XCP.SONY.ROOTKIT

G

Guest

Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Thanks
 
R

Randy Knobloch

elfuego_delsol said:
Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
Click to expand...

The Malicious Software Removal Tool targets this threat.
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Click to expand...

What "patch" are you referring to?

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.
 
B

Bill Sanderson

Microsoft Antispyware has detected this rootkit for many weeks. It only
detects and removes the rootkit properties of Sony's copy protection scheme.
It doesn't remove the copy protection, which would eliminate your ability to
listen to the CD.

Have you taken manual steps to eliminate the rootkit yourself?

Are you talking about Sony's "patch"?

I suspect the missing CD drive is fairly easy to fix, but that you'd get
better advice in an XP hardware related forum rather than here--if the drive
is visible in hardware manager, I would recommend removing it there, and
letting it be re-detected.

I suspect that your problem is related to the one discussed at this url:

http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm

and that the fix proposed at that link is what you need.

See whether you feel that you understand what is proposed there well enough
to try it--if in doubt, save the relevant registry areas from within the
registry editor, before proceeding.
 
J

Jim Byrd

Hi elfuego - See here:
http://support.microsoft.com/default.aspx?scid=kb;[LN];270008 It may not
sound like it applies but take the steps outlined there to delete the Upper
and Lower Filters.

You can also use this reg file to handle these deletes (it takes care of
deleting some other things which can cause problems as well):
http://www.aumha.org/downloads/cdgone.zip This is
pretty much the "standard" fix for this type of issue. Backup first so that
you can recover if there are problems (there aren't usually, BTW).

It's recommended by Compaq/HP that you run FilterFixer also when this occurs
to recreate the correct entries, here:
ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.exe Instructions
here: ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.txt
 
B

Bill Sanderson

Thanks, Jim--much better references than mine!
--

Jim Byrd said:
Hi elfuego - See here:
http://support.microsoft.com/default.aspx?scid=kb;[LN];270008 It may not
sound like it applies but take the steps outlined there to delete the
Upper
and Lower Filters.

You can also use this reg file to handle these deletes (it takes care of
deleting some other things which can cause problems as well):
http://www.aumha.org/downloads/cdgone.zip This is
pretty much the "standard" fix for this type of issue. Backup first so
that
you can recover if there are problems (there aren't usually, BTW).

It's recommended by Compaq/HP that you run FilterFixer also when this
occurs
to recreate the correct entries, here:
ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.exe Instructions
here: ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.txt

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



message
Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Thanks
Click to expand...
Click to expand...
 
G

Guest

I have had the same problems. I thought Microsoft Antispyware would take off
the XCP.Sony.Rootkit, because my other anti-spyware found it but won't remove
it. AntiSpyware Beta, can't even find it on my computer and neither can the
malicious program removal tool. I too have had a CD burner turn up as
missing with the following message: "Windows successfully loaded the device
driver for this hardware but cannot find the hardware device. (Code 41)".
This happened at the same time the rootkit turned up. I'm guessing the 2 are
related.
Any ideas as to why Spyware won't remove this rootkit that it is supposed to?
Thanks!!

Click Troubleshoot to start the troubleshooter for this device.
 
J

Jim Byrd

YVW, Bill. Fell free to use it - this comes up all the time. :)

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



Bill Sanderson said:
Thanks, Jim--much better references than mine!

Jim Byrd said:
Hi elfuego - See here:
http://support.microsoft.com/default.aspx?scid=kb;[LN];270008 It may not
sound like it applies but take the steps outlined there to delete the
Upper
and Lower Filters.

You can also use this reg file to handle these deletes (it takes care of
deleting some other things which can cause problems as well):
http://www.aumha.org/downloads/cdgone.zip This is
pretty much the "standard" fix for this type of issue. Backup first so
that
you can recover if there are problems (there aren't usually, BTW).

It's recommended by Compaq/HP that you run FilterFixer also when this
occurs
to recreate the correct entries, here:
ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.exe Instructions
here: ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.txt

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



message
Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Thanks
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Hey Jim: Thanks alot for your suggestions...got some more work to do.

Jim Byrd said:
Hi elfuego - See here:
http://support.microsoft.com/default.aspx?scid=kb;[LN];270008 It may not
sound like it applies but take the steps outlined there to delete the Upper
and Lower Filters.

You can also use this reg file to handle these deletes (it takes care of
deleting some other things which can cause problems as well):
http://www.aumha.org/downloads/cdgone.zip This is
pretty much the "standard" fix for this type of issue. Backup first so that
you can recover if there are problems (there aren't usually, BTW).

It's recommended by Compaq/HP that you run FilterFixer also when this occurs
to recreate the correct entries, here:
ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.exe Instructions
here: ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.txt

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



elfuego_delsol said:
Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Thanks
Click to expand...
Click to expand...
 
G

Guest

Hi Bill: Gracias for your input....Yes I did use Yahoo Spyware to try and
remove and apparently that's when I lost my CD drive. Also, the 'patch' is
Sony's...by the time I downloaded it, there was no sign of any Sony s/w on my
puter. So to understand correctly...the copy protection file is what's now
preventing recognition of my CD drive...yes?
 
B

Bill Sanderson

I think that the process of removing the copy protection is what is
preventing recognition.

Check out the tools and links Jim Byrd posted--they should help you get the
drive back, I believe.

--
 
J

Jim Byrd

YW, elfuego.

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



elfuego_delsol said:
Hey Jim: Thanks alot for your suggestions...got some more work to do.

Jim Byrd said:
Hi elfuego - See here:
http://support.microsoft.com/default.aspx?scid=kb;[LN];270008 It may not
sound like it applies but take the steps outlined there to delete the Upper
and Lower Filters.

You can also use this reg file to handle these deletes (it takes care of
deleting some other things which can cause problems as well):
http://www.aumha.org/downloads/cdgone.zip This is
pretty much the "standard" fix for this type of issue. Backup first so that
you can recover if there are problems (there aren't usually, BTW).

It's recommended by Compaq/HP that you run FilterFixer also when this occurs
to recreate the correct entries, here:
ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.exe Instructions
here: ftp://ftp.compaq.com/pub/softpaq/sp27501-28000/sp27949.txt

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/



Why doesn't MS AntiSpyware Beta 1 detect the 'trojan' file "xcp.sony.rootkit"
(when other spywares have)?
And does the so-called 'patch' to disable the beast correct my missing CD
ROM drive?
Thanks
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MS antispyware could not remove trojan spyware 2
Spyware Report Part 1 3
False Positive Remote.exe 2
WinFixer 2005 - Virtunomdo 2
BankAsh-A Trojan 1
Giant Anti-Spyware vs Microsot Anti-Spyware 3
MICROSOFT AntiSpyware Beta does not work 7
WebP2P Spyware 2

Top