The SecurityFix has a great how to article for the general public on the best way to remove the Sony DRM rootkit that’s been big news the last two weeks in tech circles. First, DON’T use Sony’s removal software as that introduces more security problems. Hopefully Sony will get together a removal for THAT eventually. Right now though, Microsoft has updated it’s malicious software removal tool to remove the Sony rootkit. This link is to Windows Live Safety Center, which will give a page with, among other things, a button that says “Full Service Scan” in the lower right hand corner.
If you’ve never visited the site before, you will need to install Microsoft’s Live Safety Scanner, you will be prompted to do that and to agree to the license agreement (click next). Afterwards you should be able to choose “Quick Scan” and click next.
Sony now has a list of XCP titles, or those cds that include their XCP software that is at the middle of this rootkit problem.
Unfortunately if you’ve followed Sony’s removal instructions and have the ActiveX component on your system the removal is a bit less user-friendly…
From freedom-to-tinker.com has a way to remove it….
To see whether CodeSupport is on your computer, try our CodeSupport detector page.
If you’re vulnerable, you can protect yourself by deleting the CodeSupport component from your machine. From the Start menu, choose Run. In the box that pops up, type (on a single line)
cmd /k del “%windir%downloaded program filescodesupport.*”
That should remove the control from your local machine. The freedom to tinker link above has more info on the ActiveX control and a page up that checks to see if you’re at risk from THAT vulnerability..
–Update 11/17/05 —
Freedom-to-tinker has an article on a downloadable fix to disable the ActiveX control that is from CodeSupport. If I understand correctly it’s a registry file that will set the kill bit for that control. The link to the fix and details can be found at the page above. They suggest any and all users to apply this fix to prevent the installation of the Activex, or disable it if already installed.
For the “Backstory” on this… look for posts here on the Sony DRM rootkit story
Related PostsRelated Posts
- How To Remove Alpha Antivirus (Removal Guide) There is a new rogue among us. It appears that Alpha Antivirus has replaced Personal Antivirus as one of the latest rogue security programs. This particular rogue installs through online "scans" (popups.) The reason I say "scans" is they're essentially animations of a scan (every one that visits the site......
- How to Remove PCSecure | PCSecure Removal Guide PCSecure is a recent rogue antivirus from the notorious and prolific wini family of rogue security software. It is typically promoted via trojan downloaders. Usually these will be on a website with a video that may be highly sought after. In order to see the video though you are told......
- How to Remove SystemCleanerPro | SystemCleanerPro Removal Guide SystemCleanerPro is a rogue antivirus application. It is a part of the WinSpywareProtect family and will run at system startup. It will popup many warnings about your computers security (or lack thereof). It will scan your system and claim there are viruses and it will repeatedly nag you about purchasing......
- Simple Air Conditioning Cleaning Keeping your air conditioner clean is the best way to make sure it runs at its maximum capacity. Air conditioning cleaning will vary depending on the type of air conditioner you use, but all of them are relatively simple as long as you have basic tools and can follow directions......
- If You Must Rank In The Search Engine Listings Follow These SEO Techniques You may remember a quote from a flick that said "If you build it they will come", it was from a movie called Field Of Dreams. In fact that is how it was on the Internet many years ago, but not any more. Once more that is how things were......
- How To Remove Vista Internet Security 2011 Virus You may be the latest victim of Vista Internet Security 2011. This name-changing virus has the different version, but no matter what version you have, the issues are the equivalent. The cyberpunks who formulated this virus were quite professional to make the program dynamically change its name according to windows......
- Sony discs to be recalled
- Sony rootkit settlement
- SONY DRM rootkit – the gift that keeps on giving
- Sony DRM Rootkit — it’s worse
- Sony releases XCP remover