First4DRM
First4DRM is a rootkit, which cloaks any running processes, files, directories and registry keys that begin with the $sys$ string. It prevents installed softwares and computer tools from accessing hidden objects, so that only specific processes beginning with the same $sys$ string can access them. The rooktit is a part of XCP Content Manager, which is the legitimate software used to protect digital media from unauthorized duplication, publishing, etc. This software is distributed on some Sony BMG DRM-protected music CDs. Once the user inserts such a disc into the PC's CD or DVD drive, XCP secretly installs Firt4DRM to the computer. It does it without the user's knowledge and explicit consent. Although First4DRM is not an actual malware, it behaves as a spyware, can be easily used to hide real risks and therefore is classified as a malicious unsolicited application. It automatically runs as a service on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 aries.sys
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices$sys$aries
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.