EDIT 10 APRIL 2012: I promised more information. More information has come. It turns out the input error causing the situation not only does not phone the data but does not store it; it is merely an error in input programming. I sincerely apologize for any undue panic this may have caused and accept full culpability for any pants panicking bullshit.
Earlier today, I was contacted by a professional antivirus employee who was interested in why Sonic 2 HD consistently popped up as a threat by multiple antivirus software programs and did some investigation. His results showed that a keylogger is part of the Sonic 2 HD software. After receiving this notification, we conducted our own independent tests and found that there is indeed a keylogging program as part of the Sonic 2 HD alpha software.
I want to emphasize that at this time, we have found no evidence that the software has been “phoning home” any data—only that we have found the capability exists.
Because this vulnerability has been found, we are strongly advising that the software be removed. You will need to delete the files included with the Sonic 2 HD zip, as well as the registry keys hooked at HKEY_CURRENT_USER/Software/NakaSMK (if you are unfamiliar on how to do this, go to Start->Run.., type regedit, follow the folder path, and then delete the NakaSMK folder.)
We will have more information on the situation as it evolves.
79 Comments on this post
Leave a CommentOy vey.
Comment left on 4.10.2012 by Jeffrey C.
Heeere we go again.
LOst has a LOT of explaining to do.
Comment left on 4.10.2012 by Rockman Zero
Seems to further the stigma that LOst is a scumbag.
Comment left on 4.10.2012 by Hamneggs
Why? Why does it have to be such a struggle with this?
Comment left on 4.10.2012 by Christopher
Man, what is even wrong with LOst?
Like, why would he even do this.
Comment left on 4.10.2012 by lazy
Megafault. If it was a company game, someone would probably end up fired.
And HEY, my e-mail once sent some random spam to people.
Comment left on 4.10.2012 by LHTheHedgehog
LOst has LOst his mind..
Comment left on 4.10.2012 by Mauro
[...] Scarred Sun of Sonic Retro advises everyone who has downloaded the Alpha Demo of Sonic 2 HD to delete the entire software in light of a recent keylogger discovery. [...]
Not saying this is why, but lately a ton of my PNG files have been disappearing
Comment left on 4.10.2012 by TripleXero
Probably a false positive.
Comment left on 4.10.2012 by guy
I guess this just killed the whole Sonic 2 HD thing, didn’t it? I guess this is also the reason why it stopped being a community project? Maaaaan… this sucks, big time.
Comment left on 4.10.2012 by Mark Wins
You guys are incompetent.
Not even an apology? smh
Comment left on 4.10.2012 by Blank
To clarify, Sonic Retro and Sonic 2 HD cut ties more than a year prior to the release of the game when it became a closed project.
Reply left on 4.10.2012 by Scarred Sun
You have got to be f’in kidding me. I am appalled at the lack of integrity on the releaser’s part. This is why we can’t have nice things.
Comment left on 4.10.2012 by Nathalie Hollis
Scumbag LOst. Seriously, though, this is pretty darn depressing. Though I suppose it should be expected considering Sonic 2 HD’s history hasn’t been too great.
Comment left on 4.10.2012 by CrowTheRobot
What a shame. Why is L0st so butthurt that he had to include a keylogger? Really? How pathetic. Well there goes this project… and I feel sorry for everyone else who worked hard on this way to go L0st. You crushed a lot of people’s dream. And possibly ruined Sonic Retro’s rep. Also to those who are pissed off at everyone else on the Sonic 2 HD team, or Scarred Sun, it’s not their faults. Don’t blame them for everything that happened. They’re not the ones who programmed the engine.
Comment left on 4.10.2012 by Ravenfreak
This can only mean one thing; in the next release LOst will attempt to make it even harder to figure out what he’s up to.
Comment left on 4.10.2012 by eBay
[...] to fan site Sonic Retro, an unnamed “antivirus employee” let slip that a keylogger was causing a number of [...]
Is LOst anonymous or is his real identity known to those within Sonic Retro?
