
 

HereticKitsune

Dorksune
However, what surprised me was that the DLL file was accessed and seen actually taking malicious action on my computer by my security software on my next reboot! This is not cool guys. I was not anywhere near loading up your files at that point in my boot up, so they shouldn't have been getting accessed at all. Let alone trying to make/copy files around on my system...
Your antivirus is mistaken or you read it wrong. Worst case scenario is that you have malware that is infecting other files and/or disguising itself.
 
Top