Anyone Detected "pxwma.dll" (linked To Sonic/roxio) As Adyware?

[michaeltee]

Hello,

 

I scan my pc with CounterSpy on a regular basis. Recently it's been detecting "pxwma.dll" and some associated registry keys as high-risk adware. When I search the web for additional info I'm getting mixed results. Some sites are stating the process is associated with adware called "Webredir" (a URL redirect app) while other show it as a safe process installed by Sonic Solutions, i.e.; Roxio. I've been ignoring it for the last week or so but would like to get to the bottom of this. Does anyone have any info?

 

Infected files detected

c:\windows\system32\pxwma.dll

 

Infected registry entries detected

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 c:\WINDOWS\system32\PXWMA.dll

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 ThreadingModel apartment

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\ProgID interface.InterfaceObj.1

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\TypeLib {FAC55B9F-8F6A-4A41-AE16-36845D4679B2}

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\VersionIndependentProgID interface.InterfaceObj

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} CInterfaceObj Object

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} AppID

 

Thanks,

-Mike

[Beerman]

Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.

[michaeltee]

Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.

Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)

[tbrewst]

I have it on my machine but have never had any software identify it as adware or spyware.

[michaeltee]

I have it on my machine but have never had any software identify it as adware or spyware.

Thanks for the feedback. I think this may be the case with anyone who has EMC 7 or above installed on their machine. I'm leaning towards the theory that (in the case of Roxio users) PXWMA.DLL is in fact a safe and legitimate process installed by Roxio which by unfortunate coincidence, shares the same file name as the unsavory "Webredir" adware application. I've emailed Sunbelt Software (the publisher of CounterSpy) asking them to investigate the issue. If any Roxio mods happen to read this posting a clarification would be most appreciated.

 

-Mike

[cdanteek]

Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)

 

http://www.file.net/process/pxwma.dll.html

 

http://castlecops.com/tk1907-pxwma_dll.html

[michaeltee]

http://www.file.net/process/pxwma.dll.html

 

http://castlecops.com/tk1907-pxwma_dll.html

 

Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.

[patatrox]

Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.

 

Most definately not spyware...

 

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamiclink.nl/htmfiles/rframes/info_dll/info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

 

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.

[michaeltee]

Most definately not spyware...

 

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamiclink.nl/htmfiles/rframes/info_dll/info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

 

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.

Thanks Pat! I thought something like this would be the case. I assume from your comments that PXWMA.DLL would be a valid Roxio file. The CounterSpy def version that "detected" this as adware was "313" and possibly the previous def set as well. I've been using CounterSpy for about 18 months but this has only been happening during the last week or so. When they reply to my email I'll definitely pass along the info. If anyone from Roxio wants to contact Sunbelt immediately they do have live TS agents available by phone.

 

http://www.sunbeltsoftware.com/contact.cfm

 

Thanks for the clarification :-)

 

-Mike