• You've discovered RedGuides 📕 an EverQuest multi-boxing community 🛡️🧙🗡️. We want you to play several EQ characters at once, come join us and say hello! 👋
  • IS THIS SITE UGLY? Change the look. To dismiss this notice, click the X --->

Question - MQ .Exe random name and/or virus detection (obfuscation) (1 Viewer)

Myysterio

Myysterio
Joined
Jun 13, 2020
RedCents
1,516¢
I have been using RG for like 2 years now and today I got this warning for the first time. Just checking to see if its expected. It popped up when I launched MQ.

1652529089580.png
 
Solution
It's masking the exe in memory with a new name every load. Approve it and move on.

Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
It's masking the exe in memory with a new name every load. Approve it and move on.

Mod edit: it is worth considering whitelisting your mq and EverQuest folders from things like scans and syncing. Help mq help you.
 
Last edited by a moderator:
Solution
obi-wan kenobi not the droids GIF
 
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
 
Punch until you can stop punching.
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
 
So I've white listed about everything I can seem to find in my MQ folder and this still pops up every time I run the launch, every time it's a different name. Is this the new normal? I mean I can just continue to punch the allow button every log in but can't figure out how to make it not do it is annoying.
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
 
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
Yeah, googling how to do that I have tried everything I found to make it not look there. It's still looking so I'm missing something lol.

I shall keep digging!
 
The copying was intentional. It's not comparing anything to see if the files are different, so it’s just copying over a new one each time. The part brainiac is talking about being unexpected is Windows defender popping up every time. In the short term, if it’s an issue for you, you can just create a shortcut to whatever exe was created.

The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”

But I’ll be fixing both of those this evening.
 
The copying was intentional. It's not comparing anything to see if the files are different, so it’s just copying over a new one each time. The part brainiac is talking about being unexpected is Windows defender popping up every time. In the short term, if it’s an issue for you, you can just create a shortcut to whatever exe was created.

The version file also needs to be updated to add publisher so it doesn’t say “Unknown.”

But I’ll be fixing both of those this evening.
Gotcha, thanks for the explanation.

-Taz
 
Only started over the last couple of days, but I'm now getting a Windows firewall access request for C:\games\mqnext\lxxmdjox.exe

Anyone shed any light please? Is this a "standard" MQ file or......

Thank you.
 
Only started over the last couple of days, but I'm now getting a Windows firewall access request for C:\games\mqnext\lxxmdjox.exe

Anyone shed any light please? Is this a "standard" MQ file or......

Thank you.
yes. mq is trying to help you.

whitelist your mq folder - the entire folder. you don't need to go through item by item. the whole thing

"hey computer, see this folder? no you dont!"
 
I was away for a couple weeks, and upon return saw that DB did their update.... when I tried to "reinstall" MQ2, my anti-virus (Bitdefender) flagged a file in "C:\Users\Jeff\AppData\Local\VeryVanilla\MacroQuest\Release" as Malware. The filename is "slvlDl9a.exe". It also flagged files eqgame.exe, RedGuideLauncher.exe, MacroQuest.exe, mq_crash_handler.exe, and crashpad_handler.exe.

I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).

After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.

FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.

Any thoughts or similar issues out there?

Thanks.
 
I was away for a couple weeks, and upon return saw that DB did their update.... when I tried to "reinstall" MQ2, my anti-virus (Bitdefender) flagged a file in "C:\Users\Jeff\AppData\Local\VeryVanilla\MacroQuest\Release" as Malware. The filename is "slvlDl9a.exe". It also flagged files eqgame.exe, RedGuideLauncher.exe, MacroQuest.exe, mq_crash_handler.exe, and crashpad_handler.exe.

I had to completely delete my current VeryVanilla and the offending .exe's in EQ directory to make it work (I was also denied connection to the login server while I was infected).

After a few hours, i saw that the Malware file, slDLvl9a.exe, showed up again in the MQ2 directory.

FYI, there was another weird file showing up in the re-installed MQ2 directory, named "Oiiibvck.exe". This filename did not show up in the old version of MQ2. I renamed it to a ".bak" file, just to be safe.

Any thoughts or similar issues out there?

Thanks.
Stop watching porn bro...you've got digital std...JK! Let MQ help you...

eric mccormack watching porn GIF by Will & Grace
shocked oh my god GIF
 
Bitdefender started to mess with me. When I launch RG App/MQ2, BD says its a virus and stops MQ from booting? And ideas? Thanks so much!
you should consider exempting mq and eq from antivirus and other things that scan or can otherwise hold your files hostage.

what file specifically is it saying is?
 
Thanks for the reply Sic, much appreciated.

Advanced Threat Defense
Bitdefender detected potentially malicious behavior and blocked all applications involved. Detection ID: SuspiciousBehavior.176B226A1EA8FDE3
 

Attachments

  • Screenshot 2022-08-02 163933.png
    Screenshot 2022-08-02 163933.png
    36.5 KB · Views: 12
  • 1.png
    1.png
    32.1 KB · Views: 12
  • 2.png
    2.png
    28.5 KB · Views: 12
Last edited:
Thanks for the reply Sic, much appreciated.

Advanced Threat Defense
Bitdefender detected potentially malicious behavior and blocked all applications involved. Detection ID: SuspiciousBehavior.176B226A1EA8FDE3

@Fearbringer I am also using BitDefender. Here are my exemptions

g:\daybreak game company\installed games\everquest\eqgame.exe

g:\redguides\macroquest\k0yzxr3g.exe

g:\redguides\macroquest\macroquest.exe

Change the drive letter to wherever you have the files installed.

Hope this help. Happy gaming.
 
Well I added some exemptions and now it says this, and i tried to download the files again from the website. The .exe is now MIA. @Sic
 

Attachments

  • User.png
    User.png
    13.5 KB · Views: 7
  • wtf.png
    wtf.png
    451.3 KB · Views: 8
  • Lol.png
    Lol.png
    191.5 KB · Views: 7
  • lolol.png
    lolol.png
    12.2 KB · Views: 9
Last edited:
Bitdefender is super aggressive, which isn't a bad thing when it comes to antivirus. The first thing to do after you do your exemptions is to reboot. Then recover the files from your quarantine (or just redownload them).
 
Question - MQ .Exe random name and/or virus detection (obfuscation)

Users who are viewing this thread

Back
Top