-
You've discovered RedGuides 📕 an EverQuest multi-boxing community 🛡️🧙🗡️. We want you to play several EQ characters at once, come join us and say hello! 👋 -
IS THIS SITE UGLY? Change the look. To dismiss this notice, click the X --->
Question - MQ .Exe random name and/or virus detection (obfuscation) (1 Viewer)
- Thread starter Myysterio
- Start date
Solution
It's masking the exe in memory with a new name every load. Approve it and move on.
Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
Last edited by a moderator:
- Joined
- Dec 29, 2017
- RedCents
- 15,229¢
Question - - MQ .Exe random name and/or virus detection (obfuscation)
I have been using RG for like 2 years now and today I got this warning for the first time. Just checking to see if its expected. It popped up when I launched MQ.
www.redguides.com
- Joined
- Feb 9, 2017
- RedCents
- 1,394¢
When did MQ start doing this?
- Joined
- Dec 29, 2017
- RedCents
- 15,229¢
lkahsdl.exe is my favorite exe this time. Next time my favorite exe will be aqrghhdaj.exe
Last edited by a moderator:
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
The copying was intentional. It's not comparing anything to see if the files are different, so it’s just copying over a new one each time. The part brainiac is talking about being unexpected is Windows defender popping up every time. In the short term, if it’s an issue for you, you can just create a shortcut to whatever exe was created.
The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”
But I’ll be fixing both of those this evening.
The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”
But I’ll be fixing both of those this evening.
Cheer 
I was away for a couple weeks, and upon return saw that DB did their update.... when I tried to "reinstall" MQ2, my anti-virus (Bitdefender) flagged a file in "C:\Users\Jeff\AppData\Local\VeryVanilla\MacroQuest\Release" as Malware. The filename is "slvlDl9a.exe". It also flagged files eqgame.exe, RedGuideLauncher.exe, MacroQuest.exe, mq_crash_handler.exe, and crashpad_handler.exe.
I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).
After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.
FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.
Any thoughts or similar issues out there?
Thanks.
I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).
After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.
FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.
Any thoughts or similar issues out there?
Thanks.
- Joined
- Nov 12, 2021
- RedCents
- 620¢
Bitdefender is super aggressive, which isn't a bad thing when it comes to antivirus. The first thing to do after you do your exemptions is to reboot. Then recover the files from your quarantine (or just redownload them).
@Fearbringer I am back home and let's see if we can't get you through this.
As I mentioned above I had to add exceptions for
eqgame.exe
macroquest.exe
settings.dat
k0yzxr3g.exe
The last one on the list might be a different name on your system/installation. Look in your G:\RedGuides\MacroQuest directory. You should see an .exe funny letters and numbers that has the MQ icon in front of it. That is the one to exempt. If yours is the same name great but if not look for the exe with the MQ icon.
As far as settings, toggle the exemptions for Antivirus and check on all three selections (On-access scan, On-demand scan, Embedded scripts)
Also make sure the slider is on to exempt Advanced Threat Defense.
You will need to do that for each of the three exe files and dat I mentioned earlier.
For good measure, I also exempted the RedGuides folder and each of the three mentioned RedGuides file from Online Threat Prevention.
I hope this helps. I hope it is clear and not confusing. As I mentioned in the PM, trust me, I was frustrated until I was able to sort it out but now everything is smooth sailing.
Be well. Happy gaming.
As I mentioned above I had to add exceptions for
eqgame.exe
macroquest.exe
settings.dat
k0yzxr3g.exe
The last one on the list might be a different name on your system/installation. Look in your G:\RedGuides\MacroQuest directory. You should see an .exe funny letters and numbers that has the MQ icon in front of it. That is the one to exempt. If yours is the same name great but if not look for the exe with the MQ icon.
As far as settings, toggle the exemptions for Antivirus and check on all three selections (On-access scan, On-demand scan, Embedded scripts)
Also make sure the slider is on to exempt Advanced Threat Defense.
You will need to do that for each of the three exe files and dat I mentioned earlier.
For good measure, I also exempted the RedGuides folder and each of the three mentioned RedGuides file from Online Threat Prevention.
I hope this helps. I hope it is clear and not confusing. As I mentioned in the PM, trust me, I was frustrated until I was able to sort it out but now everything is smooth sailing.
Be well. Happy gaming.