1. /
  2. Security Response/
  3. SecurityRisk.First4DRM

SecurityRisk.First4DRM

Updated:
February 13, 2007 11:47:04 AM
Type:
Other
Publisher:
First 4 Internet Ltd.
Risk Impact:
High
File Names:
aries.sys
Systems Affected:
Windows 2000, Windows NT, Windows Server 2003, Windows XP

Behavior


SecurityRisk.First4DRM is a rootkit that hides any processes, files, folders, or registry subkeys that start with the following string:

$sys$

Note:
  • This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.
  • Customers running Norton Internet Security 2005 AntiSpyware Edition, programs from the Norton 2006 line of products, and Symantec AntiVirus Corporate Edition 10.x can make use of the product's remediation functionality to remove this risk.

Symptoms


Any processes, files, folders, or registry subkeys that start with or are renamed to start with the following string are hidden from view:

$sys$

Transmission


This security risk is part of the XCP software present on some Sony BMG content-protected music CDs. When a CD containing this software is started from a CD-ROM, the security risk is automatically installed on the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version November 8, 2005
  • Latest Rapid Release version October 7, 2013 revision 006
  • Initial Daily Certified version November 8, 2005
  • Latest Daily Certified version October 7, 2013 revision 009
  • Initial Weekly Certified release date November 8, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver