Know Your Malware: First4DRM removal

First4DRM is a rootkit, which cloaks any running processes, files, directories and registry keys that begin with the $sys$ string. It prevents installed applications and system tools from accessing hidden objects, so that only specific processes beginning with the same $sys$ string can access them. The rooktit is a part of XCP Content Manager, which is the legitimate software used to protect digital media from unauthorized duplication, publishing, etc. This software is distributed on some Sony BMG DRM-protected music CDs. Once the user inserts such a disc into the computer's CD or DVD drive, XCP secretly installs Firt4DRM to the system. It does it without the user's knowledge and explicit consent. Although First4DRM is not an actual malware, it behaves as a parasite, can be easily used to hide real risks and therefore is classified as a malicious unsolicited program. It automatically runs as a service on every Windows startup.

Related files: aries.sys

First4DRM properties:
Hides from the user
Stays resident in background Remove First4DRM, removal instructions

Linked by shanmuga Thursday, 10th November 2005 12:46PM