Maintenance for the week of December 23:
• NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
• EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

  • Marabornwingrion
    Marabornwingrion
    ✭✭✭✭✭
    ✭✭✭✭
    Can someone check in game files if red shell disappeared? Just in case.
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    its not patched yet
  • DieAlteHexe
    DieAlteHexe
    ✭✭✭✭✭
    ✭✭
    Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.

    ETA: Logged in, checked again. Still no sign of it.
    Edited by DieAlteHexe on June 4, 2018 10:59AM

    Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake
  • RexyCat
    RexyCat
    ✭✭✭✭
    Beardimus wrote: »
    It's in the patch notes :

    General
    Removed the integration of the external analytics tool Red Shell and all associated files.

    Right thing to do Zos

    When will see a BlackShell (as going under the "radar") or even WhiteShell (being all innocent and open for public eye)? RedShell sounds dangerous for some reason... :-P

    Good that they got rid of that thing...don't like to have dangerous things on my computer...
  • Syncronaut
    Syncronaut
    ✭✭✭
    Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.

    ETA: Logged in, checked again. Still no sign of it.

    Its not in the hidden files either. To be 100% better to check any new files, as they could just be renamed to work like that program (usual thing viruses do).
  • DieAlteHexe
    DieAlteHexe
    ✭✭✭✭✭
    ✭✭
    Syncronaut wrote: »
    Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.

    ETA: Logged in, checked again. Still no sign of it.

    Its not in the hidden files either. To be 100% better to check any new files, as they could just be renamed to work like that program (usual thing viruses do).

    Did on former. Will do on latter after I snarf lunch.

    Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake
  • xRIVALENx
    xRIVALENx
    ✭✭✭
    I'll make a list of the common dynamic link libraries loaded with eso64.exe when I get home this evening, that way we can just reference the list every patch to see if something new was added.
  • Luthid
    Luthid
    ✭✭✭
    Beardimus wrote: »
    It's in the patch notes :

    General
    Removed the integration of the external analytics tool Red Shell and all associated files.

    Right thing to do Zos

    No, the “right thing to do” would have been to disclose that they were delivering a 3rd party utility to capture and share your information before doing it.

    They already have all the data they were wanting from us. They are losing nothing by backing it out now.
  • NewbieOKS
    NewbieOKS
    ✭✭✭
    https://imgur.com/a/IuQSroi

    Performed some checks with a sequential order (please click link above)

    p.s: i am a non IT guy, so this is the best thing I can do and think, any inputs is welcomed
    btw anyone know how to insert photos here? I used BBCode but still can't upload here, I used imgur for upload

    Post #701 below Thanks to @LumbermillOverlord

    1. Searching the RedShell file existence using Windows Search
    PlZ4Vk1.jpg

    2. Result is none. Showing the ESO folder contents (in general view)
    1F4Fr4l.jpg

    3. Select ESO folder for scan by Kaspersky Total Security
    y4RbCNp.jpg

    4. Result of the Kaspersky Total Security Scan
    T2CksYq.jpg

    5. Prepare to perform a Vulnerability Scan by Kaspersky Total Security
    7vVLiQL.jpg

    6. Vulnerability Scan by Kaspersky Total Security in motion/progress (80% progress local time 6.41 pm)
    cYNEjZq.jpg

    7. Vulnerability Scan by Kaspersky Total Security completed (7.01 pm my local time)
    FqtoYG1l.jpg

    8. Vulnerability Scan by Kaspersky Total Security results
    iHi9dKB.jpg

    9. Perform Network Activity Test using Kaspersky Total Securiy while logging in and playing ESO in the same time (local time 7.09 pm)
    tqlx4MY.jpg

    10. Playing ESO (local time 7.17 pm - see the right top corner).
    HWGA3ng.jpg

    Edit notes: to insert print screen in sequential order (total 10 print screens with different links each)
    Edited by NewbieOKS on June 4, 2018 12:59PM
    https://signatur.eso-database.com/17868970/signatur.jpg
    ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    picture link must have extension in the name

    PlZ4Vk1.jpg
  • Syncronaut
    Syncronaut
    ✭✭✭
    Login time info:
    Accout to character selection -- 53 seconds
    Character seletection to game - 1 min 20 seconds

    Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)
  • NewbieOKS
    NewbieOKS
    ✭✭✭
    picture link must have extension in the name

    PlZ4Vk1.jpg

    Ok thanks I’ll made some edit on my comment above #700
    https://signatur.eso-database.com/17868970/signatur.jpg
    ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on
  • KittyVonPurr
    Isn't there some kind of privacy laws against that??
  • Syncronaut
    Syncronaut
    ✭✭✭
    Isn't there some kind of privacy laws against that??

