Hello I followed all of the installation instructions on my Windows 7 PC. Everything went fine until I launched Discovery Freelancer and then, when connecting to the default server, the app crashed and Norton 360 reported that it found a threat and needed to restart my PC. After it rebooted, I found the log report in the Norton Security History, pasted below. Apparently there is a SONAR.ProcHijack!g45 virus in this app somewhere. I couldn't find out much about SONAR.ProcHijack!g45 online. Anyone else experience this or have some insight as to what is going on here?
Filename: freelancer.exe
Threat name: SONAR.ProcHijack!g45Full Path: Not Available
____________________________
____________________________
On computers as of
5/8/2020 at 3:18:02 PM
Last Used
5/8/2020 at 3:18:02 PM
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\ MostRecentApplication->Name:fraps.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ AudioCompressionManager, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C24A\ DeviceInstances->7&2D01CC38&0&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0002:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&23FC390E&0&0003:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0000:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0001:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_046D&PID_C52B\ DeviceInstances->7&C38ACC9&1&0002:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_1B1C&PID_1B0A\ DeviceInstances->7&6A2E240&0&0000:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->MostRecentStart:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ MostRecentApplication->Name:uninstaller.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\ MostRecentApplication->ID:708992537, Registry Hive: 64 bit Repaired
Registry change: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1845925361-402140783-2024252121-1000\ {AEB119A7-5F71-4C25-AAF2-BD0FDF551AC9}, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ Connections->SavedLegacySettings:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ {F2162898-27AF-4B9F-998B-6AF34FCBC5D6}->WpadDecisionTime:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ 98-da-c4-76-f9-15->WpadDecisionTime:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ 98-da-c4-76-f9-15->WpadDetectedUrl, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\ 1.0->FIRSTRUN, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ FREELANCER.EXE00534D69002DDE04, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->Name:NORTONSECURITY.EXE, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\DirectInput\ MostRecentApplication->Id:NORTONSECURITY.EXE5E3CAA6D000542B8, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\ DirectPlayNATHelp, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ ServerTable, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ MP, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-1845925361-402140783-2024252121-1000\Software\Microsoft\Microsoft Games\Freelancer\1.0\ CharacterTable, Registry Hive: 64 bit Threat Removed
____________________________
Network Actions
Event: Network activity (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
____________________________
System Settings Actions
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:7140 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:11824 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:1268 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:9548 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:9548) No action taken
Event: Process start (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Process start: c:\Windows\SysWOW64\ rundll32.exe, PID:11036 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Process start: c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\ freelancer.exe, PID:5256 (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
____________________________
Suspicious Actions
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
Event: Attempt to start a remote thread in a process address space (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:11824) No action taken
(Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
Event: Attempt to start a remote thread in a process address space (Performed by c:\users\user\appdata\local\discovery freelancer 4.91.0\exe\freelancer.exe, PID:5256) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
tl;dr Norton doesn't like .exe who are acting a bit weird and sees a threat always and immediately. Disco's FL exe acts a bit weird with the launcher connected and all, I guess. I had this issue too.
Just force Norton to restore it all, make an exception and expect to do the same thing following every patch. Alternatively, say bye to Norton.
Thanks for the quick response. I reinstalled and excluded the folder. I'm on the RP server but I don't see distances for anything in my flight UI. Did a quick search on forums and don't see a thread for it. Any suggestions are welcome.
Nevermind, figured it out. Was because I was running it at UHD. Display is fine at 2560x1600.