Announcement

Collapse
No announcement yet.

Help, think new Securom is installing Malware/Rootkit?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help, think new Securom is installing Malware/Rootkit?

    Hi, I found nasty folder in Docs and Sets\Admin\AppData\Securom, this folder contained 2 files which refused to Delete, but before I rebooted that drive as a Slave and attempted to delete them, I found an Unlocker link here at DT, which worked, thanks.

    This lead me to start searching the regestry, I found 2 Securom folders one in Current User\Software\Securom and one in Users\S-1-5-21-1275210071-1715567821-682003330-500\Softwar\Securom both of which have a Folder that refuses to let look in, rename or Delete called, !CAUTION! NEVER DELETE OR CHANGE ANY KEY
    Could someone please help me get rid of this trash. please?

    I downloaded the BioShock Demo and I think that's where it's from, even though I Uninstalled the Demo.

    Thanks for any tips.

  • #2


    ... but don't worry, neither Malware nore Rootkit
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

    Comment


    • #3
      Thanks for the linky, Terramex.

      "Enter regdelnull hkcu -s"
      What are the the H and K, here I got the -s and the CU and U, sory DOS was little before my time, sadly.
      I tried looking up DOS with the following; key, paramaters, extentions and commands with not much luck.

      Thanks.

      Comment


      • #4
        hkcu = hkey\current_user

        its a registry branch

        also a registry key isnt executable, and this one isnt malware, its just drm, messing with it could invalidate any licenses you have for other securom games too... so make a backup before doing anything
        my views are 100% personal views..

        Comment


        • #5
          Thanks, evlncrn8.

          Several people have mentioned it's not a rootkit but does this mean their rootkit reavealer is just wrong?
          "this newest SecuRom variant is being labeled by Sysinternal's Rootkit Revealer as a rootkit"

          Also, it seems I have to wait 24 hours to even see my post here, is this nromal or am doing something wrong?

          Thanks.

          Comment


          • #6
            Non-customers who have less than 20 posts are moderated.

            Comment


            • #7
              Ok thanks, Jito463 didn't know that.
              I had previous post in the past, since I regestered about 2 years ago, but have no clue what the total orgianlly was of my post.

              Anyone heared anything on the Sysinternal's Rootkit Revealer calling the new securom a rootkit?

              I guess it could be a mistake but still seems to verify at least to some degree the behavior of the new version is suspect, at least in my limited knowledge.

              Comment


              • #8
                The Rootkit Revealer detects the new SecuROM as Rootkit, this one installs itself with the Demo of Bioshock and also the Retail ones !
                You weak pathetic fool, it's all to easy
                sysProfile (Click me)

                Comment


                • #9
                  SecuROM puts an undeleteable key in the registry, and according to the screenshots I've seen, that is what Rootkit Revealer detects.
                  This registry key is nothing new, SecuROM 7 has been doing that all the time.

                  Comment


                  • #10
                    yup which doesnt imply its a rootkit, just that its an 'abnormal' key.. microsoft .net framework can also make these keys
                    my views are 100% personal views..

                    Comment


                    • #11
                      no, it for sure doesnt mean its something that indicates it is
                      a rootkit - just something uncommon that ALSO rootkit frequently uses...

                      But that doesnt mean necessarily that Securom is rootkit
                      (although I admit that Sony has really bad reputation when
                      it comes to rootkits (I remember there was big issue on some
                      Audio/Video-CDs)).

                      On the other hand: Sony knows this and in case they would
                      hide anything in their code - regardless how good it is encrypted
                      and hidden - it WILL be revealed by someone.
                      That would be the end of Securom - as you can imagine, noone
                      at Sony would play such risky game.

                      There are enough competitors out there who would love to
                      replace Securom with their own protection.

                      All this is very well known at Sony, too.. Why should they
                      risk to kick themselfes out of business?

                      I'm not a fan of Securom nor Sony, but I doubt it has some-
                      thing "malwarelike" inside.

                      Comment


                      • #12
                        Taken from Corpnews:

                        SecuROM, in its current incarnation, is a copy protection scheme that installs a service that runs at Ring 3, the applications layer. It has no access to lower-level rings, like drivers or kernel-level resources.

                        In the case of Bioshock, according to the official 2K Games FAQ, "The only data collected is the serial being used for activation, the IP address used for activation, an identifier for the software being activated, and the hash of the machine ID. The ID cannot be read by any other system or operator. Its only purpose is for comparing future activations on a particular serial." [...] SecuROM, though it is DRM, and onerous, and requires online activation, does not install any device drivers, does not cloak anything, and doesn't allow other programs' files to be cloaked by it.


                        =========

                        I'd be amazed if Securom ever went down the "SF-route" or "Sony route" of root kits
                        If the minimum wasn't acceptable it wouldn't be called the minimum.

                        Comment


                        • #13
                          not quite true there, you grabbed that info from some forum?
                          i haven't seen the service present in any securom games from version 7.20 (earliest i have), so the whole service=rootkit argument is quite wrong... please correct me if im wrong... i sure dont have the service present when im playing bioshock...

                          and yep, in this day and age, any company that values business wouldn't do rootkit style stuff... unless the public were informed about it (and accepted it).. sptd for example uses 'rootkit-like' technology, purely to protect itself and anything using it from hacking etc..
                          my views are 100% personal views..

                          Comment

                          Working...
                          X