    If you are in EU:
    https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  • esotoon
    esotoon
    ✭✭✭✭✭
    Syncronaut wrote: »
    Login time info:
    Accout to character selection -- 53 seconds
    Character seletection to game - 1 min 20 seconds

    Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)

    Was that the first time you loaded the game after the patch or did you test it more than once? (I'm just asking in case you didn't realise that the first time you load the game after any patch, it always takes longer to load.)
  • DieAlteHexe
    DieAlteHexe
    ✭✭✭✭✭
    ✭✭
    Syncronaut wrote: »
    Login time info:
    Accout to character selection -- 53 seconds
    Character seletection to game - 1 min 20 seconds

    Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)

    Yup, really slow and now it's even slow to log out or quit.


    Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake
  • DieAlteHexe
    DieAlteHexe
    ✭✭✭✭✭
    ✭✭
    esotoon wrote: »
    Syncronaut wrote: »
    Login time info:
    Accout to character selection -- 53 seconds
    Character seletection to game - 1 min 20 seconds

    Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)

    Was that the first time you loaded the game after the patch or did you test it more than once? (I'm just asking in case you didn't realise that the first time you load the game after any patch, it always takes longer to load.)

    Six times, to be precise (was finishing daily crafting).

    Very slow.

    Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake
  • Zorgon_The_Revenged
    Zorgon_The_Revenged
    ✭✭✭✭✭
    Maybe they should sneak a program in that tracks why the game can be so unstable sometimes. I've played a lot of other MMO's in the past 18-24 months and nothing comes close to how unstable this game is, I've had more trouble in one bad week of ESO than the other games in total.
  • xeNNNNN
    xeNNNNN
    ✭✭✭✭✭
    Maybe they should sneak a program in that tracks why the game can be so unstable sometimes. I've played a lot of other MMO's in the past 18-24 months and nothing comes close to how unstable this game is, I've had more trouble in one bad week of ESO than the other games in total.

    Thats simple.

    The Hero Engine is trash.
    Ah, e-communities - the "pinnacle" of the internet............yeah, right.
  • GTech_1
    GTech_1
    ✭✭✭✭
    @ZOS_MattFiror
    I'm just gonna leave this here:

    Today's Live client maintenance did remove the RedShell.dll file from the Live client.
    CsyEoIQ.jpg

    However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.

    As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
    tIqdmci.jpg

    As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.

    Questions for @ZOS_MattFiror
    1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?

    2) What changes are you making to enforce better version control in the immediate future?

    ***Edit: Fixed image links.
    Edited by GTech_1 on June 4, 2018 9:47PM
  • DoctorESO
    DoctorESO
    ✭✭✭✭✭
    ✭✭
    GTech_1 wrote: »
    @ZOS_MattFiror
    I'm just gonna leave this here:

    Today's Live client maintenance did remove the RedShell.dll file from the Live client.
    CsyEoIQ.jpg

    However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.

    As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
    tIqdmci.jpg

    As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.

    Questions for @ZOS_MattFiror
    1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?

    2) What changes are you making to enforce better version control in the immediate future?

