Test Executable Gives Virus Warning

Discussion in 'Bug Reports' started by twotoneska, Nov 15, 2019.

  1. twotoneska New Member

    Trying to get on the test server tonight after no issues with live. When the program replaces eqgame.exe, Windows Security pops up that a threat is found.

    Looking at it, Windows thinks eqgame.exe is "Trojan:Win32/Detplock". Have let Windows remove the file and re-run the patcher several times, but Windows says every one is this trojan. Occasionally the Everquest launcher itself will give a virus warning, but not everytime like Windows.

    Can go to the live version and scan my Everquest folder, no warnings. Go back to Test, it comes back.
    Baroka and Winnowyl like this.
  2. Bubonyc New Member

    I am having the same issue with the same warning. I can swap back to live and the game loads.

    Changing compatibility mode and running virus scanner comes up with nil. Seems to be Windows Defender is calling it a virus.
  3. Lotusis New Member

    Same here but no warning given. windows blocked eqgame.exe and now patcher wil NOT download a new one i tried turning off windows defender and virus protection to no avail
  4. Drathese New Member

    Just got this warning on both systems through WIndows Defender. Trojan:Win32/Detplock
  5. twotoneska New Member

    I know this is the weekend, but I figured I should give more info just in case someone at Daybreak checks this.

    The problem is on my Windows 10 desktop. I do not have the same problem on my Windows 10 laptop. This started yesterday after my desktop successfully installed the 2019-11 Cumulative Update for version 1809 (https://support.microsoft.com/help/4523205). I am not at my laptop atm, so I cannot check if it has this update yet.

    I launched the EQ Launcher immediately after my computer started up from the update. At first, it gave me the error mentioned in the other thread about not being able to write to the directory. I solved this issue by checking the install directory folder (for this PC, C:/Everquest) properties, where the folder was tagged as Read Only. Unchecking this and allowing the change for all subfolders and files removed that error, but then the virus message came up. I did not change the folder setting; this may have been the result of the update, or something else. Upon checking the game directory folder now, it is again marked as Read Only (which is normal for a folder in the C: directory), but I am able to patch the game. It appears certain files within needed the permission change, but Windows is changing the parent directory.

    And finally, to show how much of an EQ junky I am, I told Windows Security to allow both the eqgame.exe and eqgame.exe.part files that triggered the warning, and I was able to successfully enter the game. Hey, some risks are worth taking.
  6. Bubonyc New Member

    I will try modifying the securities. my flip side, live server would download eqgame.exe normally and play.
  7. jboots New Member

    I play on test too and i have this problem glad i'm not the only one.
    CatsPaws likes this.
  8. Baroka New Member

    I also play on test. I got this alert msg from Windows Def yesterday. (Win 10) after running a full scan of Win def and Iobit I found no errors but still got this every time I launched EQ. I did a full forced deletion of the game using Iobit uninstaller, and redownloaded the game. Re-installed my char ui from a 6 month old file on my external hard drive. loaded up and it was fine for a bit. Then second load up I got the alert mesg again. I have no other problems on my computer or any other alerts.
  9. Luinne B`Haen Journeyman

    the silence from DBG on this matter is deafening. Why is it they can spam us with ads for the upcoming expacs, new in-game items, and other stuff for us to buy, but when they have issues like this... it dead.

    a simple, "We know this is happening. we screwed up. we are actively working on this/ignoring this until monday since we don't work weekends" kind of message would be nice. I'd rather be told "we are doing nothing about this until an actual work-day" than have it not addressed. that's elementary level customer service.
  10. xxGriff Augur

    From what i have seen, this is a false positive being given. one of my systems (Win 10 x64 Pro) gave me the error. I ran Malware-Bytes, no infection detected, rebooted and added eqgame.exe and launchpad to exclusion list for defender, and voila, worked. First run a full scan to detect any/all Malware (I prefer MalwareBytes as it is just a more robust app) if an infection is detected, allow quarantine, and reboot. run another scan to verify absence of continued infection, if clean, try running EQ/Launchpad, if your error persists, add the aforementioned exe's to defenders exclusion list, and try again. you can also simply add your EQ directory to the exclusion list. Personally, I dont/wont add and entire Dir, but thats me, some may find it easier. basically determine if there is a genuine infection(s) if so allow them to be cleaned, and repatch. if no malware/trojan is detected, add to the exclusion list.
  11. Khat_Nip Augur

    I just ran the Test Patcher and didn't get any warnings. Also scanned with Windows Defender and Malwarebytes and all is seemingly well, for me.

    If you want to compare file hashes of eqgame:

    Modify the command below accordingly, open a Command Prompt, then run it.

    certutil -hashfile c:\path\to\Everquest\eqgame.exe MD5
    (or in Powershell: Get-FileHash -Path c:\path\to\Everquest\eqgame.exe -Algorithm MD5)

    Here is my result:
    MD5 hash of eqgame.exe:
    69da82c21c959b581f23dd62364ff0d0
    CertUtil: -hashfile command completed successfully.

    If, after most recent patch, your hash is different than this then the files aren't identical and something is wonky.

    (Edit to add: I'm on v1909 Build 18363.476)
    xxGriff likes this.
  12. Khat_Nip Augur

    Another thing to mention:
    Uploading the file to Virustotal.com, Windows Defender is the only antivirus (out of over 70+) that flags eqgame.exe as Trojan:Win32/Detplock so it's likely a false-positive as was stated earlier.
  13. Baroka New Member

    Update: So I ran my antivirus in safe mode on full scan, and did a scan with windows defender off line and found nothing. I also started up my wife computer that has eq on it but is never really played. Set it to test server and as soon as I got in Windows defender flagged it. Her computer is seldom used and has no connection to mine. As others have said I think this is a false positive.
    Edit: Her computer is also windows 10 and updated on start up
  14. I_Love_My_Bandwidth Augur

    It's not like they have irrefutable proof that this even has anything to do with them. For starters, assuming this is a false-positive, this could be a Win10 problem, not an EQ problem. Additionally, the second they post anything to do with it they assume responsibility for it. And it's not like they had an abundance of free time before.

    But asking FQers to think rationally before grabbing the pitchforks and torches is like asking water not to be wet.
  15. Khat_Nip Augur

    This has absolutely zilch to do with DBG/EQ and everything to do with Windows Defender being dumb.
  16. Feljar New Member

    I play on test as well & am experiencing the same issue. Logged in fine last night, this morning, error & virus warning. Full scans from Malwarebytes & windows defender found nothing. Tried a bunch of other things on other sites to remove “detplock” Trojan. None cleared the error. Maybe it is a false positive & there is no Trojan to clear, that’s good news, but I still can’t log on. I made exceptions to the EQ exe’s on windows defender but still won’t let me. Has anyone had any success with a remedy so far?
  17. twotoneska New Member

    I think in my block of text above, I mentioned allowing/exceptioning both 'eqgame.exe' and 'eqgame.exe.part' to get around the security warning. That works for me.
  18. twotoneska New Member

    Probably true, but you'd think they'd run their executable against the most widely used anti-virus to make sure the signature didn't provoke a false positive.
  19. Beimeith Augur

    Why didn't they jump at a bug report, for the Test Server, on a Friday, after 5:00 PM, when they were at a party?

    Gee, I wonder...
  20. yepmetoo Augur

    Silence is deafening on a tech support issue hours after tech support is gone for the weekend? Really?
    Warpeace likes this.

Share This Page