Hello I followed all of the installation instructions on my Windows 7 PC. Everything went fine until I launched Discovery Freelancer and then, when connecting to the default server, the app crashed and Norton 360 reported that it found a threat and needed to restart my PC. After it rebooted, I found the log report in the Norton Security History, pasted below. Apparently there is a SONAR.ProcHijack!g45 virus in this app somewhere. I couldn't find out much about SONAR.ProcHijack!g45 online. Anyone else experience this or have some insight as to what is going on here?
Filename: freelancer.exe
Threat name: SONAR.ProcHijack!g45Full Path: Not Available
____________________________
____________________________
On computers as of
5/8/2020 at 3:18:02 PM
Last Used
5/8/2020 at 3:18:02 PM
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\ MostRecentApplication->Name:fraps.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ AudioCompressionManager, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C24A\ DeviceInstances->7&2D01CC38&0&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0002:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0003:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0000:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0002:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_1B1C&PID_1B0A\ DeviceInstances->7&6A2E240&0&0000:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->MostRecentStart:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ MostRecentApplication->Name:uninstaller.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ MostRecentApplication->ID:708992537, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1845925361-402140783-2024252121-1000\ {AEB119A7-5F71-4C25-AAF2-BD0FDF551AC9}, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ Connections->SavedLegacySettings:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ {F2162898-27AF-4B9F-998B-6AF34FCBC5D6}->WpadDecisionTime:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ 98-da-c4-76-f9-15->WpadDecisionTime:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ 98-da-c4-76-f9-15->WpadDetectedUrl, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\ 1.0->FIRSTRUN, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ FREELANCER.EXE00534D69002DDE04, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->Name:NORTONSECURITY.EXE, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->Id:NORTONSECURITY.EXE5E3CAA6D000542B8, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\ DirectPlayNATHelp, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ ServerTable, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ MP, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ CharacterTable, Registry Hive: 64 bit Threat Removed
____________________________
Network Actions
Event: Network activity (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
____________________________
System Settings Actions
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:7140 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:11824 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:1268 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:9548 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:11036 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:5256 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
____________________________
Suspicious Actions
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Attempt to start a remote thread in a process address space (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Attempt to start a remote thread in a process address space (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
