Sony DRM Rootkit - collected Wilders-threads

Discussion in 'malware problems & news' started by FanJ, Nov 13, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I thought that it might be a good idea to give a list of all the threads here at the Wilders-board about the Sony DRM Rootkit.
    Name and link of the thread is given.

    To the Mods: I wasn't sure where to post this.
    To all: please feel free to add threads that I forgot to add.

    Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management...
    https://www.wilderssecurity.com/showthread.php?t=104457

    First Trojan using Sony DRM spotted
    https://www.wilderssecurity.com/showthread.php?t=105944

    SONY.....Need info on the "Legal" rootkit
    https://www.wilderssecurity.com/showthread.php?t=104827

    can ProcessGuard protect form sony rootkit? is there secreenshot?
    https://www.wilderssecurity.com/showthread.php?t=105890

    Will NOD32 protect against First-4 (Sony/BMG) Rootkit
    https://www.wilderssecurity.com/showthread.php?t=105097
    (thread is closed)

    Is NOD32 going to detect and stop this type of thing?
    https://www.wilderssecurity.com/showthread.php?t=104672

    SONY throws in the towel ... for now.
    https://www.wilderssecurity.com/showthread.php?t=106216&

    Panda: TruPrevent, Trojans, and Sony's anti-piracy system
    https://www.wilderssecurity.com/showthread.php?t=106170

    Norman SandBox with early detection of security risk created by DRM protected Sony
    https://www.wilderssecurity.com/showthread.php?t=105974

    MS Anti Spyware to wipe Sony Rootkit
    https://www.wilderssecurity.com/showthread.php?t=106421

    Will anti-rookit programs detect Sony rootkit?
    https://www.wilderssecurity.com/showthread.php?t=105494

    PestPatrol will detect and remove Sony's rootkit-enabled DRM software
    https://www.wilderssecurity.com/showthread.php?t=106454

    Is there any potential risks in Sony's BMG:s?
    https://www.wilderssecurity.com/showthread.php?t=105007
     
  2. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
  3. FanJ

    FanJ Guest

  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,586
    Location:
    Texas
  5. controler

    controler Guest

    I always thought the service should be stopped before deleting?

    net stop $sys$aries

    NO?

    controler
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Still learning them but are not most rootkits drivers and is not aries.sys a driver ?
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,586
    Location:
    Texas
    Sony's 'Rootkit' Is on 500,000 Systems
    .

    Story
     
  9. J at A

    J at A Guest

  10. FanJ

    FanJ Guest

    Last edited by a moderator: Nov 17, 2005
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Mark's Sysinternals Blog....Wednesday, November 16, 2005


     
  12. blackimp

    blackimp Registered Member

    Joined:
    Feb 27, 2004
    Posts:
    5
  13. FanJ

    FanJ Guest

  14. controler

    controler Guest

    Bubba and VXD's are drivers too LOL


    bought a new Neil Diamond CD today with the rootkit on it at Best Buy;)
     
  15. FanJ

    FanJ Guest

  16. controler

    controler Guest

    UnHackMe Pro

    Labled as Hacker Defender

    1. Scan for viruses:

    C:\WINDOWS\CDProxeyServ.exe

    c:\WINDOWS\system\$sys$filesystem\$sys$DRMServer

    C:\WINDOWS\SYSTEM32\DRIVERS\$sys$COR.SYS

    2. Checkme Now;

    $sys$aires

    $sys$cor

    $sys$crater

    $sys$DRMServer

    $sys$lim

    $sys$oct

    Regrun reanimator shows the same VXD Driver with the $sys$ prefix.

    & WIndows Core
     

    Attached Files:

  17. Yuppers

    Yuppers Guest

  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,586
    Location:
    Texas
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,586
    Location:
    Texas
  20. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,362
    Location:
    Ontario, Canada
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
  23. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    170,586
    Location:
    Texas
    New Sony CD security risk found
    Story
     
  25. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.