|
Okay, this isn't some fancy website. I created this website because I had this same problem, and googling it just wasn't working,
because everyone was talking about it, but never solving it, I did some research, and put my computer skills to work, and
I have solved this so called mystery of removing sony's rootkit. Here's the answer.
How to manually remove SonyBMG's Rootkit from your XP machine.
First unplug your source of internet. Then hit ctrl+alt+del, and click the process tab. Find $sys$DRMserver.exe and end
this proccess.
Go to start, then run, type in "regedit" and then enter.
Delete these keys:
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\$sys$DRM
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\$sys$Crater
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\$sys$Cor
HKEY_Local_Machine\SOFTWARE\$sys$References
HKEY_Local_Machine\SONYBMG
Go to www.sysinternals.com download pstools, unzip them, and then put them in C:\Windows\System32. Not in a folder, but
all the individual files. You will be asked if you want to replace the dll file, and say yes, or yes to all.
Then close regedit if it's open, and type this in run psexec -s -i -d regedit.exe(this will open regedit in a special
way that allows you to delete the following registry keys.)
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Enum\IDE\(your cd-rom drive(s), and then delete LowFilters that says beside
it either "$sys$Crater" or "$sys$Crater imapi"
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel(there will be two sets of syncronized numbers, the
top is primary, and the bottom is secondary, since your cd drives are hooked up to secondary, click the second one. Then find
the key that contains the value of $sys$Cor.
Then after that delete these files.
C:\Windows\System32\$sys$caj.dll
C:\Windows\System32\AXPSupport.dll
C:\Windows\System32\InstallContinue.exe
C:\Windows\System32\XPCPlugins.dll
C:\Windows\System32\ECDPlayerControl.ocx
C:\Windows\System32\XCPPhoenix.dll
C:\Windows\System32\$sys$Upgtool.exe
C:\Windows\System32\ClientSyncLoader.htm****or possibly html.
After that delete these two folders, and all of their contents.
C:\Windows\System32\SoftwareDistribution
C:\Windows\System32\$sys$filesystem
After doing all these steps, shutdown your computer. While the computer is shutdown, replug your source of internet back
up to your computer. This is how we tell if your copy of the rootkit was succesfully removed. The process $sys$DRMserver.exe
is activated by a source of connectivity to the internet. If it doesn't start up at Windows XP's Login then your computer
is free from Sony's harmful attempt to cut back on distribution of music, but my opinion is my cd, my priorty to do whatever
I want with it. Hope that this helped. Just remember, if it says copy-protection software on the case, it would be a good
idea not to insert into computer's disk drive unless you check to make sure that the label of that cd does not belong to SONY
BMG. PeAcE
P.S. After this, and any deletion of registry keys I recommend that you use a registry cleaner, for those of you that
don't have one here's a free program that will take care of everything. However, I recommend that you do the registry scan
more than once because it doesn't get all in it's first pass, but no worries this only take about 45seconds on a 600mhz proccessor,
so if yours is faster then you really don't have to worry about it.
Registry Cleaner
|
