F4IROOT KIT-HIGH RISK

[Guest]

I scanned my computer on 11-19-2005 and it found the F4ROOT KIT (F4IRootkit
Potentially Unwanted Software). It says it deletes it but when I scan it
again to see if it is removed it bring the same threat back up and says the
same thing about deleting it, but it is not deleted. Can somone please help
me with this. Below is what it tells me:

Detected Threats

F4IRootkit Potentially Unwanted Software
Details: F4IRootkit is a family of kernel mode rootkit which is distributed
in some Sony audio CDs, as part of the copyright protection mechanism. Upon
the installation, it creates a service called $sys$aries and loads the driver
aries.sys.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$ARIES
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$ARIES
NextInstance 1


Detected Spyware Cookies
No spyware cookies were found during this scan.

It telling me it's removed, but its not. It ends up coming back up.

 

[plun]

Hi

As you can see this comes from Sony.

Search for Sony Rootkit with Google

Are you running latest defs ? Help-About.
5779 is latest.

Bleepingcomputer have this guide.

http://www.bleepingcomputer.com/forums/topic34904.html

Perhaps MS also joining "lamers" AV club. I would
never choose any Malware protection from MS if
this "shit" cannot be removed. So stay away from "One Care".

MS fails in every new detection/removal. Really strange !?
On purpose ?

 

[Bill Sanderson]

Can you do a File, Check for updates in Microsoft Antispyware and see
whether you get 5779 definitions. If this appears to succeed, please go to
Help, About, and press the diagnostics button.
and look for this line in the Diagnostic Report:

Definitions Increment Version: 132/132

This indicates a successful application of 5779.

Please retry the detection and removal of the F4I root kit.

This software is indeed a risk, but it is a very well understood one, and it
is not a keylogger, for example, so you can proceed with deliberation--we
want to get rid of it, but it needn't be absolutely urgent.

If you want, since you've got a security threat, and Microsoft's products
are not helping you get rid of it, you can call 1-866-pcsafety in the U.S.
or Canada and ask for assistance with this issue.

 

[~Jean-Marc~ [MVP XP-FR]]

Salutations F4IROOT KIT- WON'T DELETE, tu nous disais :

F4IRootkit Potentially Unwanted Software
Details: F4IRootkit is a family of kernel mode rootkit which is
distributed in some Sony audio CDs, as part of the copyright
protection mechanism. Upon the installation, it creates a service
called $sys$aries and loads the driver aries.sys.

It telling me it's removed, but its not. It ends up coming back up.

Hi,

Start > Run >
CMD /K sc delete $sys$aries

and reboot.

Cheers