Comment left on 4.10.2012 by Auyx
Now I’m kind of glad I never bothered to install it. c_c
Comment left on 4.10.2012 by H Hog
[...] Sonic Retro explains that – at this stage at least – there is no proof that the Sonic 2 HD keylogger has phoned [...]
The only conclusion I can come to is that l0st is trying to kill the project.
Comment left on 4.10.2012 by ⬡
And this is why i never downloaded it!
Comment left on 4.10.2012 by Lan
Well this is really bad. I mean, do we now have to worry all the time about clicking things on this site?
Comment left on 4.10.2012 by Rad
No. Luckily, the project programmer has no capabilities on this site other than thinking he can program.
Reply left on 4.10.2012 by GeneHF
It’d be really nice if you could include more technical details about this. “Keylogger” doesn’t necessarily imply a malicious program. They could just be using it to capture input for the game itself, and not recording it anywhere…
Comment left on 4.10.2012 by Anon
The members of #retro have stated that it could be just really, really sloppy code. A piss poor DInput setup.
Reply left on 4.10.2012 by TheGreen1
I love how everyone instantly concluded that the project is over now…
Comment left on 4.10.2012 by RedYelBlu
I guess that would explain why LOst didn’t want anyone looking too closely at his code… this project really has lost all credibility now. I feel sorry for the talented artists and musicians who put so much work into this project.
Comment left on 4.10.2012 by Tom Kerin
I ran it in Wine. That means I’m kinda safe, right?
Comment left on 4.10.2012 by Miles Prower
Your safe
Reply left on 4.10.2012 by Retroman
@Anon (five comments up)
Just to clarify I was the one that posted about this on the previous Sonic 2 HD thread.
I will be providing all details about the keylogger later in the day when I have time.
Just to note from what I have seen so far it’s monitoring every keyboard keystroke and not just the keys requires for the game.
Just to note that a game would not act like a keylogger even if it were just monitoring keystrokes associated with the game.
Comment left on 4.10.2012 by MrVestek
Does this apply to earlier tech demos or just the alpha? I’ve got a tech demo from 2008 on my system, is it safe?
Comment left on 4.10.2012 by Paul.Power
[...] http://www.sonicretro.org/2012/04/public-service-announcement-keylogger-cleaning-up-sonic-2-hd/ Earlier today, I was contacted by a professional antivirus employee who was interested in why Sonic 2 HD consistently popped up as a threat by multiple antivirus software programs and did some investigation. His results showed that a keylogger is part of the Sonic 2 HD software. After receiving this notification, we conducted our own independent tests and found that there is indeed a keylogging program as part of the Sonic 2 HD alpha software. [...]
[...] to the site Sonic Retro, a keylogger is contained within the fan-made Sonic 2 HD. The site advises all users to delete [...]
As I state on the “Guest Editorial: In Which I Rain on the Sonic 2 HD Parade”:
Sonic Fanbase MOVE ALONG WITH YOUR LIVES.
This project is not worth it. Period.
P.D:
Alternative: drop that thing you call programmer (Lolst), find a real one.
Comment left on 4.10.2012 by eskaywalker
My antivirus deleted the Sonic 2 exe and DLL, although it let the 64 bit versions untouched. I could play normally with those with no threats detected. Do those include the keylogging as well? Because it doesn’t seem to (affortunately)
Comment left on 4.10.2012 by Brownd
Mine did exactly the same, please clarify :/
Reply left on 4.10.2012 by CrashSG32
He could be sued, couldn’t he?
Comment left on 4.10.2012 by The ParadoxX
All of this does not add up in my opinion. Why would someone invest so much time and effort in to publishing such a good remake and subsequently soil it with a keylogger.
I just simply cant imagine someone as smart as Lead Developer LOst stooping to this kind of level. It could well be that he is merely using a certain method to obtain keystrokes that is a well known method of keyloggers.
I mean of course hold fire on running the game for the time being until further notice, but I cant help but think this is some kind of misjudgement.
Anti Virus companies are very trigger happy, the original virus warning was due to the fact that the EXE was packed/obfuscated. Many people use this method to stop reverse engineering. Let’s hope this latest find is also a false positive.
