Remove Sony XCP First 4 Internet Rootkit

Posted by

The ongoing saga of Sony music CDs installing a rootkit from DRM provider XCP is well documented at this point. The trick is knowing if you’re system is compromised and how to clean up your computer if you are compromised. Microsoft responded to the threat by bundling a solution into the latest build of Microsoft Anitspyware. An update to the Malicious Software Removal tool is also forth coming. This does not remove the Sony XCP software, just the bundled First 4 Internet Rootkit bundled with the XCP software. Whether this goes far enough to address the problem is still up for debate, but it certainly takes a giant step toward making sure your system is not compromised. The whole debacle will make me think twice before buying another CD. Details can be found at the Anti-Malware Engineering Team blog.
A non-comprehensive list posted by the EFF suggests that anyone purchasing one of the following CDs and played it on a PC are potentially at risk:
Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver’s Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
There may be others, Sony has not published a full list of at-risk titles.