XCP Malware was a failed attempt by Sony Music Corp to control what you did with music purchased from their artists. Because of this and several other factors, Sony products have been removed from our product testing page. After a long process of promoting, educating and cleaning machines from malware, we have been left with no other choice. The internet was just starting to become a "little" cleaner and safer, and what does this company do: THEY HIRE A MALWARE COMPANY AND HIDE IT ON MUSIC CD's! Can you believe they would even try something like this? I can't! I really could not! Thanks to a true malware fighter, Mark Russinovich, we are getting to the bottom of this very serious problem.
As part of the work by the CAAM Commitee, we have included several points of contact on the Sony Music Company. Please use the "action letter" by using your copy and paste tools and visiting the website we have listed. By you spending one minute today, you will allow your voice to be heard and prevent this kind of abuse in the future. After all, they have not/will not say the words "we will never again use malware on our customers again!"
Until we get big business to walk the walk with us, we are all targets. Help us put a stop to this today!
__________________________________________________________________
CAAM ACTION LETTER ~ CAAM ACTION LETTER ~ CAAM ACTION LETTER
Consumers Active Against Malware
Please be advised that adware, spyware, pop-ups and all other forms of malware is no longer accepted by the internet community. You have abused the trust of the consumer by adding the XCP malware to the cd's we PURCHASE from you. I will not by products from you that includes malware or any other form of SPYING SOFTWARE.
As a surfer and shopper, I refuse to do business with companies that use these tactics on their customers. Your company will suffer financial loss by including malware with your products. I have a choice in who I do business with, and so do you.
CAAM Member and Supporter
CAAM ACTION LETTER ~ CAAM ACTION LETTER ~ CAAM ACTION LETTER
__________________________________________________________________
Website contact: Click here! This will take you to their 'E-Z form' at the Sony website. Copy the CAAM Action Letter above then visit the website and paste it into the form field. And if possible, write letters to the two addresses below. You can print the CAAM Action letter and send that as well. Send them a fax and make a call too!
Postal Mail: USA Sony Corporation of
America
Investor Relations
550 Madison Avenue, 27th Floor,
New York, NY 10022-3211
Postal Mail: Sony Music Online
Services
550 Madison Ave, 24th Fl
New York, NY 10022-3211
Telephone: 1-800-556-3411 - U.S. and Canada
1-402-573-9867 - International
Facsimile: 1-212-833-6938
For a complete list of the cd's infected with this Rootkit/malware, please visit here.
Here is the results from installing the player and running the cd on my work machine.
Step 1 ~ Purchasing the infected disc.
11/07/2005 ~ I was wanting some new music and thought I would check out the BMG/Sony website. After much time looking through the listings, I decided on a few titles and waited for them to arrive. After a few days, I forgot about ordering anything and went about my normal computer work, cleaning malware from infected machines.
11/09/2005 ~ While I was checking out the new post over at a forum I work in, I saw a post about a "new threat" being passed around by a music cd. This was very interesting to me as a computer security consultant. One of the links provided brought me to the sysinternals blog and was very surprised!
I thought I was reading something wrong here. But, it was all true. I spent some time reading what was happening, so I would be informed of the ways to help my visitors clean their machines of this new malware. One of the things that surprised me was the fact that this was a standard Rootkit, which anyone in the computer world knows are BAD NEWS. Could Sony do something like this? Would they risk their reputation with computer experts that shun any use of malware?
Well, they did.
And then they did nothing to inform consumers of this while installing the music cd into their machines. Who would have guessed that playing a simple music cd from a trusted source, would break your machine?
Most would not.
I spent a lot of time on this malware discovery and then after a seven or eight days, I went on with my work. Every so often, I would check out the information on it and was seeing some stories on my local news channels. Then I read from Sony that they were pulling the inventory of the infected cd's and that the new ones would be Rootkit free and that they had a tool for removing the malware item. I was glad to hear this from them.
Some more time went by and I started hearing about this new removal tool at the Sony website causing more security problems and that it was difficult to use. Now I was even more upset with them.