Comment left on 4.10.2012 by Sky
Ok I went to search for the NakaSMK folder to get rid of it, but it wasn’t there. Guess because I was never able to play it?
Comment left on 4.10.2012 by Icee
L0st is seriously lost in his brain. This game project is nothing without a community, though pretty much they need to let him go. Also they need to get more than one person per section: “Example: 2 Programers, three artists etc” and be sub-closed source.
I would honestly like the game to have pelikan’s engine, and all things be recreated in 3D.
Comment left on 4.10.2012 by Retroman
I seriously can’t believe this.Good thing I didn’t download it.But I hope your private information wasn’t stolen for the ones who did
Also,can someone explain me who is LOst?
Comment left on 4.10.2012 by Hero_of_lime
[...] As the team revealed: [...]
There’s no keylogger as far as anyone can tell. Just a bug (or lazy code) from DirectInput that causes it to read input even when the window is out of focus. The worst that can happen is you alt-tab out of S2HD, try to type something, and Sonic runs and jumps in the background when you press movement keys.
I hope the author of this post is publicly lambasted for slander. I hope that some kind of legal action can be taken against them as well. They have effectively destroyed the reputation of the game and its author(s) based on nothing but their “own independent tests.”
Care to share what those so-called tests were? Or your definition of the word “keylogger”? Is it a “keylogger” simply because it registers input when S2HD isn’t the foreground window?
You should be ashamed for posting this in such a knee-jerk and accusatory way.
Comment left on 4.10.2012 by Harold
Thanks for the heads up on this one guys
Comment left on 4.10.2012 by phorenzik
[...] exactly sure what that means but it’s probably best you follow the advice printed HERE if you downloaded the Sonic 2 HD demo and actually played it. Hannah, better prepare yourself [...]
Hey fuys you know what’s funny?
When Sonic 2 HD is open it takes in background imput. Think about that for a moment. (That is, if the program doesn’t log anythin when offline, well…)
Comment left on 4.10.2012 by Chimera
Dammit, this is why we can’t have nice things!
Comment left on 4.10.2012 by Horpdorp
Yes it’s also possibly a result of sloppy programming or designing it so multiple instances can be run and controlled by the same inputs but nope let’s call LOst a evil mastermind out to get our data.
LOst’s complete lack of communication over this and the DRM is horrid.
Comment left on 4.10.2012 by Eggrobotnik
@Chimera
Yes, I assume that the use of this input method is the “keylogger” detected.
Probably nothing to worry about!
– Joeseph
Comment left on 4.10.2012 by Joeseph
L0st, you’ve got some splainin’ to dooooooo.
Comment left on 4.10.2012 by LOL
I never thought this project was worth it. Seriously, it’s just a genesis game with better graphics and remixed music. It really isn’t worth it in my opinion.
Comment left on 4.10.2012 by Miketroid
Uh good ol’ Sonic 2 HD, so full of disappointments yet you always go back to it!
Comment left on 4.10.2012 by sonictopfan
[...] [Source: Sonic Retro] [...]
I’d bet on this just being piss poor code to be honest. It’s not the first time I’ve seen such a thing.
I’ve deleted the reg entry just incase though.
Comment left on 4.10.2012 by azurescorch
Holy shit…
LOst has some splanin’ to do.. >:l
Comment left on 4.10.2012 by Nico
Good thing I haven’t bothered to unzip the thing.
Comment left on 4.10.2012 by BSonirachi
[...] with a recently released alpha-build of a fan-made HD remake of Sonic 2. According to fan site Sonic Retro, an unnamed antivirus employee let slip that a keylogger was causing a number of virus scanning [...]
