Problem - IDP.Generic detected in EQBCS2.exe

[Elon]

My computer was actively hacked the other day. Someone was moving my character in Everquest and also had keyboard control. I use ISBoxer via Innerspace as well as Redguides with EQBCS2. I immediately stopped playing and started looking for ways to better secure my PC from attack. I installed AVG antivirus and today it returned the following detection:

Was this the source of my computer being hacked? I realize that Innerspace, ISBoxer, VeryVanilla and EQBCS2 are all potential vulnerabilities but I have no way of identifying the actual culprit in this situation. Any suggestions on how to further protect my PC from being actively hacked would be greatly appreciated.

 

[zuesizgod]

That's a false positive from AVG. As for being 'hacked' unless you opened the ports on your router/firewall, that's a non starter.

 

[JerkChicken]

As long as you got VV and IsBox from trusted sources it is not likely to be the source of your problems. It is possible for malware to attach itself to other exe files. However thats an old technique seldom used today.

It is likely a False Positive. If your system has been compromised, the best thing to do is to wipe and start from scratch. It hurts but shit get buried so deep into the systems now its hard to know for sure its clean.

Second thing is to dump AVG. So many times I've heard "My computer go a virus" and they ran AVG. I would pick Norton over AVG.

If you do not want to wipe the system; make sure you do not have teamviewer installed. Or a process named VNC.

If they had a Command and Control malware on your system then they did some shit.

 

[zuesizgod]

Shite I would use straight Windows defender over AVG/Avast.

 

[sl968]

"The IDP.Generic warning is most often a byproduct of an outdated version of AVG or Avast antivirus software"

Because of the high possibility that the IDP.Generic virus is simply a false positive from an outdated antivirus or another program, update the antivirus program that alerted you to the most current version available. Then run the scan or program again. If you receive the warning again, you should assume it is not a false positive result and take additional steps to clear your system of the actual virus.

IDP.Generic warnings can sometimes be triggered by an out-of-date version of Java on your computer. If you're not sure whether or not this is the root of your problem, it's worth removing Java from your system and installing a completely new version to see if that resolves the warning.

Do You Have the Idp.Generic Virus?

A computer infection generalized as IDP.Generic threats could be a false positive or a real threat. Learn how to determine if your PC is infected and what to do about it.

www.lifewire.com

 

[Robban]

Someone was moving my character in Everquest and also had keyboard control.

What did they do?

 

[Sic]

What did they do?

first thing that came to mind when i heard this was a macro was running or mq2melee and no stickbreak (or easyfind)

 

[ToeJamSamy]

I don't run any AV on my systems, I just don't partake in risky crap...buy my experience is that Norton is damned near a virus in itself(in fact they pay millions a year on"research" paying people to create viruses to get people to buy their software. AVG has always found, for me(as pc repair, not my own as I said) malware and such that no one else would that I knew was there. Everything does get false positives, usually due to certificate dates and such- my browser's been open so long that every download is flagged as unsafe lol, until I restart and it applies it's updates. The only other AV I've found to catch things, legitimate problems, that Norton, McAfee, etc etc don't, is Kaspersky. Norton OTOH, as well as McAfee, embeds itself so deep in your crap that you have to have a special tool to fully uninstall them when you want to, and sometimes when you just change versions or upgrade, and that in itself can cause a mess.
To each his own, but of you don't like or trust avg, I'd definitely go with Kaspersky over Norton. Norton has some great software, bit I'd never consider their AV to be one of them. I'd go Kaspersky over AVG too myself if I found the need, bit in a pinch AVG, even the free version, can catch a lot when you just can't seem to get an infection cleaned up. MBAM(Malwarebytes) and AVG free are good in a pinch to get a system usable again, but you always have to look at what pops up because false positives. False negatives are far worse.
Also, as soon as you suspect you may have an infection: reeboot the bad way. If you allow your system to shit down normally, like after many software installs, you're in essence locking the threat in and giving it license to run havoc. Some of the worst don't do their real damage until you restart as they've entered themselves into your startup during the shut down process. When you do restart: do it in safe mode, run MBAM. Then turn on networking to update MBAM(first time just use the base install. I keep a copy on flash drives, my network, and nearly every different HDD on every computer so tis always accessible without the internet) and run it again. Then I stall whatever AV you wanna go with, still in safe mode and run that the same way: unupdated, then updated if it allows. So many viruses hijack your connection you may not even be able to get online after a normal restart without clearing some of the crud.
When I say "the bad way" I mean holding the power button for like 5 seconds til it shuts off, not ripping the cord out of the back or flipping the PSU switch. This stops windows from shitting down how it-and a young virus- wants to, so the active processes etc don't get saved. It's like getting a stain out before vs after running through the dryer.

