What is Aware and How to Remove Adware from Your Computer?

Posted by Emma Adrian in Blog Knowledge Base, Recent Articles on November 12th, 2009 | Leave a comment
TAGS: , ,

How to remove Adware from computer is a tough task for many people since not everyone can be the computer expert. But for the convenience of using our PC and enjoying smooth computer experience, we have to figure out how to get rid of Adware and make our PC run like a new one again!

Firstly, let us find out what is Adware. As a type of malicious software, Adware usually sneaks into people’ computer without their knowing. They often pop up, display, or download annoying ads automatically while the user is surfing the net or when the application is in processing. With the rapid development of computer technology and the variant of virus, the possibility of getting Adware is increasing, too. We have to pay more attention to this and protect our computer security.

Generally speaking, there is one simple but useful way to get this problem resolved. That is to use professional anti-Adware program. Based on the characteristic of Adware, in many cases, it poses almost the same as spyware. And for the safety of our computer, we can use Spyware Cease, an excellent program that integrated with the latest scan engine and powerful removal tool! It is also one of the most outstanding representatives in this field. Without the help of professional tool, your computer may be in a bind and it will bring many negative results to your work and life. By using Spyware Cease, you do not need to worry about the attacks of Adware and be at ease with your PC security.

Adware is not too tremendous to solve. By adopting proper and effective method, we can settle it within short time. For more security information, please visit the best program for your PC and start your FREE scan now!

N-case

Posted by elise in Blog Adware, Latest Adware Threats, Latest Spyware News, Recent Articles, Top Spyware Threats on June 8th, 2009 | 2 Comments
TAGS: , , , , ,

What is N-case?
N-case is a adware that automatically produces logs of your online activities, including the websites you have visited and keywords within your visited URLs. It then silently submits the log generated to the servers of 180Solution’s who releases N-Case. This malware also delivers targeted popup ads under direction of its controlling servers. Whenever PC starts up, N-Case would automatically launch and run at the background, generating unsolicited popup advertisements. It can even update itself.

Do you have N-case?
If you have enough time and expertise, you can search your computer for N-case manually. However, it might take hours to find out all files of N-case, and it is possible that N-case will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for N-case
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual N-case removal instructions
WARNING: The manually removal method is for advanced users. N-case manually removal can be difficult and time-consuming. There is no guarantee that N-case can be completely removed, for there are hundreds of files generated when N-case installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instructions below to remove N-case manually:

Navigate and stop the N-case processes:
N/A

Navigate and delete N-case files:
%ProgramsDir%\n-Case\
%ProgramsDir%\nCase\
%SystemDir%\msbb.exe
%SystemDir%\msbb.dll
%SystemDir%\msbb1.dll
%WinDir%\ncmyb.dll

Navigate and remove N-case registry keys
N/A

What are the symptoms of N-case?

  • N-case may connect itself to the internet
  • N-case may hide from the user
  • N-case may stay resident in background

How do I keep away from N-case
Once you have cleaned up N-case, the most important point to prevent N-case and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against N-case and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
N-case is a type of adware.

Adware is a type of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.

Broderbund DSSagent

Posted by Emma Adrian in Blog Latest Adware Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats on January 20th, 2009 | Leave a comment
TAGS: , ,

What is Broderbund DSSagent?
Broderbund DSSagent is an Adware program installed by some Mattel/Broderbund products, with the purpose to download new splash screens to be displayed when the products that support this program are started.

Broderbund DSSagent slams your DNS server with continuous connections to www.brodcast.net and other domains. It pops up un-solicited advertisements and analyses computer usage, and then sent the information back to the companies servers. Broderbund DSSagent runs as a hidden process with no user interface. Its behavior can severely slow down your computer as it can consume large numbers of CPU cycles.

Do you have Broderbund DSSagent?
If you have enough time and expertise, you can search your computer for Broderbund DSSagent manually. However, it might take hours to find out all files of Broderbund DSSagent, and it is possible that Broderbund DSSagent will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for Broderbund DSSagent
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual Broderbund DSSagent removal instructions
WARNING: The manually removal method is for advanced users. Broderbund DSSagent manually removal can be difficult and time-consuming. There is no guarantee that Broderbund DSSagent can be completely removed, for there are hundreds of files generated when Broderbund DSSagent installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for Broderbund DSSagent removal manually:

