Thanx for providing some extra info & insight into this problem. I just found the article & passed it along I didn't know a whole lot of details about it so thanx for providing some.
--- PM Lyman <[EMAIL PROTECTED]> wrote: > Thanks everyone for your help and for the heads-up. You saved me what would > have, no doubt, been hours of frustration. > PM Lyman > ----- Original Message ----- > From: classicsat > To: [email protected] > Sent: Sunday, November 13, 2005 9:33 AM > Subject: [TVRO] Re: [Whitmores_Announcements] BMG (Sony) RootKit on some > audio CDs > > > My opinions, from what I read. It is about the Sony DRM, not about the > worm/virus that has taken advantage of it. > > --- In [email protected], "PM Lyman" <[EMAIL PROTECTED]> wrote: > > > > Dan, > > I have a few questions re your post below. > > > > 1) You said not to put a cd in the cd drive of a Windows machine. > >Does that mean not even to play it? > > TMK, if you turn off autorun, you should be fine, but won't be able to > play the CD unless you have a player app that directly controls the CD > drive. > > > 2) I searched for any files w/ $sys$ in the name and did not find > any. I also did the test, creating a $sys$.txt file. It did not > disappear when I hit refresh. Are the $sys$ files installed by Sony's > rootkit? > > Yes, buy a part of the rootkit hides files that begin with $sys$ . If > they don't hide, you are surely not "infected" with the XCP software. > > > 3) You said if you do find a $sys$ file and remove it, it disallows > access to the cd drive. Why remove it, then? Does the $sys$ file > prevent you from ripping songs? > > > I think it is the driver (aries.sys) that hides the files, and also > proxies the CD-drive, so its removeal will cause problems. > > > 4) Would an ordinary disc copy (not rip) be affected by the rootkit? > I don't know. > > > 5) Other than saying, don't put any Sony discs from up to 3 months > >old in your computer, is there any way to detect the presence of > >rootkit software? > Rootkit revealer will show if it has run on your PC. On the "CD" > itself , you will see references to xcp, in the data sructureof the > CD, a file called version.dat with a version of xcp > > More info at http://www.eff.org/deeplinks/archives/004144.php > > > 6) Do you recommend downloading the software from Sophos on the link > >your provided below? The site said "This version of the tool detects > >and disables the Sony DRM cloaking copy protection technology (which > >Sophos refers to as Troj/RKProc-Fam)." I haven't bought anything > >from Sony recently, and I passed the test, so what would be the > >effect of running the tool on an uninfected machine? Would it > >provide protection for the future in case I run into the Sony >rootkit? > > > > Likely it will not find the infection and do thothing. > > > I buy cds all the time, and I usually rip them to mp3. I really > >appreciate your heads-up. I definitely don't have time to rebuild my > >operating system on a consistent basis. I'm thinking about just > >getting a ripper computer. > > Do that, and put Linux on it. > > > > > Thanks. > > PM Lyman > > > > > > > > Community email addresses: > Post message: mailto:[email protected] > Subscribe: mailto: [EMAIL PROTECTED] > Unsubscribe: mailto:[EMAIL PROTECTED] > List owner: mailto:[EMAIL PROTECTED] > Shortcut URL to this page: > http://www.groups.yahoo.com/group/TVRO > > > > > SPONSORED LINKS Dish satellite tv system Dish network satellite Satellite > dish system > Tv satellite dish Satellite dish television Rv satellite dish > > > ------------------------------------------------------------------------------ > YAHOO! GROUPS LINKS > > a.. Visit your group "TVRO" on the web. > > b.. To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. > > > > ------------------------------------------------------------------------------ > > > > [Non-text portions of this message have been removed] > > > > > Community email addresses: > Post message: mailto:[email protected] > Subscribe: mailto: [EMAIL PROTECTED] > Unsubscribe: mailto:[EMAIL PROTECTED] > List owner: mailto:[EMAIL PROTECTED] > Shortcut URL to this page: > http://www.groups.yahoo.com/group/TVRO > > Yahoo! Groups Links > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/EyMolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: mailto:[email protected] Subscribe: mailto: [EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] List owner: mailto:[EMAIL PROTECTED] Shortcut URL to this page: http://www.groups.yahoo.com/group/TVRO Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/TVRO/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
