Since most people I have talked to lately haven’t heard about the Sony DRM Rootkit, I thought I would mention something about it on my main blog.
First of all, a rootkit is a piece of malware
If you have purchased a CD from a Sony/BMG artist and played it in your computer lately, you will have noticed that in some cases, it requires you to play it in a media player that is supplied by the CD itself. The player incorporates DRM
The rootkit is called Essential System Tools and is published by First 4 Internet. First 4 Internet is in an agreement with Sony and other record labels to package a DRM software application with each CD sold. It uses a file called Aries.sys (also hidden) to open and run the rootkit every time your computer is started — even in safe mode!
How do I know if I’m infected?
There are a couple ways a rootkit can be discovered. The easiest and most common is to download and install the latest version of RootkitRevealer or any other software that you trust to scan your system for rootkits. RootkitRevealer will show a user hidden processes, files, folders, etc.
How do I get rid of it?
That is an excellent question and the answer is “Not easily.” Sony has published a piece of software with the purpose of “uninstalling” the rootkit. The software can be found here but does not really uninstall the rootkit. It simply stops the process and installs a new DRM software. Worse yet, it stops the Aries.sys file while Windows is running. This can cause an operating system to become unstable and bring on the Blue Screen of Death as well as the possibility of data loss. Currently there is no easy way to completely remove the rootkit. The more advanced ways to remove said rootkit will be added to my Sideblog as soon as I can get them typed up.
That’s all for now. I just wanted to get that out for now. Feel free to email me if you have any questions about this. I’m also curious to know what you all think about having software installed to your system that can possibly cause security problems and make your system unstable without your knowledge. Feel free to comment it up.