A new rootkit.

I read today, that Mr. and Mrs. Smith DVD installs a rootkit in your PC.
According to Settec, they have a uninstall for their tecnology called Alpha-DISC, in their website.
F-Secure has published the news yesterday , but Cool Daddy told us since february 9.
I hope NOD32 can detect it.

http://www.f-secure.com/weblog/archi....html#00000810

Best Regards,

DonKid.

 

Yeah NOD detects it. HB actually wrote about it somewhere.. Lemme just find it

Edit: Well maybe not. He was checking it out though

 

I rented that DVD and played it and received no warning about a rootkit.

By the way, the link above didn't work for me.

F-Secure: News from the Lab (Archives - Feb 2006)
http://www.f-secure.com/weblog/archives/archive-022006.html

Digital Contents Copy Protection Settec (Alpha Audio/Alpha DVD)
http://www.settec.net/eng/pro_alphadvd.htm

Uninstallation of Alpha-DISC Copy Protection (rootkit uninstaller)
http://uninstall.settec.com/eng/

- The uninstaller is available in English and in German

 

Well we need to here from someone in this forum to tackle this new Rootkit!! And not just Eset but all other products in this forums!!

 

Why not change the auto play option to take no action. Then one can choose which player to use and the autostart junk they try to add is never activated.

 

Or simply disable Shell Hardware Detection Service.

 

Or a simple solution.
After insert a DVD, keep Shift pressed, so the DVD drive won´t run anything.

 

But one must remember to press the key then

 

But it does not ask or tell you that it is installing anything that's why I wonder why NOD does not pick it up or even BOclean? And now I have the Dam thing on my Box My Burning speed will not go above 1.8x on a 16x Burner!!

I am asking how to get it off my Computer because I think it is Malware as I cannot not burn a DVD any faster which sucks!

Could someome from Eset comment on this?

TIA,

Daniel

 

Hi Triple Helix.

If the rookit is from Settec, please look here:

http://uninstall.settec.com/eng/

Best Regards,

DonKid.

 

You might want to ask Kevin McAleavey why BOClean didn't pick up on it? He's easy to get in touch with.

 

Thanks Elwood! Done!!

Cheers,

 

You're welcome. I'd be interested to know the gist of what he says.

 

I will post back when I get some info!!

Regards,