November 8th, 2005


Sony/BMG Music Rootkit

If you run Windows and have purchased any copy-protected Sony/BMG cd's, you may have a rootkit installed.

Long story short: it's a piece of software that hides itself from you, makes unauthorized access to the Sony site, and stays resident in memory where it takes up RAM and CPU cycles. And that's the good news. :P

You can read all about it here:

To see if you're running it, download, unzip, and run RootkitRevealer:

If you see any entries with text like aries.sys, crater.sys, $sys$aries, $sys$crater, $sys$cor, you've been compromised. The good news is you can stop it from running by going to Start -> Run and typing "sc delete $sys$aries", which will remove the driver from the Registry so it won't be loaded when you boot your machine anymore; at this point you can safely delete the files (if you want). But don't take my word for it, read the articles I mentioned above.
  • Current Music
    Pizzicato Five - Porno 3003