Some more time went by and I thought the cds were at least off the market and that new cds were being shipped to replace the infected ones.
11/24/2005 ~ I stopped by the post office and my cds arrived! I was happy to have some new music to listen to, while working. I had a lot of work to do at work, so I brought two or three with me and started playing them. Things were fine, until I came across the Van Zant cd that was discovered by Mark Russinovich. I went to several the sony website and it said that they had pulled the infected cds from the stores and their inventory. I went ahead and put the cd into my work machine.
Step 2 ~ Starting the cd
EULA ~ FULYA
I have read hundreds. if not thousands of EULA's in my time. They can be quite boring and long, but very important. This is the contract I am entering into with the company that made the software on the disc I am using. I feel that I need to read them all, so I will understand what they are giving me. And this is where I find myself getting more upset. Their Eula did not say they were installing an Rootkit onto my machine. And I soon realized that if someone like me, who works in the computer security industry, could get tricked, what about the average consumer! Here is the exact information that came up on the machine:
IMPORTANT-READ CAREFULLY: This compact disc (“CD”) product
contains standard so-called “Red Book”-compliant audio files that
can be played on any standard CD player, including those contained
in many personal home computer systems. As an added feature, this
compact disc (“CD”) product also enables you to convert these audio
files into digital music files and/or may also contain other already
existing digital content (such files and content, collectively, the
“DIGITAL CONTENT”), any of which may be stored on the hard drive of
a personal home computer system owned by you (“YOUR COMPUTER”) and
accessed via YOUR COMPUTER or certain approved, compatible portable
devices owned by you (each, an “APPROVED PORTABLE DEVICE”).
Before you can play the audio files on YOUR COMPUTER or create
and/or transfer the DIGITAL CONTENT to YOUR COMPUTER, you will need
to review and agree to be bound by an end user license agreement or
“EULA”, the terms and conditions of which are set forth below. Once
you have read these terms and conditions, you will be asked whether
or not you agree to be bound by them. Click “AGREE” if you agree to
be bound. Click “DISAGREE” if you do not agree to be bound. Please
keep in mind, however, that if you do not agree to be bound by these
terms and conditions, you will not be able to utilize the audio
files or the DIGITAL CONTENT on YOUR COMPUTER.
As soon as you have agreed to be bound by the terms and conditions
of the EULA, this CD will automatically install a small proprietary
software program (the “SOFTWARE”) onto YOUR COMPUTER. The SOFTWARE
is intended to protect the audio files embodied on the CD, and it
may also facilitate your use of the DIGITAL CONTENT. Once installed,
the SOFTWARE will reside on YOUR COMPUTER until removed or deleted.
However, the SOFTWARE will not be used at any time to collect any
personal information from you, whether stored on YOUR COMPUTER or
otherwise.
Once the SOFTWARE has been installed on YOUR COMPUTER, a menu will
then appear on the screen of YOUR COMPUTER, giving you the option of
playing the audio files on YOUR COMPUTER, creating a copy of the
DIGITAL CONTENT directly onto the hard drive of YOUR COMPUTER, or
making a limited number of back-up copies of the CD onto other,
recordable CDs. If you choose to create a copy of the DIGITAL
CONTENT, the menu will then prompt you to select a file format for
the DIGITAL CONTENT. Once you have selected a file format, a copy of
the DIGITAL CONTENT will automatically be created in that file
format and transferred onto the hard drive of YOUR COMPUTER, where
you will be able to access it using an APPROVED MEDIA PLAYER (see
below) or, at you election, transfer it from YOUR COMPUTER onto an
APPROVED PORTABLE DEVICE.
