Originally posted on November 16, 2005 @ 11:44 am
If you have heard about SonyBMG’s newest DRM technique, you will know that it opens you up to a lot security problems. Here is how to get rid of the software that they install:
This DRM system operates only on recent versions of Windows. If you’re using MacOS or Linux, you have nothing to worry about from this particular DRM system. The instructions here apply to Windows XP.
How to tell whether the rootkit is on your computer: On the Start menu, choose Run. In the box that pops up, type this command:
cmd /k sc query $sys$aries
and hit the Enter key. If the response includes “STATE: 4 RUNNING”, then your machine is infected with the rootkit. If the response includes “The specified service does not exist as an installed service”, then your machine is not infected with the rootkit.
How to disable the rootkit: On the Start menu, choose Run. In the box that pops up, type this command:
cmd /k sc delete $sys$aries
and hit the Enter key. Then reboot your system, and the rootkit will be permanently disabled.
Note that this does not remove or disable the main anti-copying technologies. It only turns off the rootkit functionality that hides files, programs, and directory entries. The main DRM software is still present.
If you need any help, let me know.
I’ll be posting other information and hacks/fixes how to remove the DRM software entirely later today once I do more testing.