 

[Robban]

first thing that came to mind when i heard this was a macro was running or mq2melee and no stickbreak (or easyfind)

yeah, something like that was I thinking too

 

[Elon]

Thanks for the replies. There is nothing worse than having someone else overtly hacking your computer. We all spend countless hours leveling and tending to our Everquest characters. I have had my computer hacked several times in the past. Every time I have attempted to use Discord, my computer has been hacked. The hack was also at administrator level access as indicated by the hacker boldly typing my administrator password, email addresses, and search history right into my chat window. He also attempted to kill my character by running my cleric toward red con NPCs and preventing me from logging out by constantly moving my character. He then tried to prevent me from restarting my computer by spamming the start menu button. I was eventually forced to use the reset switch to exit windows 10. The jerk had obviously placed some rootkit on my computer because he continued to harass me the next day almost immediately after I logged onto the computer. I was forced to do a complete reinstall of Windows 10 to finally get rid of the hacker...

 

[ToeJamSamy]

Thanks for the replies. There is nothing worse than having someone else overtly hacking your computer. We all spend countless hours leveling and tending to our Everquest characters. I have had my computer hacked several times in the past. Every time I have attempted to use Discord, my computer has been hacked. The hack was also at administrator level access as indicated by the hacker boldly typing my administrator password, email addresses, and search history right into my chat window. He also attempted to kill my character by running my cleric toward red con NPCs and preventing me from logging out by constantly moving my character. He then tried to prevent me from restarting my computer by spamming the start menu button. I was eventually forced to use the reset switch to exit windows 10. The jerk had obviously placed some rootkit on my computer because he continued to harass me the next day almost immediately after I logged onto the computer. I was forced to do a complete reinstall of Windows 10 to finally get rid of the hacker...

Sounds like you pissed someone off. There's always /q though.

 

[CazRaX]

Thanks for the replies. There is nothing worse than having someone else overtly hacking your computer. We all spend countless hours leveling and tending to our Everquest characters. I have had my computer hacked several times in the past. Every time I have attempted to use Discord, my computer has been hacked. The hack was also at administrator level access as indicated by the hacker boldly typing my administrator password, email addresses, and search history right into my chat window. He also attempted to kill my character by running my cleric toward red con NPCs and preventing me from logging out by constantly moving my character. He then tried to prevent me from restarting my computer by spamming the start menu button. I was eventually forced to use the reset switch to exit windows 10. The jerk had obviously placed some rootkit on my computer because he continued to harass me the next day almost immediately after I logged onto the computer. I was forced to do a complete reinstall of Windows 10 to finally get rid of the hacker...

You need to be a bit more careful with what you download and run, being this directly hacked and to the point that they start again as soon as you restart sounds like it is someone you know.

 

[Sic]

You need to be a bit more careful with what you download and run, being this directly hacked and to the point that they start again as soon as you restart sounds like it is someone you know.

100%

the chances just some rando stuff happens and dude happens to run your toon to a red con and start killing it is way too fantastical to be random.

sounds like when i put LetMeRule2 on my sister's computer back in the day and messed with her

 

[Sum1]

Don't use avast.

 

[Elon]

You need to be a bit more careful with what you download and run, being this directly hacked and to the point that they start again as soon as you restart sounds like it is someone you know.

The problem is I don't really know anyone that would do this. I play by myself, am retired, and am not even active in a guild. My guess is that some kid discovered Kali linux and just decided he wanted to harass someone.

 

[Elon]

The problem is I don't really know anyone that would do this. I play by myself, am retired, and am not even active in a guild. My guess is that some kid discovered Kali linux and just decided he wanted to harass someone.

Or, some jackass working for big tech or the government decided he wanted to harass a Conservative....

 

[Redbot]

Here's the source for eqbcs2.exe:

eqbcsold · master · RG Creators / LegacyMQ2 · GitLab

An unmaintained legacy version of MacroQuest2 for 32-bit EQ clients.

gitlab.com

 

[sl968]

Trust me I have 20+ years in IT. It's a false positive from an antivirus.

 

[Hobojedi]

Too much downloaded porn

 

[Knightly]

Trust me, I've been working in IT for 791 years.

