How to remove the Sony – XCP DRM Rootkit

This article explains it all. It provides links to consumer made cd listings that contain the rootkit software, shows how cds with the rootkit software look like, explains how one can check his personal computer for the rootkit and finally gives a detailed walkthrough on how to remove the rootkit software manually from your computer.

If you suspect that your pc might contain sony’s rootkit protection take a look at the article posted at bleepingcomputer.com.

Update: some of the music CDs that contained the rootkit were Celine Dion’s On ne Change Pas, Switchfood’s Nothing is Sound or Acceptance by Phantoms. Here is a short list of music CDs that may have the rootkit installer.

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver’s Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

One indicator that the rootkit is installed on the user computer is the existence of the XCP CD Proxy service. Just press Windows-r, type services.msc and tap on the enter key to open the list of services on the system. If you find that particular service running on your computer, you likely have the rootkit installed on it.

Related Articles:

Author: Martin Brinkmann, Monday November 14, 2005 -
Tags:drm, rootkits, sony