Remove SecurityRisk.First4DRM, Sony Rootkit - How to, Technology and PC Security Forum |

Remove SecurityRisk.First4DRM, Sony Rootkit

Short DescriptionCreated to hide processes, files, folders, and registry subkeys that begin with the $sys$ string.
SymptomsThe processes, files, folders, subkeys beginning with $sys$, are hidden.
Distribution MethodCertain Sony CDs bundled with anti-piracy protection software.
Detection toolDownload SpyHunter, to See If Your System Has Been Affected By SecurityRisk.First4DRM

First4DRM, also known as SecurityRisk.First4DRM is an online threat classified as a rootkit. It was first published back in 2007 by First 4 Internet Ltd., but apparently has been exploited for malicious intentions.The rootkit is designed to hide particular processes, files, folders, and registry subkeys that begin with the $sys$ string. The rootkit was originally designed to conceal a legitimate application, but it can be employed to hide various objects, malware included.

First 4 Internet Ltd. Company, Fortium Technologies Ltd. Description

First 4 Internet Ltd. is a British company that changed its name to Fortium Technologies Ltd in 2006. Fortium Technologies is best known as the publisher of Extended Copy Protection (XCP).
XCP is a software package that fits the description of a copy protection or digital rights management (DRM) scheme for Compact Discs (CDs). Sony BMG used the DRM on some of its CDs. The software was later dubbed the Sony rootkit due to the scandal that emerged in 2005.

First4DRM, SecurityRisk.First4DRM Threat Evaluation

According to security research, the First4DRM rootkit affects the following systems:

→Windows 2000, Windows NT, Windows Server 2003 or Windows XP

Despite the fact that First4DRM was published as legitimate software, it has brought a lot of scandalous attention. Because of the ways it is distributed onto user computers, First4DRM has been accepted as malicious by both users and security specialists.

In a nutshell, the rootkit is installed by anti-piracy protection software bundled with numerous audio CDs published by Sony BMG. Its purpose is to hide the files and entries that come with the anti-copy system in question. The problem is some malware pieces can take advantage of the rootkit and its capability to hide and remain unnoticed. Hence, many anti-malware solutions and independent researchers have concluded that the impact of the rootkit is quite massive.

More Sony-related Security News

How Can I Remove First4DRM from my PC?

The good news is the so-called Sony rootkit can be deleted manually from the PC by deleting the following registry entry:

→CODE HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices$sys$aries

The file aries.sys will have to be removed, as well as these two directories:





Once this is done, consider performing a full system scan to make sure that your PC is running faultlessly and malware-free.

Finally, we would also like to remind you what a rootkit is in the context of malware. A rootkit is a collection of malicious software developed to grant access to computers or parts of their software. Such access is usually not allowed, especially to unauthorized users. Once the rootkit is on the system, it will hide its existence and the residence of malevolent progtams.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share