|
Family: Windows --> Category: infos
XCP DRM Software Detection Vulnerability Scan
Vulnerability Scan Summary Checks whether XCP DRM Software is installed
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host has a rootkit installed on it.
Description :
First 4 Internet's Extended Copy Protection (XCP) digital rights
management software is installed on the remote Windows host. While it
is not malicious per se, the software hides files, processes, and
registry keys / values from ordinary inspection, which has been
exploited by several viruses to hide from anti-virus software.
See also :
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.sysinternals.com/blog/2005/11/sony-no-more-rootkit-for-now.html
http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html
Solution :
On the affected host, run the DOS command 'cmd /k sc delete $sys$aries'
to deactivate the software and reboot.
Threat Level:
Medium / CVSS Base Score : 6
(AV:L/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|