[Dshield] Sony DRM Rootkit

Malcolm Warden malcolm.warden at virgin.net
Fri Nov 11 15:55:45 GMT 2005


I'm on digest so please excuse if this is 'old news'

Sophos utility to remove Sony DRM Rootkit:

Troj/RKProc-Fam and Troj/Stinx disinfection instructions

Resolve is the name for a set of small, downloadable Sophos utilities designed to 
remove and undo the changes made by certain viruses, Trojans and worms. They 
terminate any virus processes and reset any registry keys that the virus changed. 
Existing infections can be cleaned up quickly and easily, both on individual workstations 
and over networks with large numbers of computers.

This version of the tool detects and disables the Sony DRM cloaking copy protection 
technology (which Sophos refers to as Troj/RKProc-Fam). It also detects and disables 
other Trojans, including Troj/Stinx variants, which are stealthed by Troj/RKProc-Fam.

Windows 95/98/Me and Windows NT/2000/XP/2003

The Trojans can be removed from Windows 95/98/Me and Windows NT/2000/XP/2003 
computers automatically with the following Resolve tools...
[snipped]

http://www.sophos.com/support/disinfection/rkprf.html
-- Malcolm Warden

[P] 01608 685592
[F] 01608 685595
[M] 07905 185406




More information about the list mailing list