Yahoo anti-spyware will not detect rootkits, only tracking cookies. AVG anti-rootkit will detect rootkits.



What Sony site did you go to? Did it do an online scan for rootkits?



Here's info on XCP.Sony.Rootkit.

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453096362

http://en.wikipedia.org/wiki/Extended_Copy_Protection

It is apparently Sony's Extended Copy Protection, their version of DRM--copy protection

http://www.google.com/search?hl=en&q=XCP.Sony.Rootkit&btnG=Google+Search

.

2

This is my Rootkit BLOCKING process. When you understand how Rootkits work, you can prevent them from re-emerging every time you boot.



- - -



The first question is, how do you know you have Hacktool?



Most rootkits are stealthy; they only get active when you access a secured website such as online banking. Then, surreptitiously, they transmit you login ID and password to someplace like Russia. Goodbye bank account.



If you think you have a rootkit AND if you used the internet recently to access secure websites, then examine your HISTORY.



For IE, click the icon which looks like a sundial. For other browsers try Ctrl-H.



When you roll your mouse cursor over a history link, you should see the complete path. A path could even show the URL for the secure website, your login ID, and your password, all embedded in one big link.



Copy the offending link. Use Tools > Internet Options > Security > Restricted Sites to block access to that web address.



Notify your banks or credit cards that your security has been hacked and CHANGE YOUR PASSWORDS.



I developed my own rootkit blocking system.



The problem is that you kill it, then it reappears everytime you boot. You can never completely kill it.



I'll break it down.

1) Whenever a virus emerges, it creates specific files, usually in the Windows\System32 directory but they could be in several places.

2) Run a program like Spybot. Carefully log the complete file name and path of the files that Spybot removes.

3) CREATE A FAKE FILE TO OCCUPY THE EXACT LOCATION OF EACH INFECTED FILE. Take a word processor such as notepad. To illustrate, make a file called FakeFile.txt with a line of text like "This is my rootkit blocking system".

4) Copy the Fakefile to each subdirectory where the infected file was located. Example: c:\Windows\System32\Fakefile.t...

5) Make as many copies of Fakefile.txt as you need.

6) RENAME each Fakefile.txt to the exact name of the infected file. Example: Rename Filefile.txt to BadVirus.exe .

7) Change the properties to Read Only.



You may need to unlock the infected file before you can delete, rename, etc. I use a shareware program called Unlocker.



http://www.softpedia.com/get/system/syst...



You may have better results by Safe Booting, I prefer Unlocker.



Why does this system work? Because most rootkits create the same file names in the same locations, over and over.

When they see an existing file, they don't think to write over it or create an alternate file name



Simple and effective, BUT you may need to go one step farther. Find a program called HijackThis and find a website that will analyze the HijackThis log.



You post the log. They tell you how to fix the problem. You may have to remove registry keys.



Here's a simple tip for using my blocking system. Rename the fakefile using a distinctive combination of upper and lower case characters. Your blocking version might be named bAdViRUS.eXE . That way, you will know it's yours and not the original.



Good luck.

- CarlD

Sony is famous for this rootkit. People have written articles on it & wondered why they decided to use a root kit. But, It may be that AVG deemed it safe & skips it.

Hello Boogsnana,



After doing ONE google seach, guess what I found.. nothing that any of these other above mentioned.

You might want to take a look at these links and see if you have this software, if so, I'd suggest that you follow these instructions and see if that helps.

http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453096362



Also get rid of yahoo anything (toolbar, anti whatever) this is nothing but garbage itself and has no real meaning of protection.



Also take a look here:

http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx



Hope this helps and works for you.

Yahoo Anti-spy is famous for false-positives detections and should not be trusted. Use one of these for a 2nd (3rd) opinion:



Download and scan your machine with one of these GOOD anti-spyware /anti-adware programs.



SUPERAntiSpyware:

http://www.superantispyware.com/



A-Squared:

http://www.emsisoft.com/en/software/free/



Ewido (Now called AVG Anti-Spyware) do not download AVG anti-virus.

http://www.ewido.net/en/download/



Good luck.

Dont have faith the superantispyware and commodo. they could incorporate secret agent ware the place you get carry of them from. this is a style of redirect secret agent ware and that i hate those. run secret agent ware and adaware only. get rid of that yahoo toolbar. It sucks! you may could desire to attempt different techniques of removing it if those dont paintings. specific styles of Vundo viruses are little boogers to get rid of. you may desire to continuously fix your device too. stable good fortune!

from the start menu go to run and type "regedit" (without the quotation..



go directly to the files that has shown HKEY_LOCAL_MACHINE........

and delete the exact registry that has shown from your scan...