How to remove the Sony - XCP DRM Rootkit

Martin Brinkmann
Nov 14, 2005
Updated • Apr 24, 2013
Security
|
0

Sony added a rootkit to some of its commercial music CDs that caused quite the uproar not only amongst Internet users but also consumer rights organizations throughout the world. The following article provides you with all the information that you need to understand all about it. It provides links to consumer made CD lists that help you understand which music CDs ship with the rootkit software, explains how you can check your PC for traces of the rootkit, and provides you with a detailed walk through that explains to you how you can remove the rootkit from your personal computer if you have found it to be installed on it.

If you suspect that your PC might contain Sony's rootkit protection take a look at the article posted at bleepingcomputer.com.

Update: some of the music CDs that contained the rootkit were Celine Dion's On ne Change Pas, Switchfood's Nothing is Sound or Acceptance by Phantoms. Here is a short list of music CDs that may have the rootkit installer.

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

One indicator that the rootkit is installed on the user computer is the existence of the XCP CD Proxy service. Just press Windows-r, type services.msc and tap on the enter key to open the list of services on the system. If you find that particular service running on your computer, you likely have the rootkit installed on it.

Advertisement

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.