In order to access the DIGITAL CONTENT on YOUR COMPUTER, you will
need to have a copy of an approved media player software program
that is capable of playing the DIGITAL CONTENT in the file format
you selected (each such approved media player, an “APPROVED MEDIA
PLAYER”) on YOUR COMPUTER. You may already have a copy of an
APPROVED MEDIA PLAYER on YOUR COMPUTER. If you do, you will be able
to play the DIGITAL CONTENT on YOUR COMPUTER without doing anything
further. This CD may also contain an APPROVED MEDIA PLAYER for the
file format you selected. If it does, the menu that appears on the
screen of YOUR COMPUTER will prompt you on how to transfer a copy of
that APPROVED MEDIA PLAYER onto YOUR COMPUTER. To the extent you
utilize an APPROVED MEDIA PLAYER contained on this CD, your use of
such APPROVED MEDIA PLAYER may be subject, in each instance, to
separate terms and conditions provided by the owner of the APPROVED
MEDIA PLAYER concerned. If you do not already have a copy of an
APPROVED MEDIA PLAYER on YOUR COMPUTER, and if this CD does not
contain a compatible APPROVED MEDIA PLAYER, then you will then need
to secure a compatible APPROVED MEDIA PLAYER elsewhere (e.g., on an
Internet website, where you can download one).
END-USER LICENSE AGREEMENT
This End-User License Agreement (“EULA”) is a legal agreement
between you and SONY BMG MUSIC ENTERTAINMENT (“SONY BMG”), a general
partnership established under Delaware law. By clicking on the
“AGREE” button below, you will indicate your acceptance of these
terms and conditions, at which point this EULA will become a legally
binding agreement between you and SONY BMG.
Article 1. GRANT OF LICENSE
1. Subject to your agreement to the terms and conditions set forth
in this EULA, SONY BMG grants to you a personal, non-exclusive and
non-transferable license, with no right to grant sublicenses, to:
(a) install one (1) copy of SOFTWARE onto the hard drive of YOUR
COMPUTER, solely in machine-executable form;
(b) install one (1) copy of any APPROVED MEDIA PLAYER(S) contained
on this CD onto the hard drive of YOUR COMPUTER, solely in
machine-executable form;
(c) use the SOFTWARE and any APPROVED MEDIA PLAYER(S) contained on
this CD to access the DIGITAL CONTENT on YOUR COMPUTER or on an
APPROVED PORTABLE DEVICE;
in each instance, solely for your own personal and private use and
not for any other purpose (including, without limitation, any act of
electronic or physical distribution, making available, performance
or broadcast, or any act for profit or other commercial purpose) and
in accordance with the terms and conditions set forth in this EULA.
2. The DIGITAL CONTENT and the SOFTWARE contained on this CD are
sometimes referred to herein, collectively, as the “LICENSED
MATERIALS”.
Article 2. PRODUCT FEATURES
1. This CD contains technology that is designed to prevent users
from making certain, unauthorized uses of the DIGITAL CONTENT,
including, without limitation, the following:
(1) making and storing more than one (1) copy of the DIGITAL CONTENT
in each available file format on the hard drive of YOUR COMPUTER;
(2) accessing the DIGITAL CONTENT on YOUR COMPUTER (once you have
installed a copy of it on the hard drive of YOUR COMPUTER) using a
media player that is not an APPROVED MEDIA PLAYER;
(3) transferring copies of the DIGITAL CONTENT that reside on the
hard drive of YOUR COMPUTER on to portable devices that are not
APPROVED PORTABLE DEVICES;
(4) burning more than three (3) copies of the DIGITAL CONTENT stored
on YOUR COMPUTER (ATRAC OpenMG file format only) onto AtracCDs;
(5) burning more than three (3) copies of the DIGITAL CONTENT onto
recordable compact discs in the so-called “Red Book”-compliant audio
file format; and
(6) burning more than three (3) backup copies of this CD (using the
burning application provided on the CD) onto recordable CDs and
burning or otherwise making additional copies from the resulting
backup copies.
