sintfnt.dll- win32:Trojan-gen {Other}"

Viruses and worms
1

Hope somebody can help with this - it’s driving me mad. Avast has been detecting “win32:Trojan-gen {Other}” in sintfnt.dll when I try and run a Tweenies game from cd (for my daughter!). AVG 8 also detects this file as “Trojan horse proxy acxj” again when I try and run the game. I’ve tried sending the file to virustotal.com, but it says that there is nothing to do as the file is 0 bytes. I’ve tried emailing it to them, but I can’t attach it to an email as is says “attached file not found”. I’ve also tried zipping it, but it says “file not found or no read permission”. Now I’ve sent it to alwil via the chest as other threads on here with similar problems suspected a false positive. I’ve done a full scan with avast, but the problem still occurs. Is there anything else I can try? Many thanks in advance.

2

Hi DamianP,

According this info: http://www.spywaredata.com/spyware/malware/sintfnt.dll.php
and some other, we could conclude that this appears to be a false positive,

polonus

3

Cheers for that polonus. I’ve now managed to send the file to virustotal. The results are here -

http://www.virustotal.com/analisis/993964e1a28b8770200d679fada8df8d

I’ve tried searching for the virus names but there doesn’t seem to be much info on any of them. Also, this file only ever appears when I try to play the above game so I’m not sure where it is hidden normally.

4

I also suggest that you do a forum search for this file name as it has cropped up recently and I believe in that case it was a false positive (but file names are no guarantee as the same name could be an entirely different version). I can’t recall if there was a correction of the VPS for this, ensure that you have the latest VPS update and scan the file again.

Trying to view your VT results URL and I’m not connecting to the site so either something is wrong on the site (very busy or down, see image) or the URL is incorrect.

5

I emailed the file to AVG and have just received confirmation that this is a false positive. I’ve downloaded their update, and they’ve corrected it already so that it no longer detects it as a virus! I’ve emailed it to avast also but have not heard anything from them yet. Hope this saves somebody else the hours I’ve wasted on this!

6

They usually correct false positives very soon. But they don’t have an automated answer to files submitted.

7

this problem was discussed here already, the file is a SecuROM library… we’ve removed some versions from our detections, but this seems to be another one… anyway, it’s time for SecuROM (and other cd protection guys) to ask some questions themselves… why the cd protection dll’s should be packed with Petite and other freaky packers? why they should do quite strange things when reading above the default cd/dvd-rom reading area (StarForce)? there are many other aspects to judge cd protections files as being at least suspicious… my personal opinion is - the cd protection system can’t stop a cracker (and many illegal lame users) from using the game illegaly and is very annoying for the legal user… legal user must accept some freaky driver filters - illegal user must not… legal user must insert the cd every time he wants to play a game - illegal one must not, etc… you know, what i meant… ::slight_smile:

the false positive should be removed soon…