Roxio Community: Anyone Detected "pxwma.dll" (linked To Sonic/roxio) As Adyware? - Roxio Community

Jump to content

Roxio Community
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Anyone Detected "pxwma.dll" (linked To Sonic/roxio) As Adyware?

#1 User is offline   michaeltee 

  • Rookie
  • PipPip
  • Group: Members
  • Posts: 24
  • Joined: 08-February 06

Posted 04 April 2006 - 05:45 AM

Hello,

I scan my pc with CounterSpy on a regular basis. Recently it's been detecting "pxwma.dll" and some associated registry keys as high-risk adware. When I search the web for additional info I'm getting mixed results. Some sites are stating the process is associated with adware called "Webredir" (a URL redirect app) while other show it as a safe process installed by Sonic Solutions, i.e.; Roxio. I've been ignoring it for the last week or so but would like to get to the bottom of this. Does anyone have any info?

Infected files detected
c:\windows\system32\pxwma.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 c:\WINDOWS\system32\PXWMA.dll
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\ProgID interface.InterfaceObj.1
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\TypeLib {FAC55B9F-8F6A-4A41-AE16-36845D4679B2}
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\VersionIndependentProgID interface.InterfaceObj
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} CInterfaceObj Object
HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} AppID

Thanks,
-Mike
0

#2 User is online   Beerman 

  • Digital Beer Guru
  • Group: Digital Guru
  • Posts: -8,434
  • Joined: 04-January 06
  • Gender:Male
  • Location:Just outside the Big Easy

Posted 04 April 2006 - 05:56 AM

Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.
Paul
------
Katrina survivor, current BP survivor

Custom Built ASUS M4A79T Deluxe - AMD X4-955-Corsair XMS3 8GB DDR3 Memory-XFX HD-487A-ZHFC Radeon HD 4870 1GB Vid card - Sony & Pioneer DVD Drives-HAF922 Case-1 WD 1TB, 1 Seagate 1TB and 1 Rack Drive-HVR 2250 & HDHomerun Tuners- Creative Soundblaster X-Fi Titanium- Acer H233H monitor-1 ATI DCT-W7 X64 Ultimate
#2-M4A79XTD EVO-AMD X4-925-4GB Corsair Ballistix Tracer DDR3 1600-Antec 750 PSU-Sony DVD/RW-2-1TB HD's- Zalman CNPS9700 LED heatsink-InfiniTV 4 in a Coolermaster 690 II case-W7 x64 Ultimate
0

#3 User is offline   michaeltee 

  • Rookie
  • PipPip
  • Group: Members
  • Posts: 24
  • Joined: 08-February 06

Posted 04 April 2006 - 06:02 AM

View Postpcostanza, on Apr 4 2006, 06:56 AM, said:

Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.

Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)
0

#4 User is offline   tbrewst 

  • Digital Guru
  • PipPipPipPipPipPip
  • Group: Digital Guru
  • Posts: 12,325
  • Joined: 04-January 06
  • Gender:Male
  • Location:Taos,NM

Posted 04 April 2006 - 06:15 AM

I have it on my machine but have never had any software identify it as adware or spyware.
"Do you wanna see me crawl across the floor to you?
Do you wanna hear me beg you to take me back?
I'd gladly do it because....."




Terry

AMD Athlon II X4 640 3.0Ghz processor
ASUS M4A88T-M/USB3 Motherboard w/VIA 8 channel sound
Power Color ATI HD5550 512mb DDR3 video card
4Gb DDR3 10666 memory
1Tb Hitachi SATA hard drive
(2) Lite-On iHAS224-06 SATA DVD drives
Rosewill Destroyer case
Dell DX-20A6Q QFlix DVD burner
Cambridge Soundworks THX 5.1 speaker system
I-inc iH-252HPB 25" widescreen monitor connected via HDMI
Dell 1100 Laser printer
Roxio USB Capture Device
Windows 7 OS
0

#5 User is offline   michaeltee 

  • Rookie
  • PipPip
  • Group: Members
  • Posts: 24
  • Joined: 08-February 06

Posted 04 April 2006 - 06:46 AM

View Posttbrewst, on Apr 4 2006, 07:15 AM, said:

I have it on my machine but have never had any software identify it as adware or spyware.

Thanks for the feedback. I think this may be the case with anyone who has EMC 7 or above installed on their machine. I'm leaning towards the theory that (in the case of Roxio users) PXWMA.DLL is in fact a safe and legitimate process installed by Roxio which by unfortunate coincidence, shares the same file name as the unsavory "Webredir" adware application. I've emailed Sunbelt Software (the publisher of CounterSpy) asking them to investigate the issue. If any Roxio mods happen to read this posting a clarification would be most appreciated.

-Mike

This post has been edited by michaeltee: 04 April 2006 - 06:49 AM

0

#6 User is offline   cdanteek 

  • Digital Guru
  • PipPipPipPipPipPip
  • Group: Digital Guru
  • Posts: 19,276
  • Joined: 04-January 06
  • Gender:Male
  • Location:Prairie Rapids Crossing.

