||||
Symantec.com > Security Response > Threats and Risks > SecurityRisk.First4DRM
PRINT THIS PAGE

SecurityRisk.First4DRM

Download Removal Tool | Printer Friendly Page

Updated: February 13, 2007 11:47:04 AM
Type: Other
Publisher: First 4 Internet Ltd.
Risk Impact: High
File Names: aries.sys
Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows XP


When SecurityRisk.First4DRM is executed, it performs the following actions:
  1. Copies itself as the following file:

    %System%\$sys$filesystem\aries.sys.

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following registry subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\$sys$aries

    which loads the risk as a device driver when the compromised computer is started.

  3. Hides any processes, files, folders, or registry subkeys that begin with the following string:

    $sys$

  4. Checks the name of all processes attempting to access these processes, files, folders, or registry subkeys. If the name of the process begins with the following string, it allows access:

    $sys$

    Otherwise, the risk prevents access to the process, file, folder, or registry subkey.


Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS