Talk:Sony DRM Rootkit
From Free Knowledge Base- The DUCK Project: information for everyone
Manual Removal
- Must be done from the administrator - Full Control account
- Open an MS-DOS prompt and navigate to the path c:\windows\system32\$sys$filesystem
- Delete the ARIES.SYS file in the $sys$filesystem directory and reboot the system
- Open REGEDT32 (not regedit) and right click on the HKEY_LOCAL_MACHINE hive and select PERMISSIONS from the dropdown menu.
- Click on "everyone" and make sure that FULL CONTROL is checked
- Use FIND (Control-F) to locate anything that matches "$sys$"
- First things you'll encounter are under the HKEY_LOCAL_MACHINE files, under the SOFTWARE key, delete them (see below)
- $sys$reference
- ECDDiskProducers
- SONYBMG