Please keep all questions regarding Virus and/or Trojan warnings here

[macmac100]

I've been using PO for almost a year and the ptnhandler.dll was fine so far.

The ptnhandler.dll alert has just occured after today's anti virus update.

I assume most anti visrus programms share virus definitions (or rip them of from each other). This would explain why the alert has occured on many different anti virus programms.

I also assume there is a 95% chance that this alert is a false positive, since the ptnhandler.dll file did not change recently at all.

[Molinero]

Quote:

Originally Posted by Hanuse

Same Problem here - I use AVG 7.5 Antivirus-Programm.

On January 23 it find a "trojaner" named InjLib.dll in the PO\bin-folder - I put it to the Quarantäne and PO worked without problems.

Today it find the "Backdoor Agent" pnthandler.dll and I do it in Quarantäne - PO do not open. I write it back and then ignore it, but PO still not open...

I wrote to support and send you the Infos of my Virus-Scanner - please help quick!

I had the same problem but fixed it.

First recover both files from the virus vault (if you haven't deleted them - then there isn't much to do). Then open the control panel of AVG and turn off the resident shield. Now open pokeroffice. Turn on resident shield again.

Pressing "ignore" to the files when opening pokeroffice will not help - the programs access to the dll's will still be blocked.

[Administrator]

First of all sorry for beeing a bit late in answering.

The file(s) in question does of course not have any trojan/virus or other malicious code in it at least not when we release the file from us. I guess there is a small chance that people who are infected with a virus could get files in PO infected too.

However since everyone seem to have got a warnig on the same file at the same time I think it is just a false positive.

I will look into this right away (prio 1) and get back here as soon as I can. I will also contact some antivirus companies about this issue so that you should not even get a warning message (this will of course take some time)

First of all I will verify 100% that there are no problems with pnthandler.dll and get back here ASAP.



PS
On January 23 it find a "trojaner" named InjLib.dll in the PO\bin-folder is one such case where we have 100% verified that it is a false positive and the fille is OK
DS

PSS
Can you please let us know if there are any other file than pnthandler.dll that give you this?
(updatexxx.exe contains the pnthandler file since it is a install file and does notcount
DSS

[Administrator]

If some one would be able to post the file to Fsecure or similar it would be very good too thank you.

[Administrator]

I have now scanned the complete PokerOffice program folder (c:\program files\pokeroffice\) with both Trend Micro Antivirus and F-secure Anti-Virus 2008 (using definition version 2008-02-08_02). Neither antivirus can find anything wrong with any file.

This raises a few questions; are you using the same (2008-02-08_02) definition file? If you are, have your version of pnthandler been infected by a virus?

My suggestion is that you try to install the latest patch: www.pokeroffice.com/update.exe

Directly after the install make a virus scan and see if you get the same result as before. Also try to start PO and see if it works.

Even if you do not get a warning after updating and PO works the virus that infected your computer can still be present in the registry and in your system folder. So a complete virus scan clean up might be needed.

Again it would be very good if some people could send in the files to F-secure etc, both the file you get a varning for and if you do not get a warning for the file after you reinstalled maybe send that file too.

You can also send the infected file to us so we can compare it to our own original one.

I will keep monitoring this thread today and in the weekend to see what evolves.

[DeBuX]

Quote:

Originally Posted by Administrator

PSS
Can you please let us know if there are any other file than pnthandler.dll that give you this?
(updatexxx.exe contains the pnthandler file since it is a install file and does notcount
DSS

another "infected" file is chatcontainer.dll

PS Yesterday the support was sending the two files to me, but AVG automatically blocked recieving that e-mail. And when I try to install PO with the latest patch I get the warnings through the installation process that these two files are infected.

[Administrator]

Ok, can you tell me exactly what security program you are using please.

[draseler]

Hi, sorry my english, I hope that understand.

I am sure that is a false positive. The problem is that I cannot start PO already by any means. I have tried to reinstall everything, with the AVG closed , restoring the file, with file copied of another computer... and at nothing. I do not achieve that PO works.

I can do what?

[Dubbsen]

Hello.

(I am using Avira AntiVir PersonalEdition Classic including the latest virus update and I am using the most recent version of Poker Office.
I did not have any problems until yesterday morning.
Since yesterday ptnhandler.dll and chatcontainer.dll cause problems with my AntiVir.
Because of the quarantine PO does not start anymore.
I am quite sure, that my system has not been infected otherwise, because I reinstalled it only 2 weeks ago. I am quite cautious and never had any problems with viruses.)

P.S.: Good news!!! I checked the files again and now they are ok!

[viggosen]

My F-secure antivirus found virus and I let Fsecure delete it, and then I couldn´t start PO.
Tried to download and the update file, you linked to, now it works again.
(and no virus warning)

I then ran a virus check of the entire PO folder.
Nothing found.

Here is a screenshot
(Its in Danish but I hope you can see the results)