Problem? False positive?

Angilion · 8 Dec 2007 at 03:39

For the first time in years, I've had a virus detected during a scan. I'm using AVG Free. The same file has been flagged as being infected with the same virus twice, once on the 2nd and once today.

The file is Amsmpu4p.sys and it's in my main temp directory.

AVG flags it as being infected with Trojan Horse BackDoor.Generic9:CUT and deletes it...although it would be deleted anyway as it's in the temp directory.

Also suspicious are sintf16.ddl, sintf32.dll and sintfnt.dll in the temp directory. What are they doing there?

My Windows directory has bloated up to 3.44GB, though the size on disc is only 3.18GB. Maybe a coincidence - I only noticed because some files created during some audio editing resulted in my system partition filling.

EDIT: Hmm, BitDefender online found two more trojans, in files a couple of years old that have been scanned hundreds of times by AVG, including today. Nothing I can't account for in Autoruns and the only thing I can't account for in process explorer is what the multiple copies of svchost are doing. Either I'm getting false positives or sneaky trojans have been having a field day on my PC...and I don't know for sure which is true.

PowerDemon · 8 Dec 2007 at 10:04

sintf16.ddl, sintf32.dll and sintfnt.dll

They are files used by some games and relate to some copyright protection and Amsmpu4p.sys is a system file.

m4cc45 · 8 Dec 2007 at 12:41

Different virus guards find different virus's due to some being false positives and many other reasons. I personally use Symantec AV (not to be confused with Norton as that is the home side of the business) and never had a problem. I always seem to have niggles with the free stuff such as AVG, NOD, etc. especially relating to false positives.

I'm still in the state of mind where I know I'll get more support, faster updates, etc. from a paid for solution rather than some free product.

M.

Chaos · 8 Dec 2007 at 13:15

From my experience with free Av, AVG missed some viruses that Avast picked up so I always recommend Avast for a free solution. If it was me I would install Avast turn off system restore and do a boot time scan, run macafee stinger http://vil.nai.com/vil/stinger/ and run malware programs like spybot etc.

Angilion · 8 Dec 2007 at 21:10

I tried Avast a few weeks ago. A scan took several hours and I didn't like the program in general. Maybe it turns up some positives (false or true) that AVG misses, but the reverse is probably true as well.

I use spybot and ad-aware. I ought to use FireFox with Noscript more, but I'm with AOL and other browsers often don't work with AOL. They'll suddenly be unable to connect to anything and the only solution is a reboot.

Angilion · 8 Dec 2007 at 21:20

PowerDemon said:
They are files used by some games and relate to some copyright protection and Amsmpu4p.sys is a system file.

A system file that's in a temp directory and that's flagged as being infected with a virus. That isn't normal for system files.

I knew those dlls related to copyright protection, but I haven't installed any games in the last couple of days and what's the point of an anti-copying program putting dlls in a temp directory?