Navigate and stop Broderbund DSSagent process:
dssagent.exe

Navigate and Remove Broderbund DSSagent registry values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\bbstore\dss\dssagent.exe
HKEY_LOCAL_MACHINE\software\broderbund software\dss active
HKEY_LOCAL_MACHINE\software\broderbund software\dss autolaunchremoved
HKEY_LOCAL_MACHINE\software\broderbund software\dss cobwebinterval
HKEY_LOCAL_MACHINE\software\broderbund software\dss serverurl
HKEY_LOCAL_MACHINE\software\broderbund software\dss storagelocation
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run dss

Navigate and Delete Broderbund DSSagent files:
%windows%\bbstore\dss\dssagent.exe
dssagent.exe
dssregistry.ini
%windows%\bbstore\dss\dssagent.exe

What are the symptoms of Broderbund DSSagent?

  • Broderbund DSSagent may display advertisements
  • Broderbund DSSagent may collect users’ Internet surfing information
  • Broderbund DSSagent may run in the background of the system without interface
  • Broderbund DSSagent may slow down computer processing severely
  • Broderbund DSSagent may cause network problems and create heavy CPU usage

How do I keep away from Broderbund DSSagent?
Once you have cleaned up Broderbund DSSagent, the most important point to prevent Broderbund DSSagent and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against Broderbund DSSagent and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
Broderbund DSSagent is a type of Adware.

Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.

MyWebSearch

Posted by Emma Adrian in Blog Latest Adware Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Top Spyware Threats on January 19th, 2009 | Leave a comment
TAGS: , , ,

What is MyWebSearch?
MyWebSearch is an advertising Browser Helper Object that consists of an add-on to Internet explorer that tracks the text users put into a search field. MyWebSearch hijacks users’ homepage temporarily, redirecting it to MyWebSearch.com, an access page that hosts the search field, so as to constitute an aggressive advertising practice. MyWebSearch can also manifest as a voluntarily downloaded toolbar that displays links to purportedly useful service and also hosts an Ask.com search field.

MyWebSearch, as well as its similarly titled companion app., MyTotalSearch, was published by Ask.com that was previously called AskJeeves.com. The search field in the BHO does not engage in any direct monitoring essentially. Instead, it simply funnels more users to Ask.com, in order to increase the likelihood that a user will click on a sponsored link and create revenue.

Do you have MyWebSearch?
If you have enough time and expertise, you can search your computer for MyWebSearch manually. However, it might take hours to find out all files of MyWebSearch, and it is possible that MyWebSearch will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for MyWebSearch
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual MyWebSearch removal instructions
WARNING: The manually removal method is for advanced users. MyWebSearch manually removal can be difficult and time-consuming. There is no guarantee that MyWebSearch can be completely removed, for there are hundreds of files generated when MyWebSearch installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for MyWebSearch removal manually:

