For a while now i have noticed that my anti-virus (AVG) detects a virus in the login.dll file in my 1.103 client. It had also showed up on my girlfriends daoc client also. So today i decided to do a fresh Windows install .... for other reasons, but after i finished i then though, id download a fresh copy of daoc (1.108) before transfering my backup files, to see if i get that virus warning on the login.dll.

So i downloaded the client ( about 4GB ), and checked the login.dll. It did not get any warnings of a virus. So i connected to uthgard for a sec, and then back off and checked again. No virus. So then i downloaded daoc portal, and install the craftfix.dmm, uth_classic.dmm, and uth_tajendi2.dmm mods. After that finished, now the login.dll is reporting a virus, like my old client was and like it does on my girlfriends client.

So i suspect this issue is coming from the mod changes. So is this just a false warning, because of the way it does the mod ?

The issue comes from avg heuristics. Old topic.

So i take it, its just avg seeing that login.dll was modified by a possible virus, which we know it wasnt and was purposly changed when using the mod feature of portal / mod file.

You could do binary comparison of login.dll before and after install of DAoCPortal. login.dll is not used as far as I know, just game.dll. But I can be wrong.

well i dont use daoc portal to connect to uthgard. I use a dolloader and shortcut to connect. I dont think it has anything to do with portal, it is the uth_classic.dmm which modifies the login.dll. For what reasons, im not sure. But i uninstalled each mod, in this order. Craftfix.dmm -> virus still detected, uth_tajendi2.dmm -> virus still detected in login.dll, then i uninstalled uth_classic.dmm and then checked again, but this time the virus was now gone. or i mean the warning was gone. Also the login.dll changed from 224KB to 412KB after i removed the classic mod.

Also the mod manager log, said nothing about changing login.dll as it installs the classic mod, but when you uninstall that mod, the log says login.dll restored. So oviously the change is from the classic mod for the server. I also downloaded the mod again just a sec ago to make sure, i didnt have a bugged on or something. But still the same. Is this change intended, and just a false read from AVG ?

Intresting. I made a copy of my login.dll after i uninstalled the classic mod, so that i could get a copy of the file that isnt modified. Then i installed the classic mod again and just replaced the modded login.dll with the origenal, un modded login.dll and can play the game and enter classic OF without issues, that i see. So im going to keep the origenal login.dll, instead of the virus detected one for now, untill i run into an issue in game.

I wonder why the change to that file was made. But if i run into any issues because im using the origenal login.dll, ill post it. Hopefully ill not run into any.

There is no need for a modified login.dll. Will have to ask Metty about that. The classic patch should not replace such files.

I asked Metty about that. The Modmanager modifies login.dll so you cant login on live with that modified client. It will display a warning if you try to do so: http://stuff.matthiaslinder.com/s199556B.jpg

o ok, that makes sense. And why an anti-virus would freak out. Thanks for looking into it. At least now when someone brings it up we have an answer