|Short Description||Created to hide processes, files, folders, and registry subkeys that begin with the $sys$ string.|
|Symptoms||The processes, files, folders, subkeys beginning with $sys$, are hidden.|
|Distribution Method||Certain Sony CDs bundled with anti-piracy protection software.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By SecurityRisk.First4DRM|
First4DRM, also known as SecurityRisk.First4DRM is an online threat classified as a rootkit. It was first published back in 2007 by First 4 Internet Ltd., but apparently has been exploited for malicious intentions.The rootkit is designed to hide particular processes, files, folders, and registry subkeys that begin with the $sys$ string. The rootkit was originally designed to conceal a legitimate application, but it can be employed to hide various objects, malware included.
First 4 Internet Ltd. Company, Fortium Technologies Ltd. Description
First 4 Internet Ltd. is a British company that changed its name to Fortium Technologies Ltd in 2006. Fortium Technologies is best known as the publisher of Extended Copy Protection (XCP).
XCP is a software package that fits the description of a copy protection or digital rights management (DRM) scheme for Compact Discs (CDs). Sony BMG used the DRM on some of its CDs. The software was later dubbed the Sony rootkit due to the scandal that emerged in 2005.
First4DRM, SecurityRisk.First4DRM Threat Evaluation
According to security research, the First4DRM rootkit affects the following systems:
→Windows 2000, Windows NT, Windows Server 2003 or Windows XP
Despite the fact that First4DRM was published as legitimate software, it has brought a lot of scandalous attention. Because of the ways it is distributed onto user computers, First4DRM has been accepted as malicious by both users and security specialists.
In a nutshell, the rootkit is installed by anti-piracy protection software bundled with numerous audio CDs published by Sony BMG. Its purpose is to hide the files and entries that come with the anti-copy system in question. The problem is some malware pieces can take advantage of the rootkit and its capability to hide and remain unnoticed. Hence, many anti-malware solutions and independent researchers have concluded that the impact of the rootkit is quite massive.
How Can I Remove First4DRM from my PC?
The good news is the so-called Sony rootkit can be deleted manually from the PC by deleting the following registry entry:
The file aries.sys will have to be removed, as well as these two directories:
Once this is done, consider performing a full system scan to make sure that your PC is running faultlessly and malware-free.
Finally, we would also like to remind you what a rootkit is in the context of malware. A rootkit is a collection of malicious software developed to grant access to computers or parts of their software. Such access is usually not allowed, especially to unauthorized users. Once the rootkit is on the system, it will hide its existence and the residence of malevolent progtams.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter