I"ve been getting a virus detection message every time I try to run GTA Vice City:

C:\DOCUME~1\Al\LOCALS~1\Temp\SIntfNT.dll
Win32:Trojan-gen {Other}
Virus/Worm

I tried deleting, removing moving to chest, but SIntfNT.dll, SIntf32.dll, SIntf16.dll keep re-appearing in my temp file.

I’m using Windows XP sp 2, pentium 4, 512 mb ram.
My copy of GTA Vice city is store bought and was working, until I copied a backup of the game files because i wanted to add some game mods to it. I’m thinking one of the files might of had a worm in it so i deleted them all.

let’s download and run CCleaner and clean out those temp files

then rt click blue ball avast update programs (just in case)
then rt click avast blue ball and schedule boot time scan- reboot
send any hits to chest- do not delete/ remove

then go to malwarebytes.org and run bot Rogue Remover free and Anti-Malware free
there may be a nag to purchase but bypass
Click REMOVE on any hits (not to worry a backup will be made
post the log

then create a new folder C:\suspicious
copy files in Chest (except system backup files) to your new folder
go to virus total and upload each file
post links to the results

this file has been the source of False Positives in the past
so not to panic

run secunia software inspector and lets see if your java etc is up to date

I have been getting a similar message when I try to run Warcraft III or the Frozen Throne expansion.

the file its detecting as a virus is sintfnt.dll . Im wondering if its not virus and just part of the game and Avast is getting over-zeallous maybe? Because it only detects it when I try to run the game, I just installed the game yesterday, and I just updated Avast to day and I have only started having the problems after the update. I also haven’t done anything i can think of to collect a virus today…

Anyway i cant seem to get the game to run now, it just keeps on popping up with that message but only when I try to run the game. Avast stops it and I cant run it, I am afraid to delete it in case it messes the game up. After I exit the warning screen the game says it cant detect the cd (its in there) and if I choose retry the whole things starts over again. ???

So I guess my question is: A) is sintfnt.dll actually something harmful? and B) assuming it is not is there a way to get avast to ignore or make an allowance for the file?

that’s what we are working on
do the upload drill if you can
when we get the results the FP and or Red Hot Virus crew will jump on it as appropriate

thanks for being on topic

Whet we have to check is to see if some Malware has misappropriated the sintfnt.dll name
and/ or injected a baddie into it

so it’s possible that one of you is clean and the other infected- or vice versa

did you see this thread today?
http://forum.avast.com/index.php?topic=38127.0

Rogue Remover found nothing.
Anti-Malware found :
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) → Quarantined and deleted successfully.
I updated everything secunia software inspector told me to.
I ended up updating AV last night and did a schedule boot time scan, did find 2 hits one in Adobe Photoshop I think it was install.exe it’s not showing in the log and it found this also
C:\RECYCLER\S-1-5-21-823518204-261903793-682003330-1003\Dc7.dll
i ended up deleting both.

i still get the same problem trying to start up Vice City though.

the vice city thing may be a false positive

did you upload your hits to virus total as requested?
If you did you should have your answer by now
take a look at the other IntfNT.dll thread and see if there is any resolution

please do NOT delete hits- move them to the chest

you probably already got it but A-Squared removes and is not a bad program to have in your arsenal
http://www.emsisoft.com/en/malware/?Adware.Trymedia.a

you might also try a scan with Super Anti Apyware
quarentine do not remove/delete

you could exclude the dll till you hear if you must run that game

I also noticed that CmdLineExt02.dll appears in my temp folder along with the sIntf"".dll files.

I sent all 4 files to virus total and got a few programs that detect them as a threat, not sure what to do with that info. I attached a couple of the results.

It does look as if the IntfNT.dll is a FP
you could put in an exclude for the time being

a couple of things to do
did you send the detections to avast?

did you try scans with superantispy and/or A-Squared?

CmdLineExt02.dll could be a low level hijacker/trojan
http://forum.emsisoft.com/Default.aspx?g=posts&t=211

If the above two do not get this (a-squared says they get it in whatever language the post is in)
then
read the instructions in the stickie and post a HJT

a-sqared did detect SIntfNT.dll,:
C:\Documents and Settings\Al\Local Settings\Temp\SIntfNT.dll detected: Trojan-Proxy.Win32.Ranky.je

i read the post and followed the instruction to get the
CmdLineExt02.dll out of my registry and created an empty text file named
CmdLineExt02.dll and another named SIntfNT.dll, and encrypted them so they can’t be over written and the game starts fine now.

my hjt log is also attached

I would like to confirm this symptom: every time GTA Vice City was started it found that virus. I ended up scanning the install media and f:\gta-vc.exe was also found to be infected. I truly hope this is a false positive, but I have instructed the primary users of this computer to refrain from installing the game before the next Virus DB update.

A-Squared is denigrated by some for false positives- something shared by ALL Anti-malwares
When it Works it Works

Other Posters
there is a fix posted in this thread
read it and use it

Hi thehe2000,

The analysis of your hijackthis logfile and the entries to be fixed are given here:
Your system seems clean of harmfull software. But we could not detect an active firewall.

Overview of running tasks: (Click on the task for more info)
smss.exe

System task

Session Manager Subsystem
winlogon.exe

System task

Microsoft Windows Logon Process
services.exe

System task

Windows Service Controller
lsass.exe

System task

Local Security Authority Service
Ati2evxx.exe

Driver

ATI Display Adapter Assistant
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
Ati2evxx.exe

Driver

ATI Display Adapter Assistant
Explorer.EXE

System task

Microsoft Windows Explorer
aawservice.exe

Anti Add/Spyware software

Ad-Aware 2007 Service
aswUpdSv.exe

Virusscan

Avast Anti-Virus Component
ashServ.exe

Virusscan

Avast
daemon.exe

Backgroundtask

Background application that is used to map an image file, such as .iso and so forth, to a virtual CD or DVD drive.

VC7Play.exe

Unknown task

Unknown task
KBD.EXE

Backgroundtask

Multimedia keyboard manager.
MotiveSB.exe

Backgroundtask

System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone.
ashDisp.exe

Virusscan

Avast AntiVirus
TeaTimer.exe

Application

Spybot S&D Realtime Scanner
RegistryBooster.exe

Backgroundtask

Registry Booster
mpbtn.exe

Backgroundtask

Motive SmartBridge
webshots.scr

Application

Webshots Desktop Image Downloader
spoolsv.exe

System task

Microsoft Printer Spooler Service

VC7Tray.exe

Unknown task

Unknown task
a2service.exe

Backgroundtask

a-squared Service
mdm.exe

Application

Machine Debug Manager
svchost.exe

System task

Microsoft Service Host Process

VC7SecS.exe

Unknown task

Unknown task
ViewpointService.exe

Backgroundtask

View Manager Service
ashMaiSv.exe

Virusscan

Avast Anti-Virus Component
ashWebSv.exe

Virusscan

avast! Web Scanner
ViewMgr.exe

Application

ViewPoint Media Player
winamp.exe

Application

Nullsoft WinAmp
wuauclt.exe

System task

AutoUpdate for WindowsME
firefox.exe

Application

Mozilla Firefox
wuauclt.exe

System task

AutoUpdate for WindowsME
HijackThis.exe

Application

Merijn Hijackthis

Fix with HJT the following entries

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM..\RunOnce: [wextract_cleanup3] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Al\LOCALS~1\Temp\IXP009.TMP"

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Track Page Using Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE (file missing)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: QCZMXPAY - Unknown owner - C:\DOCUME~1\Al\LOCALS~1\Temp\QCZMXPAY.exe (file missing)

polonus

HI thehe2k
When Polonus says fix he means start a HJT Scan
put checkmarks next to the items he mentions
then
FIX CHECKED

I have not re read your posts but did you ever scan With MBAM or SuperAntiSPy?
quarantine do not remove/ delete any hits and post the logs if any hits
also I recommend an On line AV scan About now
Kaspersky works well
It does not remove anything so post the log if any hits
then a new HJT please

and get a firewall
run
secunia software inspector
and get everything upgraded
if your Java is old run Java ra to remove ALL old java files

later whe we are all done put this on your to do list
run CCLeaner
defrag
new restore point