Tweet
clean removal of uaservice7 (securom)
What is it ?
Uaservice7.exe is a service that will enable non-adminstrative users
to play securom7 protected games. This can be a potential risk
to your data since it does things with your OS that are not
allowed to be done due to policy of XP. Possible exploits of
the service are imagineable.
I have not found a tool that will safely and ultimately remove
securom7´s malware driver uaservice7.exe properly from a infected system.
My findings so far
Service is installed by game installation without consent of
the user. During this installation it also seemed to tamper with
the tray icon of DT 4.0 and closed it without my consent !
No biggy i just relaunched the DT shortcut and it was back,
but interesting nevertheless. I admit though that i have not
tried to reproduce this event.
Service cannot be uninstalled by control panel.
Service will not opt for any uninstallation and securom (which is a SONY company...
does this ring a bell) does not provide any util for a clean 100% removal of their malware.
Service must be stopped by hand , deactivated and
then uaservice7.exe must be deleted from windows/system32 by hand.
This does not conclude the removal process...
uaservice7 installs legacy components in your registry which change the privelege on
their keys to deny access to administrator. Since this is a halfassed solution you can
search for any securom key in your registry and change its properties to allow full
access to anyone and then delete them. You will only be able to change props if you
are logged on as admin. You will not be able to delete the keys even as admin if
you dont change the props prior to deleting the key.
What i have not found out is how to clear securom7 from
the list of services
sc delete servicename does not work because the service
is already stopped by me and uaservice7 is deleted from
system. I have no remnants in the registry left that would
point my into the direction of how to clear the service
from the list of services in xp.
sc query shows no process running that would identify
as remnant of securom7.
Allthough it looks clean theres still that entry in the services
list and i want to remove that for having a clean list of
services.
We should really join for a class action lawsuit against Securom aka Sony under Texas,
California and New York law. It pays 100.000$ per infringement
.
I have nothing against SONY as a company but this just
tops it. Even Starforce offers a removal utility.
Uaservice7.exe is a service that will enable non-adminstrative users
to play securom7 protected games. This can be a potential risk
to your data since it does things with your OS that are not
allowed to be done due to policy of XP. Possible exploits of
the service are imagineable.
I have not found a tool that will safely and ultimately remove
securom7´s malware driver uaservice7.exe properly from a infected system.
My findings so far
Service is installed by game installation without consent of
the user. During this installation it also seemed to tamper with
the tray icon of DT 4.0 and closed it without my consent !
No biggy i just relaunched the DT shortcut and it was back,
but interesting nevertheless. I admit though that i have not
tried to reproduce this event.
Service cannot be uninstalled by control panel.
Service will not opt for any uninstallation and securom (which is a SONY company...
does this ring a bell) does not provide any util for a clean 100% removal of their malware.
Service must be stopped by hand , deactivated and
then uaservice7.exe must be deleted from windows/system32 by hand.
This does not conclude the removal process...
uaservice7 installs legacy components in your registry which change the privelege on
their keys to deny access to administrator. Since this is a halfassed solution you can
search for any securom key in your registry and change its properties to allow full
access to anyone and then delete them. You will only be able to change props if you
are logged on as admin. You will not be able to delete the keys even as admin if
you dont change the props prior to deleting the key.
What i have not found out is how to clear securom7 from
the list of services
sc delete servicename does not work because the service
is already stopped by me and uaservice7 is deleted from
system. I have no remnants in the registry left that would
point my into the direction of how to clear the service
from the list of services in xp.
sc query shows no process running that would identify
as remnant of securom7.
Allthough it looks clean theres still that entry in the services
list and i want to remove that for having a clean list of
services.
We should really join for a class action lawsuit against Securom aka Sony under Texas,
California and New York law. It pays 100.000$ per infringement
.I have nothing against SONY as a company but this just
tops it. Even Starforce offers a removal utility.
Comment