XCP DRM Software Detection
Medium Nessus Plugin ID 20212
SynopsisThe remote Windows host has a rootkit installed on it.
DescriptionFirst 4 Internet's Extended Copy Protection (XCP) digital rights management software is installed on the remote Windows host. While it is not malicious per se, the software hides files, processes, and registry keys / values from ordinary inspection, which has been exploited by several viruses to hide from antivirus software.
SolutionOn the affected host, run the DOS command 'cmd /k sc delete $sys$aries' to deactivate the software and reboot.