Jump to content
  • Who's Online   0 Members, 0 Anonymous, 10 Guests (See full list)

    • There are no registered users currently online
  • 0

Anyone Detected "pxwma.dll" (linked To Sonic/roxio) As Adyware?


michaeltee

Question

Hello,

 

I scan my pc with CounterSpy on a regular basis. Recently it's been detecting "pxwma.dll" and some associated registry keys as high-risk adware. When I search the web for additional info I'm getting mixed results. Some sites are stating the process is associated with adware called "Webredir" (a URL redirect app) while other show it as a safe process installed by Sonic Solutions, i.e.; Roxio. I've been ignoring it for the last week or so but would like to get to the bottom of this. Does anyone have any info?

 

Infected files detected

c:\windows\system32\pxwma.dll

 

Infected registry entries detected

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 c:\WINDOWS\system32\PXWMA.dll

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\InprocServer32 ThreadingModel apartment

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\ProgID interface.InterfaceObj.1

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\TypeLib {FAC55B9F-8F6A-4A41-AE16-36845D4679B2}

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1}\VersionIndependentProgID interface.InterfaceObj

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} CInterfaceObj Object

HKEY_CLASSES_ROOT\clsid\{58F07DD3-924D-4141-BC74-299F523A95F1} AppID

 

Thanks,

-Mike

Link to comment
Share on other sites

8 answers to this question

Recommended Posts

Not I and I use 3 different programs to check weekly...one of which is 'live' all the time.

Thanks for the reply. Any chance you could do me a favor and search your system32 directory for PXWMA.DLL and let me know if it's present? That would be a great help :-)

Link to comment
Share on other sites

I have it on my machine but have never had any software identify it as adware or spyware.

Thanks for the feedback. I think this may be the case with anyone who has EMC 7 or above installed on their machine. I'm leaning towards the theory that (in the case of Roxio users) PXWMA.DLL is in fact a safe and legitimate process installed by Roxio which by unfortunate coincidence, shares the same file name as the unsavory "Webredir" adware application. I've emailed Sunbelt Software (the publisher of CounterSpy) asking them to investigate the issue. If any Roxio mods happen to read this posting a clarification would be most appreciated.

 

-Mike

Link to comment
Share on other sites

 

Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.

Link to comment
Share on other sites

Yeah, these links are typical of the returns I got when I googled "pxwma.dll". Some point to "Webredir" (adware) and others say Sonic/Roxio. It's definitey confusing but I can't imagine any reason Sonic would install an adware application, thus my theory that the same file name is used by both Sonic and Webredir for entirely different applications. I'd hate to delete the registry keys and mess up my EMC installations although I guess I could quarantine the entries temporarily and see what happens. I dunno... I hope someone has definitive information on it.

 

Most definately not spyware...

 

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamiclink.nl/htmfiles/rframes/info_dll/info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

 

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.

Link to comment
Share on other sites

Most definately not spyware...

 

PX is the name of the burning engine used by apps such as RecordNow... the PX Engine has been developed starting with Veritas (http://www.dynamiclink.nl/htmfiles/rframes/info_dll/info_p/1508.htm) and then Sonic when RecordNow moved over.... That file is a part of our app and most definately not spyware.

 

What CounterSpy definition version are you using? Can you update to version 313 - Apr 3, 2006 and rescan? If it still appears as spyware I'd suggest reporting this to CounterSpy. If they need a copy of our software I can arrange this.

Thanks Pat! I thought something like this would be the case. I assume from your comments that PXWMA.DLL would be a valid Roxio file. The CounterSpy def version that "detected" this as adware was "313" and possibly the previous def set as well. I've been using CounterSpy for about 18 months but this has only been happening during the last week or so. When they reply to my email I'll definitely pass along the info. If anyone from Roxio wants to contact Sunbelt immediately they do have live TS agents available by phone.

 

http://www.sunbeltsoftware.com/contact.cfm

 

Thanks for the clarification :-)

 

-Mike

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...