If you got hacked, you're too trusting, stop trusting.

Also, run some antivirus with active scanning. You get what you pay for. Windows Defender is pretty good, but I personally wouldn't rely on antivirus written by the OS I'm trying to protect.

 

[Elon]

Has anyone tried or know anything about Sophos XG Firewall Home Edition? It is free but requires a dedicated, stand-alone PC running the Sophos XG operating system and whose sole purpose is intrusion detection. The question I have is my hacker using a vulnerability of a running program on my pc---which would automatically grant administrator privileges or a Linux hacking flavor like Kali or Parrot and exploiting known Windows vulnerabilities? I have a spare computer that I can install Sophos XG on to try it out.

 

[JerkChicken]

Are you a network admin? If not I’d stay away from those big fancy firewalls. IDS and IPS take constant attention to maintain. It also requires two network cards. The are not a set it and forget it.

Kali is more scanning than “hacking”. The truth is, unless your machine is connected directly to the internet (not very common) or you share a internet connection with a bunch of douchbags (dorm/apartment type environments) the only way they got in is by you letting them in. Do not take that as a personal attack, because attackers have gotten damn good at what they do. They hide them in fake virus protectors, driver updates, word documents, banner ads. They go as fas as calling or texting you to say they detected a problem on your PC and want to “fix it”

I stress this in cyber security training; your anti-virus is always out of date. That and anti-virus alone won’t do shit. You need is a client side firewall/total security program. If you only have only one computer then set the security to max, more than on request some tweaking. At the end of the day; the best computer protection is “the human firewall”. The current catch phrase for corporate Cyber Awareness training is “Cyber security is a shared responsibility”

I won’t promote and products here (everyone has thier preference) but; you need a total security type package malware protection and firewall, and a cloud based backup (or save your personal files to some free cloud storage provider). You can keep an eye on NewEgg promo emails or SlickDeals for promos on different packages.

 

[zuesizgod]

I realize that Innerspace, ISBoxer, VeryVanilla and EQBCS2 are all potential vulnerabilities

This day in age, if you're not careful just turning on your PC is a vulnerability. How do we know if your PC isn't patched that someone didn't exploit something, or have the shit ass Java installed and not patched, or flash. There are a lot more vulnerabilities out there than EQ related things.

The question I have is my hacker using a vulnerability of a running program on my pc---which would automatically grant administrator privileges or a Linux hacking flavor like Kali or Parrot and exploiting known Windows vulnerabilities?

When you ask a question like this, my flag goes up to say you haven't patched things. Patch, reboot, scan w/ free tools like Malwarebytes.


As Jerk said, unless you're an admin or a network person, stay away from the big stuff. You can secure your stuff down just fine w/ standard equipment. You're over complicating your situation, and currently, if you're leaving your machine online (if it really is hacked) then your doing more harm to yourself than good. Download and update Malwarebytes or something like that, that's free, then do a full scan, Run a windows defender scan after you update the definitions.

 

[faiding]

The problem is I don't really know anyone that would do this. I play by myself, am retired, and am not even active in a guild. My guess is that some kid discovered Kali linux and just decided he wanted to harass someone.

I'm sure you're aware of this, but the following things are immediately compromised and readily available when someone hacks a PC to the extent yours was:

1. All saved web browser logins + passwords
2. Any plain-text sensitive information (e.g., your EverQuest usernames)
3. Your WiFi password

None of the above is password protected in Windows and it takes 2-3 clicks/commands to show any of it. The amount of damage that hacker can do is devastating -- I hope you're resetting your passwords.

What I would have done:
0. Not open a suspicious file
1. Disconnect internet cable, boot up, backup whatever, save, reformat (not just reinstall, that doesn't get rid of everything)
2. Change WiFi password to something unique and force all devices to re-authenticate (before plugging internet cable back in). If router/modem is stupid-old and not WPA2, buy a new one.
3. Reinstall Windows, pick a good firewall/anti-virus package
4. Run a good browser with an ad blocker (I prefer Firefox + Adblock Plus). This is mostly unrelated, but it does further reduce the likelihood of clicking on bad things.
5. Change all of my passwords
6. Make sure I changed all of my passwords
7. Make very sure I changed all of my passwords
8. Yeah, even that one.

I've used Kali extensively and could go on about how hard it is to actually "hack" a modern WiFi network, but to be brief -- unless you have super outdated hardware/no WiFi password and live in a densely populated area, you probably just opened a malicious image/zip/doc file.