2. PLEASE NOTE: Your use of the DIGITAL CONTENT and the other
LICENSED MATERIALS may be subject to additional restrictions, under
applicable copyright and other laws, that are not enforced or
prescribed by any technology contained on this CD. The absence of
any such technology designed to enforce these additional
restrictions should in no way be viewed or interpreted as a waiver,
on the part of SONY BMG or any other person or entity owning any
rights in any of the LICENSED MATERIALS, of their respective rights
to enforce any such additional restrictions regarding your use of
the LICENSED MATERIALS. Your use of the DIGITAL CONTENT and the
other LICENSED MATERIALS shall, at all times, remain subject to any
and all applicable laws governing the use of such materials,
including, without limitation, any restrictions on your use
prescribed therein.
3. All of your rights to enjoy the DIGITAL CONTENT, as described
herein, shall be subject to your continued ownership of all rights
in and to the physical CD on which such DIGITAL CONTENT is embodied;
should you transfer your ownership rights in the physical CD on
which such DIGITAL CONTENT is embodied (in whole or in part) to any
other person (whether by sale, gift or otherwise), your rights in
both the physical CD and such DIGITAL CONTENT shall terminate.
Article 3. RESTRICTIONS ON USE OF LICENSED MATERIALS
1. Except to the extent otherwise expressly permitted hereunder or
otherwise by the owner of the relevant rights in or to the LICENSED
MATERIALS concerned, and without limitation, the following
restrictions shall apply to your use of the LICENSED MATERIALS:
(a) You may not copy or reproduce any portion of the LICENSED
MATERIALS.
(b) You may not distribute, share through any information network,
transfer, sell, lease or rent any of the LICENSED MATERIALS to any
other person, in whole or in part.
(c) You may not change, alter, modify or create derivative works,
enhancements, extensions or add-ons to any of the LICENSED
MATERIALS.
(d) You may not decompile, reverse engineer or disassemble any of
the LICENSED MATERIALS, in whole or in part.
(e) You may not export the LICENSED MATERIALS outside of the country
where you reside. (This clause 1(e) of Article 3 shall not be
applicable within the European Economic Area (EEA).)
(f) You will at all times comply with, and will not circumvent or
attempt to circumvent, any of the restrictions on use set forth in
this Article 3 or elsewhere in this EULA.
2. In the event that the owner of the LICENSED MATERIALS is a party
other than SONY BMG (each, a “LICENSOR”), you agree that such
LICENSOR shall be a third party beneficiary under this EULA and, as
such, shall have the right to enforce the terms and conditions of
this EULA that pertain directly to such LICENSOR’S rights in and to
the LICENSED MATERIALS concerned as if such LICENSOR was a party to
this EULA. The rights granted to a Licensor under this Article shall
not be revoked.
3. SONY BMG and each LICENSOR reserve the right to use the SOFTWARE
and/or any APPROVED MEDIA PLAYER to enforce their respective rights
in and to the DIGITAL CONTENT, including any and all of the
restrictions on use set forth in this Article 3, at any time,
without notice to you.
Article 4. INTELLECTUAL PROPERTY RIGHTS
All title to, and intellectual property rights in, the LICENSED
MATERIALS and any related documents are and shall remain owned
and/or controlled solely and exclusively by SONY BMG and/or its
LICENSORS. SONY BMG and/or all respective LICENSORS reserve all
rights in the LICENSED MATERIALS not specifically granted to you
under this EULA.
Article 5. EXCLUSION OF WARRANTIES
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOU ARE INSTALLING AND
USING THE LICENSED MATERIALS AT YOUR OWN SOLE RISK. THE LICENSED
MATERIALS ARE PROVIDED “AS IS” AND WITHOUT WARRANTY, TERM OR
CONDITION OF ANY KIND, AND SONY BMG, ITS LICENSORS AND EACH OF THEIR
LICENSEES, AFFILIATES AND AUTHORIZED REPRESENTATIVES (EACH, A “SONY
BMG PARTY”) EXPRESSLY DISCLAIM ALL WARRANTIES, TERMS OR CONDITIONS.
