Okay so I wanted to play a game installed on my comp called Mafia. When I click on the icon, the game wouldnt play! Windows prompted me to install service pack 3 so I did thinking it could fix this little problem. Now when I click on the icon the game still wont play. Files pop up in the %temp% folder and one of them called sintfnt.dll is detected as a trojan! I uploaded the file onto one of those sites thinking it could be a false postive, but it was also detected as a virus
Ive had this game for two years, and I dont see how it could all of a sudden generate a virus. Its the only game thats done this so far. And just getting rid of the virus isnt enough for me, I want to play my game! :-\
Heres the avast log for anything to do with this new problem:
7/26/2008 5:17:04 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\RECYCLER\S-1-5-21-823518204-1078081533-1801674531-1004\Dc8.dll” file.
7/26/2008 3:47:25 AM SYSTEM 1232 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\RECYCLER\S-1-5-21-823518204-1078081533-1801674531-1004\Dc6.dll” file.
7/25/2008 8:25:30 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:27:59 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:27:40 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:26:49 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 5:18:03 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 5:18:17 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 5:20:57 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 3:27:18 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:26:34 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:26:12 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:26:01 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:47:12 AM Justicen 2656 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/25/2008 8:25:19 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:25:10 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:24:45 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:26:31 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:26:17 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:25:37 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:25:28 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:25:08 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:24:44 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:24:24 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:24:22 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\JUSTICEN\LOCALS~1\TEMP\SINTFNT.DLL” file.
7/25/2008 8:29:47 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:29:21 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:29:10 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:28:48 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:28:44 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:28:31 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:28:19 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/25/2008 8:24:45 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/25/2008 8:28:14 AM SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 5:30:17 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 3:40:10 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 3:40:10 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 3:44:05 AM SYSTEM 1216 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 4:34:35 AM SYSTEM 1224 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 4:48:17 AM Justicen 2908 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 5:15:45 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 5:16:40 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\SIntfNT.dll” file.
7/26/2008 5:16:50 AM SYSTEM 1220 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\Justicen\LOCALS~1\Temp\sintfnt.dll” file.
7/26/2008 4:51:22 AM SYSTEM 1224 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Justicen\Desktop\SIntfNT.dll” file.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
I wouldn’t expect a game to place dll files all over the place, I would have though that they would be either in the programs folder or in one of the windows system folders depending on OS. So I would think that this is unrelated to the game, something may have hooked on to the game. I wouldn’t expect to be launching a game with a dll file on the desktop, more likely it would be a shortcut to the games executable file. All in all this makes me more suspicious.
There are a couple of other files at the top of your list which you could also check, they are in the recycle bin, not an uncommon location not for malware to be deposited.
What is your firewall (as this is reported as a backdoor by some of the other scanners) ?
Moving the file to the chest does no good because evertime I try running the game another sintfnt.dll file is created. And its not the only file in %temp% folder that has sinfnt in its name. Theres files called sintfnt32.dll, sinfnt16.dll, and sintfnticn, But none of those are detected as a virus.
I use windows firewall, avast!, and spyware doctor.
I’m sorry but with those virustotal results I personally wouldn’t run the game as it is spawning the file that is detected.
That file might have the same name but that is as far as it goes the results of VT are different as is the MD5 of the two files (yours, MD5: 19d7eefef52fcc00fded4f01cc4b3425 the other file, MD5…: 76899db53374dcb97308c827b60738d9) the md5 should be identical if both files are the same.
Not to mention that the FP was corrected in VPS 080714-0, so you have to look a little deeper than simply the file name.
Regular avast scan would scan the recycler set-up, though the better option is to empty the recycle bin.
The windows firewall provides zero outbound protection and this could be acting as a proxy downloading more malware.
All I can suggest is to uninstall the game and reboot. Get the latest version of the game an install it again.
When avast detects a virus, if it can attempt to repair it then the Repair option will be available (not greyed out) you could try that the next time but this is being reported as a Trojan and generally trojans can’t be repaired as the complete file is malicious and not just some code injected into the file.
There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.
See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.
Firewalls with outbound protection at first will be a bit noisy as they challenge applications rights to connect to the internet, etc. and this might require some tweaking to run some games, though gaming forums are usually geared up to the settings required.
Dangit, I reinstalled it and it didn’t fix anything. >:( Is there anything else I could do to fix it? Theres gotta be another way to fix this besides just not playing the game…
Sorry if the file that comes with the game is deemed infected by so many scanners, I certainly wouldn’t play it, not that I’m a gamer anyway.
I don’t know the source you downloaded the game from or if they have a forum for the game, really this should be in the hands of the maker to see what is so different in this version of the file for it to be considered malware.
I really don’t know any other options.
Of course you could exclude the file from scanning but in the face of all the different scanners detecting it, that isn’t something I would recommend it would be crazy (IMHO) when you don’t really know what it might be doing.
I contacted the game makers about it, I guess I’ll have to wait and see what they say about it. Also I got a firewall that sure does a good job of freakin out about programs, but it should keep my comp safer now
I wonder if I just kept deleting the file after evertime I play the game would my computer be generally safe…or no?
No it wouldn’t be like not having a virus at all, I can’t believe you are even contemplating it, no game is worth compromising your system. You have no idea of the potential of what it can do or even if it is the only thing going on, just the only thing being detected.
I think you are going to have to wait for the game makers response/action.
I am having the same issue, but with Roller Coaster Tycoon 2 Tripple Thrill pack and Warcraft 3 and to World of Warcraft after a reinstall, don’t need the disks to play it. I have the disks to all games so no hacks are used and I did not download them, I think this is still a false possitive and wasn’t completely fixed with the VPS 080714-0. I have run Spybot, and Lavasoft Adaware and they are not picking anything up.
Please create a new topic of your own and we can see if we can help so as not to divert this topic. Go to this link, http://forum.avast.com/index.php, scroll down to the Viruses and Worms forum and click it, click the New Topic button at the top of the list and post there.