Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91846 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

SONY'S ROOTKIT!?


  • Please log in to reply
7 replies to this topic

#1 Tlz

Tlz

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 02 November 2005 - 11:04 PM

:rant2: Perhaps I have finally discovered what is wrong with my system. I have ripped nearly every last CD I OWN and perhaps this root kit story that has surfaced has been the reason why my system randomly screws up with no detectable threats. I've done it all as far as scanning for threats and there has been nothing. I dont download anything really and I certainly dont surf to malicous sites. Just the basic safe sites I useally go to. Does anyone have any sort of tool that can detect this specific type of threat? Please I must know. For anyone who has no idea what i'm talking about check this out:

http://news.designte...rticle8702.html

Thanks to anyone who can help me......

    Advertisements

Register to Remove


#2 Tlz

Tlz

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 03 November 2005 - 01:03 AM

I would also like to note that I have a back up hard drive and when all else fails I am able to just dump my hard drive and re-install Windows through system recovery. This worked fine shortly after getting my PC (when I was ignorant with OS security and had to do it) but at one point, actually the very last time I had to do it (which was about 8 months ago) it didnt work. I was reading the article again and this caught my eye:

As I was deleting the driver Registry keys under HKLM\System\CurrentControlSet\Services I noted that they were either configured as boot-start drivers or members of groups listed by name in the HKLM\System\CurrentControlSet\Control\SafeBoot subkeys, which means that they load even in Safe Mode, making system recovery extremely difficult if any of them have a bug that prevents the system from booting.

This i'm guessing would explain it. And bear in mind i'm not completely accusing Sony at this point its just I listen to a majority of my music on my PC and thus rip alot of CD's to my hard drive for easy access.

#3 Jacee

Jacee

    SuperHelper

  • Classroom Teacher
  • 7,684 posts
  • MVP

Posted 03 November 2005 - 02:00 PM

I read this 'quote' on another forum. I don't know where it came from, but it's interesting.

The following is how you kill this hidden install. I did this in Windows XP Pro, so attempt on another OS at your discretion. This will require Administrator rights. Please read through the entire instruction set, and if you don't feel comfortable attempting this, then don't. The rest of you, follow me
1. hit windowsKey+R to open the RUN command. Type services.msc to run the services dialog. Find 'Plug and Play Device Manager' in the list, right click and choose Properties. Under the General tab of the box that comes up, in the middle there should be the "startup type" of the service. Set this value to "disabled" and click OK. Next find the service named 'XCP CD Proxy' and set its startup type to disabled as well. You won't be able to stop these services, only disable them from starting next time Windows starts.
2. Download and run the latest Blacklight beta from http://www.f-secure.com/blacklight/ This program will find the 'super hidden' CD proxy files we're trying to get rid of. When it finishes searching click next until you reach the screen that shows you all the hidden files it found. Select all these files and click the "rename" button to the right. Windows will restart once you click OK, and the files will be renamed.
3. Once Windows restarts you will have lost any and all CD/DVD drives. DON'T PANIC! Hit windowsKey+Pause/Break to open up your System dialog. Click on the Hardware tab, then on the "Device Manager" button. Your system will not list any CD/DVD drives, but you should see IDE slot(s) that have little yellow circles with exclamation points over them indicating a device with a problem. In order to restore the drivers to their un-sony-altered state you must right click on the affected device and choose "uninstall driver". Do this for each device with a problem.
4. Now that you have uninstalled the affected drivers, simply navigate to your Control Panel via the Start Menu and choose "Add Hardware". The add hardware wizard will run and find your previously disabled devices. Your drives are now restored and functional, and this potentially dangerous menace vanquished.
5. Advanced users may now go and clean up the mess, but this step is not necessary. Delete renamed files, and dare I say it, registry keys that pertain to Sony's program. Use this list for reference: http://www.europe.f-...s/xcp_drm.shtml but nothing really beats searching.


MS MVP-Security 2006~2016


#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 03 November 2005 - 04:42 PM

Posted by Nick:

Sony BMG has released an uninstaller http://cp.sonybmg.co...sh/updates.html

My thoughts.
http://updates.xcp-aurora.com/
Does aurora look familiar to anyone? Aren't they the folks that broughts us the Nail infection?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Jacee

Jacee

    SuperHelper

  • Classroom Teacher
  • 7,684 posts
  • MVP

Posted 03 November 2005 - 05:15 PM

Direct Revenue.......

http://www.pcpitstop...ws/drnotice.asp

MS MVP-Security 2006~2016


#6 Tlz

Tlz

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 03 November 2005 - 07:10 PM

Thanks for your help guys......

#7 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 03 November 2005 - 07:38 PM

If you want to get rid of it from your computer you have to contact the service department at Sony which supposedly has the tool or instructions that will delete the whole set of files and registry entries. It's my understanding the uninstaller that's posted only makes it visible :rant2:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 Tlz

Tlz

    Authentic Member

  • Authentic Member
  • PipPip
  • 57 posts

Posted 05 November 2005 - 06:30 PM

:rant2: Yeah it only reveals it. But on a funnier note you guys should check this audio clip out from NPR. Sony is just asking for trouble.... http://www.npr.org/t...storyId=4989260

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users