What is XCP.Sony.Rootkit?
XCP.Sony.Rootkit is one way for Sony to reach its goal to control the ripping and distribution of music. XCP.Sony.Rootkit installs a DRM executable as a Windows service, but employs a technique commonly used by malware authors to fool everyday users into believing this is a part of Windows. This service very frequently queries the primary executables associated with all processes running on the machine, resulting in nearly continuous read attempts on the hard drive, which has been shown to shorten the drive’s lifespan.
XCP.Sony.Rootkit loads a system filter driver which hijacks all calls for process, directory or registry listings, even those unrelated to the Sony BMG application. This rootkit driver modifies what information is visible to the operating system in order to cloak the Sony BMG software. This rootkit hides every file, process, or registry key beginning with $sys$. This represents a vulnerability, which has already been exploited to hide World of Warcraft RING0 hacks, and could potentially hide an attacker’s files and processes once access to an infected system had been gained.
Do you have XCP.Sony.Rootkit?
If you have enough time and expertise, you can search your computer for XCP.Sony.Rootkit manually. However, it might take hours to find out all files of XCP.Sony.Rootkit, and it is possible that XCP.Sony.Rootkit will appear after rebooting, for its hidden files may still be there.
Download automatic scanner for XCP.Sony.Rootkit
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office - with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.
Manual XCP.Sony.Rootkit removal instructions
WARNING: The manually removal method is for advanced users. XCP.Sony.Rootkit manually removal can be difficult and time-consuming. There is no guarantee that XCP.Sony.Rootkit can be completely removed, for there are hundreds of files generated when XCP.Sony.Rootkit installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.
Follow the instruction below for XCP.Sony.Rootkit removal manually:
Navigate and Remove XCP.Sony.Rootkit registry values:
HKEY_CLASSES_ROOT\clsid\{78037074-0beb-496e-9e4c-92d92d562168}
HKEY_CLASSES_ROOT\clsid\{c62a2089-4eb1-4ebb-8635-0d1fcdd6bf25}
HKEY_CLASSES_ROOT\interface\{6d92b32f-ef61-4366-bd2a-2fff9220e331}
HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}
HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}
HKEY_CLASSES_ROOT\xcpplayercontrol.xcpplayercontrolctrl.1
HKEY_CURRENT_USER\software\cdextrainstall
HKEY_LOCAL_MACHINE\software\$sys$reference
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$drmserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$lim
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$oct
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserve
Navigate and Delete XCP.Sony.Rootkit files:
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe
[%SYSTEM%]\$sys$filesystem
What are the symptoms of XCP.Sony.Rootkit?
- XCP.Sony.Rootkit may control the ripping and distribution of music
- XCP.Sony.Rootkit may employ a technique used by malware authors
- XCP.Sony.Rootkit may shorten the drive’s lifespan
- XCP.Sony.Rootkit may hijack all calls for process, directory or registry listings
- XCP.Sony.Rootkit may hide files and processes for attackers
- XCP.Sony.Rootkit may decrease system performance
How do I keep away from XCP.Sony.Rootkit?
Once you have cleaned up XCP.Sony.Rootkit, the most important point to prevent XCP.Sony.Rootkit and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against XCP.Sony.Rootkit and other malware:
- Use a computer firewall
- Confirm that you have downloaded all the latest critical security updates
- Adjust Internet Explorer web browser’s security settings
- Download and install anti-spyware protection, such as, Spyware Cease
- Surf sites and download programs from the web sites you trust
What is Adware?
XCP.Sony.Rootkit is a type of Adware.
Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.
Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.
