Reviews:
 ·Verizon Online DSL
| reply to sonybmg
Re: Handyperson's guide to removal of SONY ROOTKIT Based upon your challenge to *MY* honor with your post, I made it a point to test and examine your claim as to this "removal tool's functionality" and as a result, I am *compelled* by your comments to reply. I am greatly dishonored. 
We took a pristine "lab rat" and installed the Van Zant album, "Get right with the man" once again. After installation was completed, we then applied the "complete removal" tool liked to in YOUR reply. And, after applying our own internal BOClean monitoring lab tools, we then followed the instructions to reboot.
IMMEDIATELY upon a reboot, after your "program" had completed its "removal" of the rootkit (we did not bother to opt for "removal of the cloaking" but rather opted for COMPLETE removal as claimed) BOClean INSTANTLY detected the existence of "SONYXCP" TROJAN (CDPROXYSERV.EXE) as SOON as the machine was rebooted, purportedly following COMPLETE removal. Repeated second detection occurred, whereupon it was removed.
*ALL* of the other files detected by BOClean remained, as well as ALL of the registry entries described in my written "Handyperson's guide to removal of SONY rootkit" REMAIN valid, and the alleged "removal" program offered by SONY/BMG is an absolute *LIE* ... your "removal tool" *FAILS* to remove the offending trojan.
For those who have our software, the reality remains that any claims that the official SONY removal tool is preferable to the use of BOClean or the manual removal steps we outlined, PARTICULARLY our insistence that if you are uncomfortable with registry editing, to LEAVE the "$sys$crater" and "$sys$cor" entries alone as they have no meaning unless your rootkit remains functional are *BOGUS* with respect to this so-called "removal tool."
It DOES NOT remove your rootkit, in fact it leaves it *COMPLETELY* operable.
BOClean HAS (since the summer of 2004) defeated this madness and defecation on people's computers. We are not ABOUT to remove detection and defeating of your trojan, particularly after this "dishonor" to my former employer's spirit.
PERMISSION GRANTED to post this to other sites regarding this nonsense.
--
Kevin McAleavey support@nsclean.com (Makers of BOClean - BOClean means never having to do an HJT log again)»www.nsclean.com |
|
 jbobReach Out and Touch SomeonePremium
join:2004-04-26
Little Rock, AR
1 edit | said by K McAleavey:BOClean HAS (since the summer of 2004) defeated this madness and defecation on people's computers. We are not ABOUT to remove detection and defeating of your trojan, particularly after this "dishonor" to my former employer's spirit. PERMISSION GRANTED to post this to other sites regarding this nonsense. What's up with the removal of detection and defeating remark?
Whoops just noticed I misread the statement. I thought it said ABOUT to remove. I missed the NOT! Whew. I'm relieved. |
|
 WFOPremium
join:2001-08-27
San Ramon, CA | reply to K McAleavey
Thanks Kevin! I was waiting for you or Mark to test the new removal tool and you confirmed my suspicions.  |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
·Verizon Online DSL
| reply to K McAleavey
I sure hope sonybmg  comes back here to discuss your findings in technical detail!
On the other hand, he's sure looking a lot like a drive-by poster... |
|
|
|
| said by dave:On the other hand, he's sure looking a lot like a drive-by poster... Yep, same canned response by a new member Sony BMG posted in a lot of other Security Forums last night.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
 mers2Premium,MVM
join:2004-03-20
USA
kudos:8 | said by CalamityJane:said by dave:On the other hand, he's sure looking a lot like a drive-by poster... Yep, same canned response by a new member Sony BMG posted in a lot of other Security Forums last night. Doesn't exactly help their blackened tarnished image does it? They don't have any feet left to shoot...
--
God put me on this Earth to accomplish a certain number of things. Right now, I am so far behind I will never die. |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| reply to dave
This user has apparently been on the site - last on 13h34m as of this typing. My assumption will be that the user is
1) Somehow authorized by the company
2) Unable or unwilling to satisfactorily address the concerns of this security and IT community.
Or,
3) Troll poster.
I lean toward believing 1) and 2) - in that case, it only tends to reinforce my doubts about this company and the quality and reliability of its products. I have other vendors I trust more and who I feel are better suited to provide my goods and services.
On the bright side, their products have provided me with some paid work. 
--
In Memoriam -NRK 1 FEB 1918 - 6 NOV 2005B-17 pilot -50 missions over Europe and North Africa - 347th Squadron, 99th Bomb Group - Husband, Father, Grandfather, Great Grandfather, friend --- A knight and gentleman gone to peace |
|
 salzanExperienced OptimistPremium
join:2004-01-08
WA State | said by EGeezer:This user has apparently been on the site - last on 13h34m as of this typing. My assumption will be that the user is 1) Somehow authorized by the company 2) Unable or unwilling to satisfactorily address the concerns of this security and IT community. Or, 3) Troll poster. I lean toward believing 1) and 2) IMO, Poster is an underpaid person (or persons) that has been given the task of spreading the "word" to all google responses to the search for "Sony Rootkit". This person has no answers. If anybody responds to questions regarding this thread, it will be another underpaid staffer with a new canned message. |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
·Verizon FiOS
·Verizon Online DSL
| reply to EGeezer
said by EGeezer:This user has apparently been on the site - last on 13h34m as of this typing. One visit only, according to the member info. Which is to say, the only visit they made here was the visit in which they posted their drivel in this thread. |
|
1 edit | reply to salzan
said by salzan :
IMO, Poster is an underpaid person (or persons) that has been given the task of spreading the "word" to all google responses to the search for "Sony Rootkit". This person has no answers. If anybody responds to questions regarding this thread, it will be another underpaid staffer with a new canned message. I understand what you mean, but submit that anyone who is paid _anything_ is _overpaid_ by at least as much as they receive, for participating in the creation, dissemination, propagation and/or placing in a positive light,_any_ such marketing/PR prestidigitation (in other words, _lies_ of varying degrees), be it at the level of high-power, war-chest backed professional information/damage control and management "team leaders" like John Rendon or Victoria Clark (under what ever rock she presently habituates), or professional mouthpieces like S. McClellan, A. Fleischer, J. Lockhart, D. Myers, R. Ziegler, L. Speakes, or mouthpiece-stenographer-hacks like J. Miller/NYT, B. Woodward/Wash Post, Wolf Blitzer/CNN, or way down here, or on a bathroom stall wall for some swag...
There should be little doubt that SONY/BMG quickly (though not quick enough) hired a high-powered, well-connected "damage control" team. Text, along with IP and browser agent data comparisons can sometimes be illuminating in such situations, for those with access to such data.
--
How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach |
|
