Page 1 of 2 12 LastLast
Showing results 1 to 10 of 18

Thread: Undeleteable hidden files created by SecuROM 7.xx

  1. #1
    Experienced User
    Join Date
    29.06.2004
    Posts
    221

    Default Undeleteable hidden files created by SecuROM 7.xx

    Could someone help me to get rid of these hidden files that SecuROM7 created? As you can see from the log, not even del *.* could touch them..
    OS: XP Pro, NTFS

    Filenames that really have question marks in them, what a nice gift from Macrovision.

    I tried this software to remove them, no luck.
    http://www.purgeie.com/delinv.htm

    Short filenames are disabled on this volume and the UNC path trick didn't work either. Impossible to rename.

    Directory of C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData

    2005/09/17 01:05 <DIR> .
    2005/09/17 01:05 <DIR> ..
    2005/08/13 22:39 444 ???????????π????????
    2005/08/13 22:39 16 ???????????π???????????
    2 File(s) 460 bytes
    2 Dir(s) 630.139.651.072 bytes free

    C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData>del *.*

    Could Not Find C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\*.*

  2. #2
    Experienced User
    Join Date
    29.06.2004
    Posts
    221

    Default Solution

    Here's a solution on how to remove the SecuROM infection but it costs $75:

    1. Buy WinHex professional edition (somebody with personal edition please try this since it's $35 cheaper!)

    2. Open your logical hard drive (i.e. drive C)

    3. From the directory browser, browse to Application Data\SecuROM

    4. Right-click "SecuROM" and choose "Position -> go to FILE record"

    5. Make sure that you are in $MFT (on the left panel)

    6. Enable edit mode

    7. Fill the entire SECTOR (NOT cluster!!) with "00"

    8. Save changes on disk, make sure the sector number is correct!

    9. Run cmd.exe, type "chkdsk c: /v /f", choose to run on next restart

    10. Reboot. Chkdsk will come up and your computer will reboot again.

    11. Yes, the undeleteable files are gone now! Remove directory c:\found.000 if it exists.

    12. Remove cmdline*.dll from your %windir%\system32 and %temp%

    13. Remove everything SecuROM related from registry like references to cmdline*.dll etc.

    14. Download cracks for all your SecuROM protected games you wish to play. Save the original executables for future patches.

    15. Never again install SecuROM protected games and demos(!) or you will get re-infected, only use cracked releases or software that uses another protection or no protection at all. You can buy the original CD/DVD if you wish to support the makers, but don't ever put the discs in your drive.

    16. If you must use original media or a demo, use only an account WITHOUT any administrative privileges. You CAN run most games as an ordinary user if you use cracked executables, it's the bloody protections that need to have Administrator level access in order to fuck up your system.

    17. Enjoy your games with faster start-up times and without any hidden data stored on YOUR drives.


    I e-mailed SecuROM support asking how to remove their crap from my system, they answered "There is no need to worry about these files, they are normal". I DIDN'T ASK THAT, I asked in plain English how to remove their crap!

    Since they don't seem to care about me, I sure as hell won't care about them. From this day forward, I will download every single SecuROM protected title I'd like to have, seed them for at least 24 hours after download AND write the authors (not publishers) explaining my decision. Once again, only legimate customers are punished as the pirate versions are actually better than the originals.


    I'd like to thank my friends in Russia and East Europe, this guide is published also on eMule network as "Get rid of SecuROM7 hidden files vX.X.zip".

  3. #3
    New User
    Join Date
    06.05.2005
    Posts
    1

    Default

    use Unlocker its free and great http://ccollomb.free.fr/unlocker/

  4. #4

    Default

    Jarik got owned xD Free unlocker verses 75 dollars (how the heck did you get 75 anyway? its just 35 for winhex pro...)

