1. /
  2. Security Response/
  3. SecurityRisk.First4DRM


February 13, 2007 11:47:04 AM
First 4 Internet Ltd.
Risk Impact:
File Names:
Systems Affected:
Windows 2000, Windows NT, Windows Server 2003, Windows XP


SecurityRisk.First4DRM is a rootkit that hides any processes, files, folders, or registry subkeys that start with the following string:


  • This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.
  • Customers running Norton Internet Security 2005 AntiSpyware Edition, programs from the Norton 2006 line of products, and Symantec AntiVirus Corporate Edition 10.x can make use of the product's remediation functionality to remove this risk.


Any processes, files, folders, or registry subkeys that start with or are renamed to start with the following string are hidden from view:



This security risk is part of the XCP software present on some Sony BMG content-protected music CDs. When a CD containing this software is started from a CD-ROM, the security risk is automatically installed on the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2014 revision 022
  • Latest Rapid Release version April 7, 2015 revision 069
  • Initial Daily Certified version November 8, 2005
  • Latest Daily Certified version April 8, 2015 revision 004
  • Initial Weekly Certified release date November 8, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report