ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder
-
Marabornwingrion✭✭✭✭✭
✭✭✭✭Can someone check in game files if red shell disappeared? Just in case.1 -
DieAlteHexe✭✭✭✭✭
✭✭Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.
ETA: Logged in, checked again. Still no sign of it.
Edited by DieAlteHexe on June 4, 2018 10:59AM
Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake0 -
RexyCat✭✭✭✭It's in the patch notes :
General
Removed the integration of the external analytics tool Red Shell and all associated files.
Right thing to do Zos
When will see a BlackShell (as going under the "radar") or even WhiteShell (being all innocent and open for public eye)? RedShell sounds dangerous for some reason... :-P
Good that they got rid of that thing...don't like to have dangerous things on my computer...0 -
Syncronaut✭✭✭DieAlteHexe wrote: »Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.
ETA: Logged in, checked again. Still no sign of it.
Its not in the hidden files either. To be 100% better to check any new files, as they could just be renamed to work like that program (usual thing viruses do).1 -
DieAlteHexe✭✭✭✭✭
✭✭Syncronaut wrote: »DieAlteHexe wrote: »Got patched, at least I think I did...there was an error on the update which seems to have cleared now. Anyway, fwiw, I did a search on RedShell.dll and came up empty.
ETA: Logged in, checked again. Still no sign of it.
Its not in the hidden files either. To be 100% better to check any new files, as they could just be renamed to work like that program (usual thing viruses do).
Did on former. Will do on latter after I snarf lunch.
Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake0 -
xRIVALENx✭✭✭I'll make a list of the common dynamic link libraries loaded with eso64.exe when I get home this evening, that way we can just reference the list every patch to see if something new was added.6 -
Luthid✭✭✭It's in the patch notes :
General
Removed the integration of the external analytics tool Red Shell and all associated files.
Right thing to do Zos
No, the “right thing to do” would have been to disclose that they were delivering a 3rd party utility to capture and share your information before doing it.
They already have all the data they were wanting from us. They are losing nothing by backing it out now.11 -
NewbieOKS✭✭✭https://imgur.com/a/IuQSroi
Performed some checks with a sequential order (please click link above)
p.s: i am a non IT guy, so this is the best thing I can do and think, any inputs is welcomed
btw anyone know how to insert photos here? I used BBCode but still can't upload here, I used imgur for upload
Post #701 below Thanks to @LumbermillOverlord
1. Searching the RedShell file existence using Windows Search
2. Result is none. Showing the ESO folder contents (in general view)
3. Select ESO folder for scan by Kaspersky Total Security
4. Result of the Kaspersky Total Security Scan
5. Prepare to perform a Vulnerability Scan by Kaspersky Total Security
6. Vulnerability Scan by Kaspersky Total Security in motion/progress (80% progress local time 6.41 pm)
7. Vulnerability Scan by Kaspersky Total Security completed (7.01 pm my local time)
8. Vulnerability Scan by Kaspersky Total Security results
9. Perform Network Activity Test using Kaspersky Total Securiy while logging in and playing ESO in the same time (local time 7.09 pm)
10. Playing ESO (local time 7.17 pm - see the right top corner).
Edit notes: to insert print screen in sequential order (total 10 print screens with different links each)Edited by NewbieOKS on June 4, 2018 12:59PMhttps://signatur.eso-database.com/17868970/signatur.jpg
ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on1 -
Syncronaut✭✭✭Login time info:
Accout to character selection -- 53 seconds
Character seletection to game - 1 min 20 seconds
Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)1 -
NewbieOKS✭✭✭LumbermillOverlord wrote: »picture link must have extension in the name
Ok thanks I’ll made some edit on my comment above #700
https://signatur.eso-database.com/17868970/signatur.jpg
ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on0 -
Syncronaut✭✭✭KittyVonPurr wrote: »Isn't there some kind of privacy laws against that??
If you are in EU:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation0 -
esotoon✭✭✭✭✭
✭Syncronaut wrote: »Login time info:
Accout to character selection -- 53 seconds
Character seletection to game - 1 min 20 seconds
Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)
Was that the first time you loaded the game after the patch or did you test it more than once? (I'm just asking in case you didn't realise that the first time you load the game after any patch, it always takes longer to load.)1 -
DieAlteHexe✭✭✭✭✭
✭✭Syncronaut wrote: »Login time info:
Accout to character selection -- 53 seconds
Character seletection to game - 1 min 20 seconds
Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)
Yup, really slow and now it's even slow to log out or quit.
Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake0 -
DieAlteHexe✭✭✭✭✭
✭✭Syncronaut wrote: »Login time info:
Accout to character selection -- 53 seconds
Character seletection to game - 1 min 20 seconds
Loading times got even worse now. (pre-patch it was 32 sec and 55 sec)
Was that the first time you loaded the game after the patch or did you test it more than once? (I'm just asking in case you didn't realise that the first time you load the game after any patch, it always takes longer to load.)
Six times, to be precise (was finishing daily crafting).
Very slow.
Dirty, filthy casual aka Nancy, the Wallet Warrior Carebear Potato Whale Snowflake0 -
Zorgon_The_Revenged✭✭✭✭✭Maybe they should sneak a program in that tracks why the game can be so unstable sometimes. I've played a lot of other MMO's in the past 18-24 months and nothing comes close to how unstable this game is, I've had more trouble in one bad week of ESO than the other games in total.2
-
xeNNNNN✭✭✭✭✭
✭Zorgon_The_Revenged wrote: »Maybe they should sneak a program in that tracks why the game can be so unstable sometimes. I've played a lot of other MMO's in the past 18-24 months and nothing comes close to how unstable this game is, I've had more trouble in one bad week of ESO than the other games in total.
Thats simple.
The Hero Engine is trash.Ah, e-communities - the "pinnacle" of the internet............yeah, right.5 -
GTech_1✭✭✭✭@ZOS_MattFiror
I'm just gonna leave this here:
Today's Live client maintenance did remove the RedShell.dll file from the Live client.
However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.
As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.
Questions for @ZOS_MattFiror
1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?
2) What changes are you making to enforce better version control in the immediate future?
***Edit: Fixed image links.Edited by GTech_1 on June 4, 2018 9:47PM11 -
DoctorESO✭✭✭✭✭
✭✭@ZOS_MattFiror
I'm just gonna leave this here:
Today's Live client maintenance did remove the RedShell.dll file from the Live client.
However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.
As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.
Questions for @ZOS_MattFiror
1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?
2) What changes are you making to enforce better version control in the immediate future?
***Edit: Fixed image links.
My, oh my, oh my. So it's still there on the PTS client?3 -
Cadbury✭✭✭✭✭
✭✭✭✭✭Ive been OOTL since Friday. Any new developments?"If a person is truly desirous of something, perhaps being set on fire does not seem so bad."0 -
Elsonso✭✭✭✭✭
✭✭✭✭✭Wait... Y'all didn't know it was also in the PTS client? Just stay off PTS until they update it.0 -
Reverb✭✭✭✭✭
✭✭✭✭✭Seems like a good place to collect the industry coverage on this:
https://www.mmorpg.com/mobile/news.cfm?read=48697&game=821&ismb=1
http://massivelyop.com/2018/06/01/players-try-to-figure-out-how-to-opt-out-of-elder-scrolls-onlines-new-spyware/
https://www.vgr.com/tracking-software-elder-scrolls-online/
https://www.hrkgame.com/newsroom/zenimax-online-studios-messed-up/
Battle not with monsters, lest ye become a monster, and if you gaze into the abyss, the abyss gazes also into you. ~Friedrich Nietzsche5 -
sirston✭✭✭✭✭lordrichter wrote: »Wait... Y'all didn't know it was also in the PTS client? Just stay off PTS until they update it.
I still have it in my files and I don't play the PTS it said last modified on may 21st but it updates it'self without being launched.Whitestakes Revenge
WoodElf Mag-Warden
Sirston
Magickia Dragonknight
T0XIC
Pride Of The Pact
Vehemence
The Crimson Order
victoria aut mors0 -
Seri✭✭✭✭
PTS maintenance is completely independent of Live maintenance - as far as the launcher is concerned, they're two completely separate game installs. Given PTS didn't get maintenance yesterday, there's no reason to expect the DLL to have vanished.@ZOS_MattFiror
I'm just gonna leave this here:
Today's Live client maintenance did remove the RedShell.dll file from the Live client.
However, the primary issue (third party software installed on our rigs, without our knowledge, and without our consent) is not resolved for those of us who help out on the PTS.
As of today's date June 4th, 2018, the RedShell.dll file still exists in the PTS client.
As you can see in the image, according to the date stamp on that file, ZOS installed the RedShell.dll on my rig, without my knowledge, or consent, on May 7th, 2018.
Questions for @ZOS_MattFiror
1) When can we expect the PTS maintenance to remove RedShell, in its entirety, from our rigs?
2) What changes are you making to enforce better version control in the immediate future?
***Edit: Fixed image links.
My, oh my, oh my. So it's still there on the PTS client?EP CP160+ Templar, Sorc, NB
DC CP160+ Templar, Sorc, DK4 -
RedTalon✭✭✭✭✭Well that is said, but given the model is not subscription based not shocking either.
Though ads generally make me less likely to buy things I see
So hope it never gets fully usedEdited by RedTalon on June 5, 2018 6:39AM0 -
Mrs_Malaka✭✭✭✭I came back to the eso forums a few days ago to see how the world of tamriel is doing.
I am not surprised to hear about this "redshell incident".
This spyware should not have been installed in the first place, inactive or otherwise.
The fact that it took Matt Firor until almost 20 pages of posts on this single thread to finally make an "official statement" is pathetic. Although, his moderators were most likely watching this thread since the first page of it, just not saying anything because of the scope of this subject. They must have figured "Oh, this is pretty bad, we should alert Matt and the legal team as well."
That's a pretty crummy thing to do to your players, zos. Real crummy.
If my landlord placed hidden cameras all over my apartment and I found them and they were there, but not "activated", and he told me "Oh, I don't know how they got there! How erroneous! What an immoral mistake I have made!" I wouldn't say "That's okay. You've apologized and they aren't turned on. We're good now."
I wouldn't believe that line of rubbish! I would contact the proper authorities and instantly be arranging a new living space someplace else.
Bad business ethics, zos. Just bad."But screw your courage to the sticking-place,
And we’ll not fail."
PC/NA & EU4 -
xRIVALENx✭✭✭For future reference. There were plenty of other dll files loaded but they were all System32 libraries related to drivers and such. I'll retain the full list of the Base, Module, Party and Path breakdown should anyone be interested.
Summerset Patch (DLL List)
=======================
\Zenimax Online\The Elder Scrolls Online\game\client\bink2w64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\d3dcompiler_47.dll
\Zenimax Online\The Elder Scrolls Online\game\client\granny2_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icudt55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icuin55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icuuc55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\RedShell.dll
\Zenimax Online\The Elder Scrolls Online\game\client\steam_api64.dll
Patch v4.0.8 (DLL List)
===================
\Zenimax Online\The Elder Scrolls Online\game\client\bink2w64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\d3dcompiler_47.dll
\Zenimax Online\The Elder Scrolls Online\game\client\granny2_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icudt55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icuin55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\icuuc55_x64.dll
\Zenimax Online\The Elder Scrolls Online\game\client\steam_api64.dll
5
