Thanks everyone for your help and for the heads-up. You saved me what would have, no doubt, been hours of frustration. PM Lyman ----- Original Message ----- From: classicsat To: [email protected] Sent: Sunday, November 13, 2005 9:33 AM Subject: [TVRO] Re: [Whitmores_Announcements] BMG (Sony) RootKit on some audio CDs
My opinions, from what I read. It is about the Sony DRM, not about the worm/virus that has taken advantage of it. --- In [email protected], "PM Lyman" <[EMAIL PROTECTED]> wrote: > > Dan, > I have a few questions re your post below. > > 1) You said not to put a cd in the cd drive of a Windows machine. >Does that mean not even to play it? TMK, if you turn off autorun, you should be fine, but won't be able to play the CD unless you have a player app that directly controls the CD drive. > 2) I searched for any files w/ $sys$ in the name and did not find any. I also did the test, creating a $sys$.txt file. It did not disappear when I hit refresh. Are the $sys$ files installed by Sony's rootkit? Yes, buy a part of the rootkit hides files that begin with $sys$ . If they don't hide, you are surely not "infected" with the XCP software. > 3) You said if you do find a $sys$ file and remove it, it disallows access to the cd drive. Why remove it, then? Does the $sys$ file prevent you from ripping songs? I think it is the driver (aries.sys) that hides the files, and also proxies the CD-drive, so its removeal will cause problems. > 4) Would an ordinary disc copy (not rip) be affected by the rootkit? I don't know. > 5) Other than saying, don't put any Sony discs from up to 3 months >old in your computer, is there any way to detect the presence of >rootkit software? Rootkit revealer will show if it has run on your PC. On the "CD" itself , you will see references to xcp, in the data sructureof the CD, a file called version.dat with a version of xcp More info at http://www.eff.org/deeplinks/archives/004144.php > 6) Do you recommend downloading the software from Sophos on the link >your provided below? The site said "This version of the tool detects >and disables the Sony DRM cloaking copy protection technology (which >Sophos refers to as Troj/RKProc-Fam)." I haven't bought anything >from Sony recently, and I passed the test, so what would be the >effect of running the tool on an uninfected machine? Would it >provide protection for the future in case I run into the Sony >rootkit? > Likely it will not find the infection and do thothing. > I buy cds all the time, and I usually rip them to mp3. I really >appreciate your heads-up. I definitely don't have time to rebuild my >operating system on a consistent basis. I'm thinking about just >getting a ripper computer. Do that, and put Linux on it. > > Thanks. > PM Lyman Community email addresses: Post message: mailto:[email protected] Subscribe: mailto: [EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] List owner: mailto:[EMAIL PROTECTED] Shortcut URL to this page: http://www.groups.yahoo.com/group/TVRO SPONSORED LINKS Dish satellite tv system Dish network satellite Satellite dish system Tv satellite dish Satellite dish television Rv satellite dish ------------------------------------------------------------------------------ YAHOO! GROUPS LINKS a.. Visit your group "TVRO" on the web. b.. To unsubscribe from this group, send an email to: [EMAIL PROTECTED] c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. ------------------------------------------------------------------------------ [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/EyMolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: mailto:[email protected] Subscribe: mailto: [EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] List owner: mailto:[EMAIL PROTECTED] Shortcut URL to this page: http://www.groups.yahoo.com/group/TVRO Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/TVRO/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
