virus detected during Windows installation (SDK 1.7.2)

Hi, first-time user, first post. tl;dr: Does the Panda3D installer install a dll named sysapiServices.dll in Local Settings\Application Data\eventGLServ? I can find no references to this dll or its folder on google, but mcafee believes it contains a senfit.a trojan.

Here are some details:

I downloaded the current stable SDK, 1.7.2, via, and installed on my Windows XP machine. At the end of the install I got a prompt asking if I wanted to do a time-consuming operation on eggs (I forget the details). I opened Firefox, intending to research – I had closed it at the beginning of the install process. After some spinning, mcafee’s on-access scan popped up a message about the trojan above. (Yes, senfit, not sefnit.)

If Panda3D installed this dll, then my followup question is whether anyone knows or can find out if this is just a false positive, or a real virus.

If not, then I assume my system must have already been infected, and restarting Firefox was going to trigger it regardless of Panda3D; and I’m sorry to waste your time.

One more point, possibly irrelevant: mcafee was unable to clean up immediately, as the dll was in use. On reboot it deleted the dll; but then I did get a message from rundll about trying (and failing) to open it.

Thanks in advance,

(Edit: “1.72”->“1.7.2”)

As far as I know the Panda3D SDK installer does not contain a file called “sysapiServices.dll”. It’s certainly not a dll built from Panda3D source code, and the thirdparty libraries don’t contain such a file too.

On my machine (Win/Vista) there is no such file too. I still have an older XP machine around. I will try and download a fresh copy of the 1.7.2 SDK and install it on this machine tonight.

eventGLServ? Hmm… could it be that your OpenGL drivers are infected or giving a false positive? Did you try installing the latest version of your video card drivers?

Installed Panda3D SDK 1.7.2 (download an hour ago from on a Windows XP SP3 machine, and I have not been able to locate such a file.

enn0x: Thanks, I appreciate it and look forward to hearing the results. (Edit: simultaneous post; thanks for checking!)

rdb: This topic is now the only hit on google for “eventGLServ” (or for “sysapiServices”). I thought, therefore, that it might be an obscure part of Panda3D that no one had mentioned before. I think it’s unlikely to belong to a known driver, with no mention anywhere; but I’ll try looking into that. I fear that it might be a randomly constructed name.


Are you sure you didn’t pick up a virus through firefox while browsing the web during installation? I’ve managed to pickup all sorts of crap from just browsing alone – most recently two viruses from deviantart.