• You've discovered RedGuides 📕 an EverQuest multi-boxing community 🛡️🧙🗡️. We want you to play several EQ characters at once, come join us and say hello! 👋
  • IS THIS SITE UGLY? Click "RG3" at the very bottom-left of this page to change it. To dismiss this notice, click the X --->

Question - .Exe random name and/or virus detection (1 Viewer)

Myysterio

On thin ice
Joined
Jun 13, 2020
RedCents
477¢
I have been using RG for like 2 years now and today I got this warning for the first time. Just checking to see if its expected. It popped up when I launched MQ.

1652529089580.png
 
Solution
It's masking the exe in memory with a new name every load. Approve it and move on.

Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
Joined
Oct 19, 2020
RedCents
50¢
It's masking the exe in memory with a new name every load. Approve it and move on.

Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
 
Last edited by a moderator:
Solution

Redbot

🖥️💖
Moderator
Joined
Oct 15, 2004
RedCents
73,287¢
obi-wan kenobi not the droids GIF
 
Joined
Oct 24, 2020
RedCents
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
 
Joined
Oct 19, 2020
RedCents
50¢
Punch until you can stop punching.
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
 

Sic

:)
Moderator
Joined
May 5, 2016
RedCents
32,737¢
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
 
Joined
Oct 24, 2020
RedCents
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
Yeah, googling how to do that I have tried everything I found to make it not look there. It's still looking so I'm missing something lol.

I shall keep digging!
 

Knightly

Moderator
Joined
Jun 28, 2014
RedCents
20,918¢
The copying was intentional. It's not comparing anything to see if the files are different, so it’s just copying over a new one each time. The part brainiac is talking about being unexpected is Windows defender popping up every time. In the short term, if it’s an issue for you, you can just create a shortcut to whatever exe was created.

The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”

But I’ll be fixing both of those this evening.
 
Joined
Dec 28, 2019
RedCents
2,640¢
The copying was intentional. It's not comparing anything to see if the files are different, so it’s just copying over a new one each time. The part brainiac is talking about being unexpected is Windows defender popping up every time. In the short term, if it’s an issue for you, you can just create a shortcut to whatever exe was created.

The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”

But I’ll be fixing both of those this evening.
Gotcha, thanks for the explanation.

-Taz
 

Myysterio

On thin ice
Joined
Jun 13, 2020
RedCents
477¢
That sounds sketchy... Things don't just rename themselves randomly and it was not expected.... I can't even imagine a shitty coder achieving this by accident.

--Taz
They rename themselves randomly when you don't want something looking for MQbootfile.exe. Renaming the file periodically is a method to avoid detection.
 
Joined
Aug 29, 2021
RedCents
1,075¢
Only started over the last couple of days, but I'm now getting a Windows firewall access request for C:\games\mqnext\lxxmdjox.exe

Anyone shed any light please? Is this a "standard" MQ file or......

Thank you.
 

Sic

:)
Moderator
Joined
May 5, 2016
RedCents
32,737¢
Only started over the last couple of days, but I'm now getting a Windows firewall access request for C:\games\mqnext\lxxmdjox.exe

Anyone shed any light please? Is this a "standard" MQ file or......

Thank you.
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
 
Joined
Apr 14, 2022
RedCents
I was away for a couple weeks, and upon return saw that DB did their update.... when I tried to "reinstall" MQ2, my anti-virus (Bitdefender) flagged a file in "C:\Users\Jeff\AppData\Local\VeryVanilla\MacroQuest\Release" as Malware. The filename is "slvlDl9a.exe". It also flagged files eqgame.exe, RedGuideLauncher.exe, MacroQuest.exe, mq_crash_handler.exe, and crashpad_handler.exe.

I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).

After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.

FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.

Any thoughts or similar issues out there?

Thanks.
 
Joined
Oct 26, 2020
RedCents
660¢
I was away for a couple weeks, and upon return saw that DB did their update.... when I tried to "reinstall" MQ2, my anti-virus (Bitdefender) flagged a file in "C:\Users\Jeff\AppData\Local\VeryVanilla\MacroQuest\Release" as Malware. The filename is "slvlDl9a.exe". It also flagged files eqgame.exe, RedGuideLauncher.exe, MacroQuest.exe, mq_crash_handler.exe, and crashpad_handler.exe.

I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).

After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.

FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.

Any thoughts or similar issues out there?

Thanks.
Stop watching porn bro...you've got digital std...JK! Let MQ help you...

eric mccormack watching porn GIF by Will & Grace
shocked oh my god GIF
 

Users who are viewing this thread

Top