    ***Edit: Fixed image links.

    My, oh my, oh my. So it's still there on the PTS client?
  • Cadbury
    Cadbury
    ✭✭✭✭✭
    ✭✭✭✭✭
    Ive been OOTL since Friday. Any new developments?
    "If a person is truly desirous of something, perhaps being set on fire does not seem so bad."
  • Elsonso
    Elsonso
    ✭✭✭✭✭
    ✭✭✭✭✭
    Wait... Y'all didn't know it was also in the PTS client? Just stay off PTS until they update it.
    ESO Plus: No
    PC NA/EU: @Elsonso
    XBox EU/NA: @ElsonsoJannus
    X/Twitter: ElsonsoJannus
  • Reverb
    Reverb
    ✭✭✭✭✭
    ✭✭✭✭✭
    Battle not with monsters, lest ye become a monster, and if you gaze into the abyss, the abyss gazes also into you. ~Friedrich Nietzsche
  • sirston
    sirston
    ✭✭✭✭✭
    Wait... Y'all didn't know it was also in the PTS client? Just stay off PTS until they update it.

    I still have it in my files and I don't play the PTS it said last modified on may 21st but it updates it'self without being launched.
    Whitestakes Revenge
    WoodElf Mag-Warden
    Sirston
    Magickia Dragonknight


    T0XIC
    Pride Of The Pact
    Vehemence
    The Crimson Order

    victoria aut mors
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    so its still on PTS
  • Seri
    Seri
    ✭✭✭✭
    DoctorESO wrote: »
    GTech_1 wrote: »
    @ZOS_MattFiror
    I'm just gonna leave this here:

    Today's Live client maintenance did remove the RedShell.dll file from the Live client.
    CsyEoIQ.jpg

    However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.

    As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
    tIqdmci.jpg

    As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.

    Questions for @ZOS_MattFiror
    1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?

    2) What changes are you making to enforce better version control in the immediate future?

    ***Edit: Fixed image links.

    My, oh my, oh my. So it's still there on the PTS client?
    PTS maintenance is completely independent of Live maintenance - as far as the launcher is concerned, they're two completely separate game installs. Given PTS didn't get maintenance yesterday, there's no reason to expect the DLL to have vanished.
    EP CP160+ Templar, Sorc, NB
    DC CP160+ Templar, Sorc, DK
  • RedTalon
    RedTalon
    ✭✭✭✭✭
    Well that is said, but given the model is not subscription based not shocking either.

    Though ads generally make me less likely to buy things I see

    So hope it never gets fully used
    Edited by RedTalon on June 5, 2018 6:39AM
  • Mrs_Malaka
    Mrs_Malaka
    ✭✭✭✭
    I came back to the eso forums a few days ago to see how the world of tamriel is doing.
    I am not surprised to hear about this "redshell incident".
    This spyware should not have been installed in the first place, inactive or otherwise.

    The fact that it took Matt Firor until almost 20 pages of posts on this single thread to finally make an "official statement" is pathetic. Although, his moderators were most likely watching this thread since the first page of it, just not saying anything because of the scope of this subject. They must have figured "Oh, this is pretty bad, we should alert Matt and the legal team as well."

    That's a pretty crummy thing to do to your players, zos. Real crummy.
    If my landlord placed hidden cameras all over my apartment and I found them and they were there, but not "activated", and he told me "Oh, I don't know how they got there! How erroneous! What an immoral mistake I have made!" I wouldn't say "That's okay. You've apologized and they aren't turned on. We're good now."
    I wouldn't believe that line of rubbish! I would contact the proper authorities and instantly be arranging a new living space someplace else.
    Bad business ethics, zos. Just bad.
    "But screw your courage to the sticking-place,
    And we’ll not fail."


    PC/NA & EU
  • xRIVALENx
    xRIVALENx
    ✭✭✭
    For future reference. There were plenty of other dll files loaded but they were all System32 libraries related to drivers and such. I'll retain the full list of the Base, Module, Party and Path breakdown should anyone be interested.

    Summerset Patch (DLL List)
    =======================

    \Zenimax Online\The Elder Scrolls Online\game\client\bink2w64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\d3dcompiler_47.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\granny2_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icudt55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icuin55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icuuc55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\RedShell.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\steam_api64.dll

    Patch v4.0.8 (DLL List)
    ===================

    \Zenimax Online\The Elder Scrolls Online\game\client\bink2w64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\d3dcompiler_47.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\granny2_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icudt55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icuin55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\icuuc55_x64.dll
    \Zenimax Online\The Elder Scrolls Online\game\client\steam_api64.dll


Sign In or Register to comment.