Detections
Analytics

XCP DRM Software Detection

medium Nessus Plugin ID 20212

Language:

Synopsis

The remote Windows host has a rootkit installed on it.

Description

First 4 Internet's Extended Copy Protection (XCP) digital rights management software is installed on the remote Windows host. While it is not malicious per se, the software hides files, processes, and registry keys / values from ordinary inspection, which has been exploited by several viruses to hide from antivirus software.

Solution

On the affected host, run the DOS command 'cmd /k sc delete $sys$aries' to deactivate the software and reboot.

See Also

http://www.nessus.org/u?98ebd71b

http://www.nessus.org/u?db65f981

https://www.sophos.com/en-us/press-office/press-releases/2005/11/stinxe.aspx

Plugin Details

Severity: Medium

ID: 20212

File Name: xcp_drm_installed.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 11/16/2005

Updated: 2/1/2022

Asset Inventory: true

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:first4internet_xcp_drm:first4internet_xcp_drm

Required KB Items: SMB/Registry/Enumerated, SMB/svcs