Keylogger Allegedly Found in Sonic 2 HD Alpha

Here’s Why the Game Triggered An Anti-Virus Alert What became a disaster upon DRM like protections being found in the Sonic 2 HD alpha release several days back has now […]

Here’s Why the Game Triggered An Anti-Virus Alert

What became a disaster upon DRM like protections being found in the Sonic 2 HD alpha release several days back has now morphed into a complete nightmare.  An keylogger setup has allegedly been discovered within the game’s code.

In a post to Sonic Retro minutes ago, webmaster Courtney Grimes is now urging those who downloaded the demo to completely remove it, and the registry keys associated with it:

Earlier today, I was contacted by a professional antivirus employee who was interested in why Sonic 2 HD consistently popped up as a threat by multiple antivirus software programs and did some investigation. His results showed that a keylogger is part of the Sonic 2 HD software. After receiving this notification, we conducted our own independent tests and found that there is indeed a keylogging program as part of the Sonic 2 HD alpha software.

I want to emphasize that at this time, we have found no evidence that the software has been “phoning home” any data—only that we have found the capability exists.

Because this vulnerability has been found, we are strongly advising that the software be removed. You will need to delete the files included with the Sonic 2 HD zip, as well as the registry keys hooked at HKEY_CURRENT_USER/Software/NakaSMK (if you are unfamiliar on how to do this, go to Start->Run.., type regedit, follow the folder path, and then delete the NakaSMK folder.)

That part in bold, for the moment, has been corroborated by at least one member of Sonic Retro’s forumers.  Oldbie Guess Who explains:

Regarding the keylogger: we’ve been tipped off by a commenter on the front page that S2HD creates registry hooks and monitors keyboard input in any window that has focus while the game is running. I personally really doubt the key monitoring behavior is designed to steal your information or anything (probably just sloppy input code), but be wary.

Still, the discovery could not come at a worse time for those behind the S2HD project, or for Retro itself, which once touted the game as one of its centerpiece community projects.  Just last week, the fan game and the Sonic Retro community were plugged as part of Gamespot’s On the Spot video podcast–the same one that revealed the latest Sonic 4: Episode II trailer for the first time.  That’s on top of plenty of other mainstream media exposure the project recently attracted.

When the DRM protections were uncovered in March, along with anti-virus alerts, various S2HD project staff assured those alerts were false positives.

While S2HD is now considered a closed project, action could still be taken against those behind it, in particular L0st, who has endured tremendous criticism ever since those DRM features were found in game.

We will afford you more details as they become available.