Navigate and stop MyWebSearch process:
mwssrcsp.exe

Navigate and Remove MyWebSearch registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch
HKEY_CLASSES_ROOT\AskPBar.SettingsPlugin
HKEY_CLASSES_ROOT\AskPBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{F4D76F01-7896-458a-890F-E1F05C46069F}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKEY_CLASSES_ROOT\Interface\{F4D76F0A-7896-458A-890F-E1F05C46069F}
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKEY_CLASSES_ROOT\TypeLib\{F4D76F00-7896-458A-890F-E1F05C46069F}
HKEY_CURRENT_USER\Software\Fun Web Products
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKEY_LOCAL_MACHINE\SOFTWARE\AskPBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F01-7896-458a-890F-E1F05C46069F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F4D76F0B-7896-458a-890F-E1F05C46069F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskPBar Uninstall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch Email Clients Uninstaller
HKEY_CLASSES_ROOT\ActiveSplash.Splash
HKEY_CLASSES_ROOT\ActiveSplash.Splash.1
HKEY_CLASSES_ROOT\ActiveSplash.SplashObjects
HKEY_CLASSES_ROOT\ActiveSplash.SplashObjects.1
HKEY_CLASSES_ROOT\ActiveSplash.SplashPicture
HKEY_CLASSES_ROOT\ActiveSplash.SplashPicture.1
HKEY_CLASSES_ROOT\ActiveSplash.SplashText
HKEY_CLASSES_ROOT\ActiveSplash.SplashText.1
HKEY_CLASSES_ROOT\CLSID\{6241AF3F-2B41-41AD-A268-68CD710D34C2}
HKEY_CLASSES_ROOT\CLSID\{D1B5603A-54B5-4C23-BA4B-DEAA204AF07C}
HKEY_CLASSES_ROOT\CLSID\{D4D72717-D96A-4BA1-A136-EADB379BE963}
HKEY_CLASSES_ROOT\CLSID\{D88797FA-4784-4B40-8C5A-C4626297EC0E}
HKEY_CLASSES_ROOT\Interface\{25B5C75A-CC13-443C-AA0F-D92A2A8ECE7E}
HKEY_CLASSES_ROOT\Interface\{4CA2CA27-2031-405C-86E5-84637FB595C5}
HKEY_CLASSES_ROOT\Interface\{4E0E6D86-082D-4D60-A733-29A66909BDC8}
HKEY_CLASSES_ROOT\Interface\{B5745800-DA7C-4B4B-B775-D56AE8984D82}
HKEY_CLASSES_ROOT\Interface\{D3B810A9-7B1C-47F0-9B72-F1A24568B8A6}
HKEY_CLASSES_ROOT\Interface\{EC058846-AE55-4BDF-B379-9D2BE64D7D3A}
HKEY_CLASSES_ROOT\Interface\{EEDD46CD-3900-426F-838F-E543A0D69584}
HKEY_CLASSES_ROOT\Interface\{FB3AF05A-AB26-48E7-BE5A-CFFAA5980A97}
HKEY_CLASSES_ROOT\TypeLib\{46D36DC4-1F37-11D3-9DD0-AE1592195F1B}
HKEY_CURRENT_USER\Software\Cliprex DS
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A29-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\CLSID\{014DA6C2-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
HKEY_CLASSES_ROOT\AskTBar.SettingsPlugin
HKEY_CLASSES_ROOT\AskTBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\Interface\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}
HKEY_CLASSES_ROOT\TypeLib\{FE063DB0-4EC0-403E-8DD8-394C54984B2C}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
HKEY_LOCAL_MACHINE\SOFTWARE\AskTBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskTBar Uninstall
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EAB99C1-F9EC-4B64-A4BA-D9BCAE8779C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014DA6CB-189F-421a-88CD-07CFE51CFF10}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKEY_CLASSES_ROOT\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKEY_CLASSES_ROOT\CLSID\{0A94B111-4504-4e26-AB05-E61E474AA38B}

Navigate and Delete MyWebSearch files:
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ m3html.dll
%program_files%\ MyWebSearch\ bar\ 1.bin\ M3IDLE.DLL
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ m3impipe.exe
%program_files%\ MyWebSearch\ bar\ 1.bin\ M3MSG.DLL
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ m3outlcn.dll
%program_files%\ MyWebSearch\ bar\ 1.bin\ M3PLUGIN.DLL
%program_files%\ MyWebSearch\ bar\ 1.bin\ M3SKIN.DLL
%Program_Files%\ MyWebSearch\ bar\ 1.bin\ M3SKPLAY.EXE
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ mwsbar.dll
%program_files%\ mywebsearch\ bar\ 1.bin\ mwsoemon.exe
%program_files%\ MyWebSearch\ bar\ 1.bin\ MWSOEPLG.DLL
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ mwsoestb.dll
%PROGRAM_FILES%\ mywebsearch\ bar\ 1.bin\ npmywebs.dll
%program_files%\ mywebsearch\ bar\ 2.bin\ m3slsrch.exe
%program_files%\ mywebsearch\ bar\ 2.bin\ m3srchmn.exe
%program_files%\ mywebsearch\ bar\ 2.bin\ mwsoemon.exe
%program_files%\ mywebsearch\ bar\ 2.bin\ mwsoeplg.dll
%program_files%\ mywebsearch\ bar\ 2.bin\ npmywebs.dll
%program_files%\ MyWebSearch\ SrchAstt\ 1.bin\ MWSSRCAS.DLL
%program_files%\ mywebsearch\ srchastt\ 2.bin\ mwssrcas.dll
ebkp.dll
m3slsrch.exe
m3srchmn.exe
mgssetp.exe
mwssetup.commoncodebase.exe
soref_rgbndl.exe

What are the symptoms of MyWebSearch?

  • MyWebSearch may track Internet Explorer surfing activities
  • MyWebSearch may hijack users’ homepage and redirect it to MyWebSearch.com
  • MyWebSearch may display advertisements
  • MyWebSearch may slow down Internet browsing process
  • MyWebSearch may decrease system performance
  • MyWebSearch may decrease system performance

How do I keep away from MyWebSearch?
Once you have cleaned up MyWebSearch, the most important point to prevent MyWebSearch and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against MyWebSearch and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
MyWebSearch is a type of Adware.

Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.

XCP.Sony.Rootkit

Posted by Emma Adrian in Blog Latest Adware Threats, Latest Spyware News, Latest Spyware Threats, Recent Articles, Rookits, Top Spyware Threats on January 19th, 2009 | 1 Comment
TAGS: , , ,

What is XCP.Sony.Rootkit?
XCP.Sony.Rootkit is one way for Sony to reach its goal to control the ripping and distribution of music. XCP.Sony.Rootkit installs a DRM executable as a Windows service, but employs a technique commonly used by malware authors to fool everyday users into believing this is a part of Windows. This service very frequently queries the primary executables associated with all processes running on the machine, resulting in nearly continuous read attempts on the hard drive, which has been shown to shorten the drive’s lifespan.

XCP.Sony.Rootkit loads a system filter driver which hijacks all calls for process, directory or registry listings, even those unrelated to the Sony BMG application. This rootkit driver modifies what information is visible to the operating system in order to cloak the Sony BMG software. This rootkit hides every file, process, or registry key beginning with $sys$. This represents a vulnerability, which has already been exploited to hide World of Warcraft RING0 hacks, and could potentially hide an attacker’s files and processes once access to an infected system had been gained.

Do you have XCP.Sony.Rootkit?
If you have enough time and expertise, you can search your computer for XCP.Sony.Rootkit manually. However, it might take hours to find out all files of XCP.Sony.Rootkit, and it is possible that XCP.Sony.Rootkit will appear after rebooting, for its hidden files may still be there.

Download automatic scanner for XCP.Sony.Rootkit
Spyware Cease – the technology-oriented security protection that provides a risk-free computing environment for your home and office – with detection, removal and guard in one intuitive and straight-forward interface. Only Spyware Cease gives you individual fix against the most dangerous spyware problems.

Manual XCP.Sony.Rootkit removal instructions
WARNING: The manually removal method is for advanced users. XCP.Sony.Rootkit manually removal can be difficult and time-consuming. There is no guarantee that XCP.Sony.Rootkit can be completely removed, for there are hundreds of files generated when XCP.Sony.Rootkit installed on your system. Make sure to back up your computer in case that you make any mistakes and your system does not work.

Follow the instruction below for XCP.Sony.Rootkit removal manually:

Navigate and Remove XCP.Sony.Rootkit registry values:
HKEY_CLASSES_ROOT\clsid\{78037074-0beb-496e-9e4c-92d92d562168}
HKEY_CLASSES_ROOT\clsid\{c62a2089-4eb1-4ebb-8635-0d1fcdd6bf25}
HKEY_CLASSES_ROOT\interface\{6d92b32f-ef61-4366-bd2a-2fff9220e331}
HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}
HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}
HKEY_CLASSES_ROOT\xcpplayercontrol.xcpplayercontrolctrl.1
HKEY_CURRENT_USER\software\cdextrainstall
HKEY_LOCAL_MACHINE\software\$sys$reference
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$drmserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$lim
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$oct
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserve

Navigate and Delete XCP.Sony.Rootkit files:
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe
[%SYSTEM%]\$sys$filesystem

What are the symptoms of XCP.Sony.Rootkit?

  • XCP.Sony.Rootkit may control the ripping and distribution of music
  • XCP.Sony.Rootkit may employ a technique used by malware authors
  • XCP.Sony.Rootkit may shorten the drive’s lifespan
  • XCP.Sony.Rootkit may hijack all calls for process, directory or registry listings
  • XCP.Sony.Rootkit may hide files and processes for attackers
  • XCP.Sony.Rootkit may decrease system performance

How do I keep away from XCP.Sony.Rootkit?
Once you have cleaned up XCP.Sony.Rootkit, the most important point to prevent XCP.Sony.Rootkit and future malicious programs from reverting is to stay suspicious of spam E-mail attachment and unknown websites. Here are several ways in which you can help protect your computer against XCP.Sony.Rootkit and other malware:

  • Use a computer firewall
  • Confirm that you have downloaded all the latest critical security updates
  • Adjust Internet Explorer web browser’s security settings
  • Download and install anti-spyware protection, such as, Spyware Cease
  • Surf sites and download programs from the web sites you trust

What is Adware?
XCP.Sony.Rootkit is a type of Adware.

Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or pop up windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.