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED
WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY,
NON-INFRINGEMENT AND FITNESS FOR A GENERAL OR PARTICULAR PURPOSE. NO
ORAL, WRITTEN OR ELECTRONIC INFORMATION OR ADVICE GIVEN BY ANY SONY
BMG PARTY SHALL CREATE ANY WARRANTY, TERM OR CONDITION WITH RESPECT
TO THE LICENSED MATERIALS OR OTHERWISE. SHOULD THE LICENSED
MATERIALS PROVE TO BE DEFECTIVE, YOU (AND NOT THE SONY BMG PARTY
CONCERNED) AGREE TO ASSUME THE ENTIRE COST OF ALL NECESSARY
SERVICING, REPAIRS OR CORRECTIONS. SOME JURISDICTIONS DO NOT ALLOW
THE EXCLUSION OF IMPLIED WARRANTIES, TERMS OR CONDITIONS IN CERTAIN
INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE
WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW
SPECIFICALLY MANDATES LIABILITY, DESPITE THE FOREGOING DISCLAIMER,
EXCLUSION AND LIMITATION.
Article 6. LIMITATION OF LIABILITY
NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER
DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING
OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR
CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY
MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL
PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO,
THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES
INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE,
LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED
EQUIPMENT, DOWN TIME AND USER’S TIME), EVEN IF THE SONY BMG PARTY
CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN
ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES,
COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO
FIVE US DOLLARS (US $5.00). SOME JURISDICTIONS DO NOT ALLOW THE
EXCLUSION OR LIMITATION OF DIRECT, INDIRECT, INCIDENTAL OR
CONSEQUENTIAL DAMAGES IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION
MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO
THE EXTENT THAT APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY
DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.
Article 7. DAMAGES ARISING OUT OF YOUR ACTIONS
You shall defend and hold the SONY BMG PARTIES harmless from and
against any and all liabilities, damages, costs, expenses or losses
arising out of your use of the LICENSED MATERIALS, your negligent or
wrongful acts, your violation of any applicable laws or regulations,
and/or your breach of any provision of this EULA.
Article 8. UPDATES TO THE LICENSED MATERIALS
The SONY BMG PARTIES may from time to time provide you with updates
of the SOFTWARE in a manner that the SONY BMG PARTIES deem to be
appropriate. All such updates shall be deemed to be part of the
SOFTWARE for all purposes hereunder. In the event that you fail to
install an update, the SONY BMG PARTIES reserve the right to
terminate the term of this EULA, along with your rights to use the
LICENSED MATERIALS, immediately, without additional notice to you.
The SONY BMG PARTIES shall not be liable for any loss or damage
caused by reason of your failure to install any such update or your
failure to do so in the manner instructed.
Article 9. EXPIRATION AND TERMINATION
1. The rights granted to you hereunder to use the DIGITAL CONTENT
are conditioned upon your continued possession of, and your
continued right under a license from SONY BMG to use, the original
CD product that you purchased. In the event that you no longer
possess or have the right under such license to use the original CD
product, your rights hereunder to use the DIGITAL CONTENT shall
expire immediately, without notice from SONY BMG.
2. Without prejudice to any other rights SONY BMG or any SONY BMG
PARTY may have hereunder, the term of this EULA shall terminate
immediately, without notice from SONY BMG, and all rights you may
have hereunder to use the LICENSED MATERIALS shall be immediately
revoked, in the event that you: (i) fail to comply with any
provision of this EULA, (ii) fail to install an update of the
SOFTWARE that was previously provided to you by the SONY BMG PARTIES
within the time specified, or (iii) file a voluntary petition or are
subject to an involuntary petition under applicable bankruptcy laws,
are declared insolvent, make an assignment for the benefit of
creditors, or are served with a writ of attachment , writ of
execution, garnishment or other legal process pertaining to any of
your assets or property.
3. Upon the expiration or termination of this EULA, you shall
immediately remove all of the LICENSED MATERIALS from your personal
computer system and delete or destroy them, along with any related
documentation (and any copies thereof) that you may have received or
otherwise may possess.
