Solution

Here's a solution on how to remove the SecuROM infection but it costs $75:

1. Buy WinHex professional edition (somebody with personal edition please try this since it's $35 cheaper!)

2. Open your logical hard drive (i.e. drive C)

3. From the directory browser, browse to Application Data\SecuROM

4. Right-click "SecuROM" and choose "Position -> go to FILE record"

5. Make sure that you are in $MFT (on the left panel)

6. Enable edit mode

7. Fill the entire SECTOR (NOT cluster!!) with "00"

8. Save changes on disk, make sure the sector number is correct!

9. Run cmd.exe, type "chkdsk c: /v /f", choose to run on next restart

10. Reboot. Chkdsk will come up and your computer will reboot again.

11. Yes, the undeleteable files are gone now! Remove directory c:\found.000 if it exists.

12. Remove cmdline*.dll from your %windir%\system32 and %temp%

13. Remove everything SecuROM related from registry like references to cmdline*.dll etc.

14. Download cracks for all your SecuROM protected games you wish to play. Save the original executables for future patches.

15. Never again install SecuROM protected games and demos(!) or you will get re-infected, only use cracked releases or software that uses another protection or no protection at all. You can buy the original CD/DVD if you wish to support the makers, but don't ever put the discs in your drive.

16. If you must use original media or a demo, use only an account WITHOUT any administrative privileges. You CAN run most games as an ordinary user if you use cracked executables, it's the bloody protections that need to have Administrator level access in order to fuck up your system.

17. Enjoy your games with faster start-up times and without any hidden data stored on YOUR drives.


I e-mailed SecuROM support asking how to remove their crap from my system, they answered "There is no need to worry about these files, they are normal". I DIDN'T ASK THAT, I asked in plain English how to remove their crap!

Since they don't seem to care about me, I sure as hell won't care about them. From this day forward, I will download every single SecuROM protected title I'd like to have, seed them for at least 24 hours after download AND write the authors (not publishers) explaining my decision. Once again, only legimate customers are punished as the pirate versions are actually better than the originals.


I'd like to thank my friends in Russia and East Europe, this guide is published also on eMule network as "Get rid of SecuROM7 hidden files vX.X.zip".

use Unlocker its free and great http://ccollomb.free.fr/unlocker/

Jarik got owned xD Free unlocker verses 75 dollars (how the heck did you get 75 anyway? its just 35 for winhex pro...)

Re: Undeleteable hidden files created by SecuROM 7.xx

"del *.*" doesn't work because the filenames don't have any dots. Try "del *". Also, if you're a programmer, you could try writing an application with hardcoded file identifier strings, as the blocking of specific characters from file identifier is sometimes implemented on application level, not by the actual filesystem or operating system. An example of this is the character ":", which is banned from file identifiers by Explorer, and most of all commands and tools used in/from cmd.exe (and probably applications using the standard Windows API for handling files), but is readily available otherwise (however the effects of putting ":" in a file identifier is quite different from what one might expect).

Pocket Killbox is your friend here - This was created for Spyware removal, and can even go as far as killing the explorer shell before delete, and should get rid of anything
Nothing stands in the way of it, simply enter the path (Doesn't care at all, I'd probably try deleting the directory as opposed to the files themseslves)

Edit: If you're feeling really adventurous, a decent Linux install & Captive NTFS also works very nicely. (Albeit with a little more 'risk'; NTFS is closed source )

Cheers

-Leezer-

Your friendly forum lurker

1. Use sysinternals' process explorer to see if anything has a handle on the the files in question. if something does have a handle, (although Securom doesn't use device drivers like Starforce I think) then try and kill that process. If you can't kill the process then some more work is need to find out when that process is started. For starters check Services, non-pnp drivers (hidden by default) in the Device Manager, and System Drivers (System Info)
2. if there's no handle open then try and delete it through cygwin (unix environment) if you have a copy to hand
3. if you still can't then boot your machine with a linux live cd e.g. knoppix, and delete it with that!

Re: Undeleteable hidden files created by SecuROM 7.xx

Which version of Securom? None of the secumron protected games I have created any such directory or files.

But in order to try to anwer your question:

1) Reboot in the WindowsXP rescue console.
2) Enter the directory in question and do a DEL *
3) If that won't work, try to use autocompletion:

Type DEL and then press TAB (maybe multiple times).
See what the shell suggests for these filenames.

I also had this same problem - unprintable characters.

It looks a lot like NTFS file corruption, and I'm fairly sure it's deliberate.

However, I did find a solution to this without requiring Cygwin, Linux or another piece of software.

You can use the inbuilt "\\?\C:\Documents and Settings\<user profile>\Application Data\SecuROM\UserData\*" format to unattrib and delete the files.

So, something like so:

Worked for me.

Microsoft page for this info:
http://support.microsoft.com/Default.aspx?kbid=320081 (See Section 6)

EF

start windows in safemode and delete all the files...... 8)

MS KB, you cannot delete a file or a folder on an NTFS file system volume

Nice post Earlyflash.

Another method that often works on hidden or oddly named files is to remove the directory:
OK, I made a folder called 'funky'. Then I copied the boot.ini file from the root into the 'funky' folder and made it read only.
As you can see, deleting the file was unsuccessful. So, we use the rd command.
'rd' alone will remove an empty]directory. To delete a folder and all its files, you use 'rd /s /q' where '/s' indicates that rd should remove all subfolders and files and '/q' indicates that it will not ask for confirmation.

And the folder, along with the file is gone. This method generall works.

the Unlocker tool works perfect. I didn't even know I had these files in my pc until I tried to clear up my second hd

Thanks LodeRunner! That walkthrough works perfectly!

I think a soft named unlocker can do it