[Dshield] Sony DRM Rootkit

Rick Klinge rick at famhost.com
Fri Nov 11 17:35:10 GMT 2005


Wouldn't this work too?

http://www.xcp-aurora.com/support/sonybmg/process.aspx?opt=0

~Rick

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Malcolm Warden
> Sent: Friday, November 11, 2005 9:56 AM - MGMT
> To: General DShield Discussion List
> Subject: [Dshield] Sony DRM Rootkit
> 
> 
> I'm on digest so please excuse if this is 'old news'
> 
> Sophos utility to remove Sony DRM Rootkit:
> 
> Troj/RKProc-Fam and Troj/Stinx disinfection instructions
> 
> Resolve is the name for a set of small, downloadable Sophos 
> utilities designed to 
> remove and undo the changes made by certain viruses, Trojans 
> and worms. They 
> terminate any virus processes and reset any registry keys 
> that the virus changed. 
> Existing infections can be cleaned up quickly and easily, 
> both on individual workstations 
> and over networks with large numbers of computers.
> 
> This version of the tool detects and disables the Sony DRM 
> cloaking copy protection 
> technology (which Sophos refers to as Troj/RKProc-Fam). It 
> also detects and disables 
> other Trojans, including Troj/Stinx variants, which are 
> stealthed by Troj/RKProc-Fam.
> 
> Windows 95/98/Me and Windows NT/2000/XP/2003
> 
> The Trojans can be removed from Windows 95/98/Me and Windows 
> NT/2000/XP/2003 
> computers automatically with the following Resolve tools... [snipped]
> 
> http://www.sophos.com/support/disinfection/rkprf.html
> -- Malcolm Warden
> 
> [P] 01608 685592
> [F] 01608 685595
> [M] 07905 185406

_____________________________________________________________________
Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.



More information about the list mailing list