4. Articles 4 (Intellectual Property Rights), 6 (Limitation of
Liability), 7 (Damages Arising Out Of Your Actions), 9 (Expiration
and Termination), 10 (Governing Law and Waiver of Trial By Jury),
and 11 (General) shall survive and remain in full force and effect
following the expiration or termination of this EULA
5. To the extent relevant under applicable law, you and SONY BMG
each agree, for the effectiveness of the termination clauses under
this EULA, to waive any provisions, procedures and operation of any
applicable law that might otherwise require judicial approval or a
court order in order to effect the termination of this EULA.
Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY
1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL
BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE
STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED
ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY
CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS
(STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY
CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER
PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN
THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE
ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO
THE JURISDICTION OF THOSE COURTS.
2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY
IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY
WAY TO THIS EULA OR THE SOFTWARE.
Article 11. GENERAL
If any provision of this EULA is subsequently held to be invalid or
unenforceable by any court or other authority, such invalidity or
unenforceability shall in no way affect the validity or
enforceability of any other provision of this EULA. This EULA shall
be binding upon the parties’ authorized successors and assignees.
Neither party’s waiver of any breach or failure to enforce any of
the provision of this EULA at any time shall in any way affect,
limit or waive such party’s right thereafter to enforce and compel
strict compliance with every other provision. No modification of
this EULA shall be effective unless it is set forth in a writing
signed by SONY BMG.
(ID:239675.18 -- 1/7/2005)
Step 3 ~ Agreeing and installing the player
I agreed to the EULA and installed the music player.
Step 4 ~ Playing the music
Things were going fine, working and listening to my new music. I thought the new music player was fine, but I did not see why the others cds opened in my Windows Media Player an this one had it's own. I started thinking about the Rootkit issue and than put it out of my head, because the bad inventory had been pulled and my cd did not come from a third party, but from them directly.
Step 5 ~ Clicking the help button
I decided that I should take a look around the cd and found this button in the top right hand corner that said "help." This was what I was wanting so I clicked on it. Below is the exact information that came up.
Help Guide
This file contains important information regarding the software on this disc. It is strongly recommended that you read this entire document.
· Minimum System Requirements
· Getting Started
· Copying Music To Your Computer
· Making Copies of This Disc
· Frequently Asked Questions
· Known Issues
· About This Product
· Contact
MINIMUM SYSTEM REQUIREMENTS
To play the audio off the disc, your machine must meet the following requirements
· Windows 98SE, Windows ME, Windows 2000 SP4, Windows XP Home, Windows XP Pro
· Pentium II or higher with Windows 98SE, Windows ME
· Pentium III or higher with Windows 2000 SP4, Windows XP Home, Windows XP Pro
· at least 64MB RAM above recommended OS memory level
· Microsoft DirectX 9.0 or higher recommended for Windows XP, required for all others (download)
To copy secure Windows Media files to your computer, your machine must also have the following:
· at least 60MB free disk space to save audio tracks
· Windows Media Player 9.0 or higher (download)
To make a secure backup copy of this disc, your machine must also have the following:
· a CD-R, CD-RW, or other drive capable of burning CDs
· at least 700MB free disk space
GETTING STARTED
To install the software on this disc, you must have Administrator rights on your computer. If you do not have Administrator rights, log out of your account and log in as an Administrator.
When you insert the disc into your computer, a player should automatically launch. This player allows you to listen to the music on the CD, copy the tracks to your hard drive, and make a limited number of backup copies of the audio on the disc.
If the player does not launch automatically, then follow these steps to launch the player manually.
Double click on the 'My Computer' icon on your desktop
Inside the 'My Computer' window, double click on the icon for your CD-ROM drive
Once you see the list of files on the disc, double click on the file named 'AUTORUN.EXE'.
COPYING MUSIC TO YOUR COMPUTER
You must use the software provided on this disc to copy the tracks to your computer. If you try to use your normal media player (RealPlayer, iTunes, Windows Media Player, MusicMatch) to copy the tracks to your computer, then the audio will sound distorted.
