Rootkit removal

[Krynn72]

Thanks to the Bioshock demo, I have some secuRom rootkit BS. But I dont know if I should remove it, because there is a warning on it. What negative effects will happen if i do?

Also, whats this other stuff?

 

[kineaesth]

I don't know, but I LOVE your signature.

Sorry.

 

[Krynn72]

Oh... well... Thanks!

 

[Asus]

You can remove it. Not sure what effects it will have but part of the removal is uninstalling the game.

And I think it's up for debate whether it is actually a rootkit or just DRM protection.
(And yes I know you are using a program that detects 'rootkits'.)

In the case of Bioshock, according to the official 2K Games FAQ, "The only data collected is the serial being used for activation, the IP address used for activation, an identifier for the software being activated, and the hash of the machine ID. The ID cannot be read by any other system or operator. Its only purpose is for comparing future activations on a particular serial." Additionally, they later go on to mention that it "does place a folder and registry keys on your system. These folders are used only for storage of license information and information to assist with disc authentication. Please do not modify or delete these files. Tampering with these files may result in authentication issues."

 

[Krynn72]

If thats true, why would they include it in the demo then?

 

[Asus]

If thats true, why would they include it in the demo then?

Why would they include a rootkit? Neither makes much sense. My guess is that they just didn't remove the registry entries and stuff that get installed when they made the demo.

FYI The quoted part has info on what would probably happen if you try to remove it but still have the game installed.

 

[Krynn72]

I dont have the game yet, just the demo. So im not too worried about what would happen with that, but rather if anything besides the game would be affected. I doubt it, but I figured i'd ask. I guess I just fell prey to their "CAUTION!" warning that they put in to make people hesitate.

 

[-Psy-]

I don't see the problem with this SecuROM. It hasn't affected my PC or game whatsoever. What's the big deal?

 

[Nabobalis]

From what I have read it is not a rootkit.

 

[Kyorisu]

False positive on Securom it's all crap imo.

 

[Laivasse]

I swear the SecuROM reg must do more than just identify against the serial or whatever - using software like Process Explorer also causes SecuROM to block any running of Bioshock, requiring you to reboot. This could be contained within the exe though. Who knows, shitty slyware...

 

[Asus]

I swear the SecuROM reg must do more than just identify against the serial or whatever - using software like Process Explorer also causes SecuROM to block any running of Bioshock, requiring you to reboot. This could be contained within the exe though. Who knows, shitty slyware...

Couldn't that be explained by it being DRM?

 

[Laivasse]

Couldn't that be explained by it being DRM?

Yes, I'm just saying that if it's looking for certain blacklisted programs on your computer then it's not just crossreferencing serials, etc. as they claim. Of course this is not necessarily a function of the reg entry which is flagging up on everyone's rootkit detection software.

edit: caught this post, which appears to explain a bit more about what it does, in some comments somewhere -

SecuROM also installs a context-menu handler (cmdlineext.dll) to explorer.exe, which is another technique for malware to hide itself. And it doesn't seem to come with an uninstaller. And it snoops around for Process Explorer files.

Until there's a complete analysis of what SecuROM does, I wouldn't make a call either way.