Varpes

[yeager]

Why is windows defender reporting Macroquest2.exe is infected with Varpes.l!cl ?

[EqMule]

Ask Microsoft.

[yeager]

Not exactly the answer I was looking for!
The reason I'm asking about this is I have older versions that did not get a hit.

[demonstar55]

MQ2 injects, malware injects sometimes too. So we can get hit by false positives. I know in the past eqmule has just told Microsoft it's not malware, provided code etc. But that usually happens after he updates the exe, which I'm not sure when happened last ...

Could just be butthurt players mass reporting it and Microsoft decide to trust them :/

I wouldn't worry about false positives if you download from here.

[warlock45]

simple make an exception for the folder you put MQ into and go about your business =)

[EqMule]

It's the only reasonable answer I can give.
I don't have the source for Microsoft Windows Defender so I can't easily figure out why it would think macroquest2.exe is infected by a virus/malware.
I can however tell you with 100% certainty that if you mail it to Microsofts Windows defender team, they will promptly whitelist it for you because it IS a false positive.

Malware use the same kind of method to inject themselves into other programs as macroquest2.exe uses to inject mq2main into eqgame. This is a reasonable explaination as to why it would be incorrectly "detected".

I don't know what else to say, your question really only have two answers either I infected macroquest2.exe with the Varpes malware or it's a false positive...

I'm challenging the theory that it is infected and saying all you have to do to prove my assertion is to have Microsoft confirm its virus free and indeed a false positive by sending them the exe...

Since I am 100% sure it IS a false positive it's nothing I am going to waste time with.

[EqMule]

I realize I might have come off as argumentative, that was not my intention, I take malware and virus reports seriously so yes, there is a slight chance that I myself has an infected machine which I build macroquest2.exe on and I will therefor scan it and provide the sha1 for it.

Brb with the sha1.

[EqMule]

C:\Apps>fciv MacroQuest2.exe -both
//
// File Checksum Integrity Verifier version 2.05.
//
MD5 SHA-1
-------------------------------------------------------------------------
a2f77dc49c382c1a010f16f2d6919006 4c2cd0727a92197bfb9de85d9f590a032647140c macroquest2.exe

The exe scanned was taken from MQ2-20161104 zip.

if your macroquest2.exe does NOT have the same md5 and sha1 it has been altered.

my virustotal scan of the same file: https://www.virustotal.com/en/file/3404 ... 478477708/

[yeager]

Thank you for your response. Apparently my file is different from yours although would appear cleaner. I did white list it after all of the positive input. Just miffed how it just now starts getting flagged.

https://www.virustotal.com/en/file/a818 ... 478485161/

[EqMule]

Since your md5 is b0d02bcb0d14772e96943f036fe92a9a
I would have to question where you got that? It's not the same as I have which is from the mq2-20161104.zip

Edit: I guess whatever zip was released on patchday for live back in October...

Either way I think the bottom line here is no matter which macroquest2.exe you use none of them contains malware or viruses and if they are detected as being malware it's a flaw in the antivirus software.

[yeager]

Strange. Mine is from the MQ2-20161025.zip which seems to work just fine. I only update when it breaks.

[xyilla]

2010185.3захоSpecStarPianPeopинстКикнШахоOlafThemEntsкомпChilAAliMORGSpacBwlcMast

[xyilla]

FinaWholSantJeweМайоGoldDownBlac50-5MikeRemiзаручитаЛоцмфотоAgaiстанYachТряпGWVi