  5. #5
    New User
    Join Date
    16.09.2005
    Posts
    3

    Default Re: Undeleteable hidden files created by SecuROM 7.xx

    Quote Originally Posted by JariK-Tietomedia
    As you can see from the log, not even del *.* could touch them..
    <snip>
    Directory of C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData

    2005/09/17 01:05 <DIR> .
    2005/09/17 01:05 <DIR> ..
    2005/08/13 22:39 444 ???????????π????????
    2005/08/13 22:39 16 ???????????π???????????
    2 File(s) 460 bytes
    2 Dir(s) 630.139.651.072 bytes free

    C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData>del *.*

    Could Not Find C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\*.*
    "del *.*" doesn't work because the filenames don't have any dots. Try "del *". Also, if you're a programmer, you could try writing an application with hardcoded file identifier strings, as the blocking of specific characters from file identifier is sometimes implemented on application level, not by the actual filesystem or operating system. An example of this is the character ":", which is banned from file identifiers by Explorer, and most of all commands and tools used in/from cmd.exe (and probably applications using the standard Windows API for handling files), but is readily available otherwise (however the effects of putting ":" in a file identifier is quite different from what one might expect).

  6. #6
    New User
    Join Date
    12.02.2005
    Posts
    15

    Default

    Pocket Killbox is your friend here - This was created for Spyware removal, and can even go as far as killing the explorer shell before delete, and should get rid of anything
    Nothing stands in the way of it, simply enter the path (Doesn't care at all, I'd probably try deleting the directory as opposed to the files themseslves)

    Edit: If you're feeling really adventurous, a decent Linux install & Captive NTFS also works very nicely. (Albeit with a little more 'risk'; NTFS is closed source )

    Cheers

    -Leezer-

    Your friendly forum lurker

  7. #7
    Experienced User
    Join Date
    27.03.2003
    Posts
    105

    Default

    1. Use sysinternals' process explorer to see if anything has a handle on the the files in question. if something does have a handle, (although Securom doesn't use device drivers like Starforce I think) then try and kill that process. If you can't kill the process then some more work is need to find out when that process is started. For starters check Services, non-pnp drivers (hidden by default) in the Device Manager, and System Drivers (System Info)
    2. if there's no handle open then try and delete it through cygwin (unix environment) if you have a copy to hand
    3. if you still can't then boot your machine with a linux live cd e.g. knoppix, and delete it with that!

  8. #8
    Experienced User Nikos's Avatar
    Join Date
    13.10.2005
    Posts
    334

    Default Re: Undeleteable hidden files created by SecuROM 7.xx

    Quote Originally Posted by JariK-Tietomedia
    Could someone help me to get rid of these hidden files that SecuROM7 created? As you can see from the log, not even del *.* could touch them..
    Which version of Securom? None of the secumron protected games I have created any such directory or files.

    But in order to try to anwer your question:

    1) Reboot in the WindowsXP rescue console.
    2) Enter the directory in question and do a DEL *
    3) If that won't work, try to use autocompletion:

    Type DEL and then press TAB (maybe multiple times).
    See what the shell suggests for these filenames.
    To contact me privately, pray. I might answer.

  9. #9

    Default

    I also had this same problem - unprintable characters.

    It looks a lot like NTFS file corruption, and I'm fairly sure it's deliberate.

    However, I did find a solution to this without requiring Cygwin, Linux or another piece of software.

    You can use the inbuilt "\\?\C:\Documents and Settings\<user profile>\Application Data\SecuROM\UserData\*" format to unattrib and delete the files.

    So, something like so:

    Code:
    ATTRIB -R -S -A -H "\\?\C:\Documents and Settings\<user profile>\Application Data\SecuROM\UserData\*"
    
    then
    
    DEL "\\?\C:\Documents and Settings\<user profile>\Application Data\SecuROM\UserData\*"
    Worked for me.

    Microsoft page for this info:
    http://support.microsoft.com/Default.aspx?kbid=320081 (See Section 6)

    EF

  10. #10

    Default

    start windows in safemode and delete all the files...... 8)

Page 1 of 2 12 LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •