Hi, first-time user, first post. tl;dr: Does the Panda3D installer install a dll named sysapiServices.dll in Local Settings\Application Data\eventGLServ? I can find no references to this dll or its folder on google, but mcafee believes it contains a senfit.a trojan.
Here are some details:
I downloaded the current stable SDK, 1.7.2, via panda3d.org, and installed on my Windows XP machine. At the end of the install I got a prompt asking if I wanted to do a time-consuming operation on eggs (I forget the details). I opened Firefox, intending to research – I had closed it at the beginning of the install process. After some spinning, mcafee’s on-access scan popped up a message about the trojan above. (Yes, senfit, not sefnit.)
If Panda3D installed this dll, then my followup question is whether anyone knows or can find out if this is just a false positive, or a real virus.
If not, then I assume my system must have already been infected, and restarting Firefox was going to trigger it regardless of Panda3D; and I’m sorry to waste your time.
One more point, possibly irrelevant: mcafee was unable to clean up immediately, as the dll was in use. On reboot it deleted the dll; but then I did get a message from rundll about trying (and failing) to open it.
As far as I know the Panda3D SDK installer does not contain a file called “sysapiServices.dll”. It’s certainly not a dll built from Panda3D source code, and the thirdparty libraries don’t contain such a file too.
On my machine (Win/Vista) there is no such file too. I still have an older XP machine around. I will try and download a fresh copy of the 1.7.2 SDK and install it on this machine tonight.
eventGLServ? Hmm… could it be that your OpenGL drivers are infected or giving a false positive? Did you try installing the latest version of your video card drivers?
enn0x: Thanks, I appreciate it and look forward to hearing the results. (Edit: simultaneous post; thanks for checking!)
rdb: This topic is now the only hit on google for “eventGLServ” (or for “sysapiServices”). I thought, therefore, that it might be an obscure part of Panda3D that no one had mentioned before. I think it’s unlikely to belong to a known driver, with no mention anywhere; but I’ll try looking into that. I fear that it might be a randomly constructed name.
Are you sure you didn’t pick up a virus through firefox while browsing the web during installation? I’ve managed to pickup all sorts of crap from just browsing alone – most recently two viruses from deviantart.