Quote:
Originally Posted by S_hift
(rasadhlp)
a-squared 4.5.0.50 2010.03.24 PWS.Win32!IK
AhnLab-V3 5.0.0.2 2010.03.24 -
AntiVir 8.2.1.196 2010.03.24 -
Antiy-AVL 2.0.3.7 2010.03.24 -
Authentium 5.2.0.5 2010.03.24 -
Avast 4.8.1351.0 2010.03.24 -
|
not really related
rasadhlp.dll is a normal windows .dll - it's the remote access auto dial helper. back when dialup was popular, when something accesses the internet and fails rasadhlp.dll is called to give the 'dial your ISP' connection box
as far as i understand,lots of windows .dlls can be hijacked in the same way we use rasadhlp.dll in tribes - put a .dll that would normally be called from windows into the current working directory of the program and it'll prefer that one.
win 8+ seems to change this (to stop those hijacks, i assume)
so it's not rasadhlp.dll that's evil - it's a part of windows. i assume antivirus would scan the .dll and see that ours pretty much solely exists to look at a subfolder and automatically load and attach the .dlls inside - and it has no version numbers or any other normal info that should be in the resource .rc so it can't say 'hey this is the legit windows .dll'
i wonder if setting the resources to look like the real rasadhlp (ie. product name = Microsoft Windows Operating System, File version = same as the windows one) would avoid some of the a/v warnings
or would it see the info is right but the size/contents aren't and still flag it