Results 1 to 3 of 3

Thread: Sony Rootkit it seems

  1. #1
    uncertain Guest

    Default Sony Rootkit it seems

    Installed the digital Sony disk for the digital recorder Sony (ICD-P210). Returned the recorder that afternoon and uninstalled the program. I seems that Sony left an ET call home program. Files that I have been able to identify via the ZAS prog are as follows:
    IcdSptSv module - c:\windows\system32
    DvESetup.exe G:\English dvesetup.exe - - that is CD drive the origin of this file changed after I deleted the copyinf.exe files from the windows prefetch directory. There were four of the copyinf files that kept loading and ZONE did not stop the load or alert me, albeit that Program control is at high and SmartDefense at manual.

    UnUsb.exe loads via the doc setting\user\local\temp and then disappears. Can t find nor delete it.

    Wss.exe loads under the above captioned temp file as well, then either deletes or hides

    UNINST.EXE loads via the C:\program files\sony\digital voice editor 2\uninst.exe - - the directory does not exist or at least will not show itself under any circumstances except in the properties window via ZAS.

    In addition, there are a host of other temp files that I have yet to identify the origin.

    ZAS does not detect the apparent root (regardless of scan method) Spysweep and Microsoft Antivirus and Spyware will not detect. Adware SE does not detect.

    Sony has yet to respond.

    Any suggestions absent a nuke erase, reformat and reinstall.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.0

  2. #2
    jarvis Guest

    Default Re: Sony Rootkit it seems

    This does not sound like the First4Internet copy protection program - since you apparently got it from a CD-ROM installer for a digital recorder. However, they might have used similar techniques with this to try and "take ownership" of things you've recorded that MIGHT be copyrighted. Typical.

    Try creating a file on your desktop called $sys$test.txt If it disappears then they've used the same cloaking method as before.

    Have you tried giving all these processes a "Trust Level" of "Kill" in ZASS? So long as they aren't loading very early in the boot sequence ZASS might be able to prevent them loading.

  3. #3
    uncertain Guest

    Default Re: Sony Rootkit it seems

    Thanks for the reply. This is what I have done. Renamed all the *.ax and *.dll files associated with that prog to whatever.old. Renamed prior to deletion only to make sure system would not crash. All of those files were found in the system32 folder. There were 14 *.ax and 5 *.dll. Then went in to the registry and cleared all entries for the files. That stopped the file execution. Booted to safe mode, did a clean uninstall of ZASS, insured the internet log file had been deleted and then reinstalled ZASS. Prob with ZASS is that I tried to kill and or remove it from the program area and they just kept coming back. But more concerning is that I never allowed the prog entry. Some how it just got around ZASS. Perhaps some sort of corruption - dunno. Then created a loopback for the sony urls that I could identify. Then emailed sony and told them what they could kiss in so many words. At some point I will nuke erase, reformat and reinstall. I really don't know if that prog was a "rootkit" or a form of and ET call home prog. What I do know is that it left **bleep** all over my machine that continued to execute after the uninstall. Even more, I followed there custom uninstall procedure where they identified what files and changes had been made at installation and deleted same. They just neglected to mention a few. I am sure that there are files that I missed but this I am sure about too. For me, they (Sony) are in the great land of garbage and there they will stay for me and my family. Now then I want to also say that without ZASS, I very likely would not have known what was happening. Thank you Zone and to all for your help.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •