can't get rid of sony rootkit thing

R

rolling thunder

n00b
Joined
Dec 26, 2005
Messages
13
need some help:
i got that sony rootkit thing in november by trying to play one of those cds. now i've used the official sony rootkit removal exe several times and still can't get rid of it. whenever i run pest patrol it shows i've still got that thing (none of my others do -- not s&d, ewido, ad-ware se, microsoft giant, stng259, trendware, norton or avast).
does anyone have suggestions?
thanks
 
Unfortunately I don't have a suggestion as to how to remove it....but when ever I have someone who has had a rootkit i advise them to wipe the drive completely and start over since the system can't be assumed to be secure IMO.

Hope someone else can be of more help.
 
kumquat said:
Yeah.

Stop buying Celine Dion CD's!!!

Sorry, I had to :p
Click to expand...
lol, QFT! :p j/k here too! Sorry, though, the only thing I would do is reformat/reinstall....I wouldn't take any other chances....it would be scary though if you DID reformat/reinstall.....AND IT WAS STILL THERE! Urban legends, man, urban legends! ;)
 
rootkits are almost impossible to get rid of. The time you spend trying to get rid of it, you can save time by just flattening and reloading.
 
i tried the lavasoft and the ms malicious toolremover too, but still get this:



OS: Windows XP
Product Edition: Evaluation
PestPatrol.exe: 12/27/2004 4.4.4.81
PestPatrolCL.exe: 12/15/2004 4.4.4.80
Pest Database: 1/3/2006

Pests found:

XCP.Sony.Rootkit,HKEY_CLASSES_ROOT\interface\{6d92b32f-ef61-4366-bd2a-2fff9220e331},na,na,1/3/2006,00-0B-7D-1B-21-FA,USA

XCP.Sony.Rootkit,HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574},na,na,1/3/2006,00-0B-7D-1B-21-FA,USA

XCP.Sony.Rootkit,HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997},na,na,1/3/2006,00-0B-7D-1B-21-FA,USA

XCP.Sony.Rootkit,HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$aries,na,na,1/3/2006,00-0B-7D-1B-21-FA,USA

XCP.Sony.Rootkit,HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$aries|nextinstance,na,na,1/3/2006,00-0B-7D-1B-21-FA,USA

:mad:
 
I wouldn't consider it clean unless Rootkit Revealer dubs it so. You might consider check out their forums as well, I'm sure there are plenty of existing threads. Best advice though is to wipe it and be done.

 
i've run the two microsoft programs (malicious and beta spyware) and they say i'm clean. i've run registry mechanic and the norton stuff and crap cleaner and spybot sd and lavasoft....and they all say i'm clean too.....could pest patrol just be seeing some remnants...but if so, why haven't these other programs cleaned them out?
:confused:
 
Not every program is capable of detecting them. Run the app I mentioned above, to verify wether the kit is still there.
 
You must log in or register to reply here.
Back
Top