Posted 04 April 2006 - 07:02 AM

View Postmichaeltee, on Apr 4 2006, 02:02 PM, said:

Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)


http://www.file.net/.../pxwma.dll.html

http://castlecops.co...-pxwma_dll.html
cd
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Intel i7-950, Asus P6X58D Premium, Asus GeForce GTX 460 1GB 256-bit GDDR5, 12 GB Corsair Dominator Triple Channel DDR3 1600 SDRAM, Sound Blaster X-Fi Titanium Fatal1ty Professional, Corsair Hydro CWCH50-1 CPU Cooler, Crucial RealSSD C300 128 GB SATA III OS Drive, Raid 0 Stripe Array, JBOD, W-7 Ultimate x64.. cdanteek built...

Intel C2D E8500, Asus P5Q3 Deluxe WIFI, ATI HD 4850 512MB GDDR3, 4 GB Corsair XMS3 DDR3-1600, X-Fi XtremeMusic, JBOD, W-7 Pro x64 W-7 HP x32, Vista & XP HM x32. cdanteek built...

BenQ 1640, 1650, 1655, Dell Qflix PLDS DX-20A6Q 6D14, LiteOn DH20A6S, NEC 3550, Pioneer BDR 205, Plextor 712, 716, Samsung SH-S203N, Samsung SH-S243N, Sony 800A, 810A, 810A-R

1.Click here Beginners Guide - Blank DVD Media Type Definitions & What A Firmware Upgrade Is for Your Burner.
2.Click here Firmware HQ - site dedicated to providing you with the latest firmware releases for your optical disc drives.
3.Click here CD-DVD Speed
4.Click here CD-DVD Speed - A user guide
5.Click here Enabling/Checking DMA in Windows Vista, XP, 2000, Me, 9x.
6.Click hereYou can no longer access the CD drive or the DVD drive.
7.click here Drive Not Recognized By Roxio, PX Engine 3_00_58a. Old Version<-> EMC 7.5 Up PX Engine 4.18.16a. Update .Click here
8.Click here How to uninstall IE 7 and WMP 11.
9.Click here ImgBurn Current version: 2.5.3.0 (5,262 KB) CD / DVD / HD DVD / Blu-ray burning application
10.Click here InfoTool (Drive, Disk, Configuration, Software, Hardware, DMA settings, etc.).
11.Click here. Complete Uninstall of Creator 2011 & Creator 2012
12.Click here. Complete Uninstall of Creator 2009 and 2010 (Windows Vista and 7)
13.Click here Complete Uninstall of Creator 2009 and 2010 (Windows XP)
14.Click here Complete Uninstall of Easy Media Creator 9 & 10 on Windows Vista
15.Click here Complete Uninstall of Easy Media Creator 7.5, 8, 9, & 10 on Windows XP
16. Click here WinZip Data Compression Utility <> Click here WinRAR Data Compression Utility Click here 7-Zip Data Compression Utility
0

#7 User is offline   michaeltee 

  • Rookie
  • PipPip
  • Group: Members
  • Posts: 24
  • Joined: 08-February 06

Posted 04 April 2006 - 07:41 AM

View Postcdanteek, on Apr 4 2006, 08:02 AM, said:

http://www.file.net/.../pxwma.dll.html

http://castlecops.co...-pxwma_dll.html


Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.

This post has been edited by michaeltee: 04 April 2006 - 07:47 AM

0

#8 User is offline   patatrox 

  • Roxio Mac Guy
  • Group: Root Admin
  • Posts: -505
  • Joined: 03-January 06

Posted 04 April 2006 - 08:19 AM

View Postmichaeltee, on Apr 4 2006, 11:41 AM, said:

Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.


Most definately not spyware...

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamicli...nfo_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.
- patatrox

Follow Roxio on Twitter - http://www.twitter.com/RoxioProducts
Follow patatrox on Twitter - http://www.twitter.com/toastguy
0

#9 User is offline   michaeltee 

  • Rookie
  • PipPip
  • Group: Members
  • Posts: 24
  • Joined: 08-February 06

Posted 04 April 2006 - 08:39 AM

View Postpatatrox, on Apr 4 2006, 09:19 AM, said:

Most definately not spyware...

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamicli...nfo_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.

Thanks Pat! I thought something like this would be the case. I assume from your comments that PXWMA.DLL would be a valid Roxio file. The CounterSpy def version that "detected" this as adware was "313" and possibly the previous def set as well. I've been using CounterSpy for about 18 months but this has only been happening during the last week or so. When they reply to my email I'll definitely pass along the info. If anyone from Roxio wants to contact Sunbelt immediately they do have live TS agents available by phone.

http://www.sunbeltso...com/contact.cfm

Thanks for the clarification :-)

-Mike
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users