Guys I was looking the NakaSMK Registy and I just found one file and a a Neopop folder in it(I wonder why the Neo Geo pocket is doing here), and there’s anything reletaded to Sonic 2 HD there, unless the unknown file alone and some things in the neopop folder…
Comment left on 4.10.2012 by Rafeku
This is disappointing. I guess the team needs to find out who inserted the keylogger, and why (though I think it will not be a huge surprise when that info gets revealed). After this appropriate action must take place, and then adjustments can hopefully allow the project to move forward. Assuming the key logger is something only one team member did, I would hate to see such a great labor of love that all of us sonic fans would love to see completed one day be destroyed due to one person’s bad decisions. Also, if the assumptions made by me, an ignorant outsider, about any individuals on that team are false, I would like to apologize. Here’s to hoping the truth will come out, and the project will survive this storm.
Comment left on 4.10.2012 by ZPenn
The only likely person to have inserted the keylogger is the programmer, LOst. After all, the program is obfuscated to prevent modification, if the file distributor modified the program to include a keylogger then it would likely trigger the anti-hack code.
All I've heard about LOst is development hell he has apparently caused, and otherwise programming incompetency by doing largely unnecessary and over-protective things. It's quite clear the Sonic 2 HD team needs to find another programmer altogether...
Reply left on 4.10.2012 by RupeeClock
I’m glad I didn’t disable my antivirus just to try and play this, after it did detect Trojans. I thought there might have been something more than what was said before. And what exactly do you mean by keylogger? Please explain in more details.
I’m not happy with you S2HD creators, saying it’s safe and all.. WHEN IT WASN’T :/
Comment left on 4.10.2012 by CrashSG32
Before we blame anyone on the team, isn’t it possible that someone there had their PC infected with a virus and that’s how it carried over to the game?
Comment left on 4.10.2012 by Urameshi
I did not found this(HKEY_CURRENT_USER/Software/NakaSMK) on my regedit. I think i’m safe.
Comment left on 4.10.2012 by The Great Nappa
I think this deserves a paddlin.. why you do this?
Comment left on 4.10.2012 by Gman
[...] As such, we’ve since corrected our earlier PSA. [...]
Its funny how yesterday you all jumped on the devs when i pointed out that it was most likely a false positive, Virus Scanners are notoriously untrustworthy when programs do anything that even seems remotely trojan like that they report false positives literally all the time.
Comment left on 4.11.2012 by guy
Hey, I apologize if this post is a bit stupid or something.
However, I am still a bit paranoid.
Can you tell me heads up if this IS or ISN’T a keylogger?
I had the game in a .rar file, however I did not extract it onto my desktop or anything, but I did in fact play the game.
I’ve deleted the folder mentioned, and the files. Am I safe from any possible future threat or..?
Comment left on 4.11.2012 by KraDeath
It is NOT a keylogger. It registers as one on antivirus software as a false positive because of shoddy directinput programming.
Reply left on 4.11.2012 by GeneHF
[...] Sonic Retro has posted an update, that after further testing, it looks like there is no keylogger in Sonic 2 HD; it’s [...]
I see, I thank you for the information.
Comment left on 4.11.2012 by KraDeath
[...] Sonic Retro has posted an update, that after further testing, it looks like there is no keylogger in Sonic 2 HD; it’s [...]
[...] The issue came up when virus programs started warning about the key logging before eventually having one of the virus experts contact the game makers about it. After further evaluation, at least by the developers themselves, they have noted there is no threat at all and just simply lazy coding. Rather or not to trust them, well that is up to you. You can check out their official statement here. [...]
By the way I was no officially representing the company I work for in any way, I was merely stating that it intrigued me as this kind of thing often does due to my background.
Comment left on 4.11.2012 by MrVestek
[...] a complete PR nightmare for Sonic 2 HD, but also for Sonic Retro. ScarredSun, the administrator, took full responsibility for causing panic throughout the Internet. LOst was also kicked off the Sonic 2 HD development team. It’s about time too. He’s [...]
Wow…Glad i never touched it.
Comment left on 4.12.2012 by Shockey Rai
[...] Turns out the magnificent Sonic 2 HD alpha has some keylogging tomfoolery running under the hood as part of the software’s ironic use of DRM to protect the engine – it’s been reported on Kotaku, and has also been followed up on by Sonic Retro. [...]
So does this mean that the game is canceled?
Comment left on 4.15.2012 by megamanzero