-
Updated:
- February 13, 2007 11:47:04 AM
-
Type:
- Other
-
Publisher:
- First 4 Internet Ltd.
-
Risk Impact:
- High
-
File Names:
-
aries.sys
-
Systems Affected:
- Windows 2000, Windows NT, Windows Server 2003, Windows XP
Behavior
SecurityRisk.First4DRM is a rootkit that hides any processes, files, folders, or registry subkeys that start with the following string:
$sys$
Note:
- This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.
- Customers running Norton Internet Security 2005 AntiSpyware Edition, programs from the Norton 2006 line of products, and Symantec AntiVirus Corporate Edition 10.x can make use of the product's remediation functionality to remove this risk.
Symptoms
Any processes, files, folders, or registry subkeys that start with or are renamed to start with the following string are hidden from view:
$sys$
Transmission
This security risk is part of the XCP software present on some Sony BMG content-protected music CDs. When a CD containing this software is started from a CD-ROM, the security risk is automatically installed on the compromised computer.
Antivirus Protection Dates
-
Initial Rapid Release version November 8, 2005
-
Latest Rapid Release version January 13, 2013 revision 033
-
Initial Daily Certified version November 8, 2005
-
Latest Daily Certified version January 14, 2013 revision 004
-
Initial Weekly Certified release date November 8, 2005
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
