Bioshock PC Game - Can NOD32 remove the rootkit?

Discussion in 'NOD32 version 2 Forum' started by Xophile, Aug 23, 2007.

Thread Status:
Not open for further replies.
  1. Xophile

    Xophile Registered Member

    Joined:
    Feb 9, 2004
    Posts:
    161
    Last edited: Aug 23, 2007
  2. b00ze

    b00ze Registered Member

    Joined:
    Mar 8, 2006
    Posts:
    30
    Location:
    Rhineland
    Usually rootkis are hidden and dont tell you that you have to reboot or deinstall something (a virtual drive like alcohol 120% as an example). You have three options: dont buy it, dont install it, dont play it.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I think rootkits are a gray area, certainly an entirely different debate.

    Securom is from a legit company, it doesn't have a malicious intent, it's part of the game. It's also visible to Windows...it does install a service. I think true rootkits are entirely hidden from the OS. I think the jury is out as to if Securom is indeed a rootkit...Google it and Bioshock and you'll see forums debating the subject.

    Rootkits as a technology certainly can have malicious intents, and be dangerous if used in such a manner.

    Sooo...question is...does/should NOD32 detect ALL rootkits...regardless if legit software.
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Only AVG stops it from installing which I find pretty funny. Nothing else detects it.
     
  5. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    Yes, I think it should detect it, and then ask us if we allow it or have it removed (and keep track of the decisions in a exclusion/inclusion list).

    Kind regards
    Itsme
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I spent a little more time hunting/googling Securom.....it appears that media frenzy has it hyped up to be mislabeled as a rootkit, and some of the better, more technical/accurate forums are indeed stating that it is not a rootkit. Including a Microsoft tech forum..where a moderator there is stating that it is not a rootkit.

    The fact that is does create a service on your computer which you can easily see in services.msc (it's NOT hidden) leads me to believe it's not a rootkit either. AFAIK...Rootkits by definition, are supposed to be totally hidden.
     
  7. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    So it could easily be a PUA then by the sound of it?

    Cheers :)
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    There are varing levels of "stealthness" (is that a correct word?) in the rootkit field.
    I agree :)
     
  9. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    What is the name of the service please?
     
  10. mata7

    mata7 Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    635
    Location:
    Mississauga, Canada
    just dont buy it, dont support any PC Game wiht that kind of protection, get a Console and you will have you pc clean of crap like this one
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Some info on SecuROM.
     
  12. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    Thanks Lucas, within that wiki article reads:

    Latest SecuROM Versions are all 7.x versions which are released and updated continuously. SecuROM 7.x installs its own service to user's computer UAService7.exe — (ring 3), which works in ring 3 of the computer's operating system.
     
  13. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I don't think NOD32 or many other AVs are going to add detection for this for various legal reasons. I am, however, surprised to hear that AVG of all the vendors is detecting it....:)
     
  14. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Anything from Wikipedia should be taken with a grain of salt....anyone can contribute to it, leading to often mis-tinfoil hatted-information.
     
  15. RealBig

    RealBig Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    3
    Well I managed to get myself infected with a very nasty trojan whilst messing with Bioshock. Here's a link that contains the symptoms and how to remove.

    http://kb.mozillazine.org/Firefox.exe_always_open

    The only application that I was able to find that located the culprit (regedt.exe file in windows/system32 which was hidden in the explorer, notice the file name) was ADS Spy. This neat little program is able to locate hidden data streams that AV software and regular trojan scanners cannot find. A registry key is also created.

    I've also heard that AVG is able to locate and remove this, but NOD didn't. Does anyone have any tips or suggestions on highly reliable Trojan Scanners ? I tried Trojan Hunter, but it missed this nasty little beast.
     
  16. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Good heavens that idiocy about a rootkit originated from a blog by a clueless guy who tried to get more attetion to his blog by using the term "rootkit" for a registry key that was hidden because of a "*" in the key name. He removed the term Rootkit after being subjected to a thorough bashing by commenters both on his blog and slashdot. Too late for some news sites / bloggers / forums to notice, which means this FUD continues to get spread.

    There is NO rootkit in there. Don't believe every FUD bloggers post and random news sites pick up without checking the facts.

    It does contain some really stupid copy protection, but nothing of it resembles a rootkit. The copy protection service is neither hidden nor does it try to prevent deactivation or uninstallation.

    The correct news would be: Securom copy protection software has a registry key that cannot be deleted because of a special character. No rootkit, no malware, no nothing.


    /me crawls away to play some more BioShock, which is an awesome game :)
     
Thread Status:
Not open for further replies.