To copy tracks to your computer, click this
icon
To copy tracks to your computer in the secure Windows Media format, you must have Windows Media 9 or higher installed on your computer. If you do not have Windows Media 9 installed, you can download it directly from Microsoft. Additionally, if you are running a version of Windows older than Windows XP, then you must also have DirectX 9 installed. You can download DirectX 9 directly from Microsoft.
To copy tracks to your computer in the OpenMG format for use with Sony portable devices, you must use the "MUSIC PLAYER" software provided on this disc. This application will be installed the first time you try to copy the OpenMG tracks to your computer. If the "MUSIC PLAYER" installer does not automatically launch, then follow these steps to launch the "MUSIC PLAYER" installer manually.
Double click on the 'My Computer' icon on your desktop
Inside the 'My Computer' window, double click on the icon for your CD-ROM drive
Once you see the list of files on the disc, double click on the folder named 'BIN'.
Once you see the list of files in the 'BIN' folder, double click on the folder named 'WIN32'.
Once you see the list of files in the 'WIN32' folder, double click on the file named 'MQSETUP.EXE'.
If you have problems or experience difficulty with any of these functions, please visit our website, http://www.contentprotectedmusic.com/ for more information.
MAKING COPIES OF THIS DISC
To make a backup copy of the audio on this
disc, click this icon
inside
the player. Your computer must have a CD burner in order for this
function to work. The software on this disc limits you to three
backup copies of this disc. The resulting burned copy allows you to
play the CD on all standard devices and computers, however, the
ability to make additional copies and transfer files to the computer
is disabled on copied discs.
FREQUENTLY ASKED QUESTIONS
I tried playing the disc through my normal
media player and the music sounds choppy. Why?
In order to listen to the music on this disc, or to copy the
tracks from this disc to your computer, you must use the software
provided on this disc. To launch the software on this disc, follow
the directions listed in "Getting Started."
I insert the CD and nothing happens. What do
I do?
If the player on the disc does not start automatically, then follow
the directions listed in "Getting Started" to launch the player.
The audio looks like it's playing, but I
don't hear anything?
Make sure that your speakers are plugged in, and that your system
volume is not muted. You can check these settings by double clicking
on the speaker icon in the bottom right corner of your screen, next
to the system clock.
Can I use my own CD burning software to make
a backup copy of this disc?
Currently, the only way to make a legitimate copy of this disc is to
use the software provided on this disc.
I cannot install the "MUSIC PLAYER" player.
On some Windows configurations, you must have Power User or
Administrator access in order to install the "MUSIC PLAYER" player.
Try logging into Windows as Administrator, and then running the
"MUSIC PLAYER" installer.
back to top
OPENMG FORMAT KNOWN ISSUES
Using "MUSIC PLAYER" with OpenMG Jukebox and
SonicStage
"MUSIC PLAYER" is not compatible with the following versions of
the OpenMG Jukebox software.
· OpenMG Jukebox Software Version 2.2 (and lower)
· SonicStage Version 1.0.06 (and lower)
To ensure complete compatibility, you should download the latest version of this software from the "MUSIC PLAYER" website at http://www.openmg.com/MUSIC_PLAYER.
Using Windows 2000 Professional, Windows XP
Professional, or Windows XP Home Edition
To install this software, you must log on as a user with
Administrator or Power User rights. A user without these privileges
cannot install the "MUSIC PLAYER" software. Also, once the program
has been installed on your computer, you must login as an
Administrator or Power User if you need to use the "MUSIC PLAYER"
Backup Restore Tool.
Using Multiple Operating Systems on One
Machine
If your computer has multiple operating systems installed, then you
should not install "MUSIC PLAYER" for each operating system. Doing
so can cause illegal data errors.
When your machines goes to Sleep
If "MUSIC PLAYER" is running and your computer goes to sleep, "MUSIC
PLAYER" is known to experience problems. To prevent this, you should
shut down "MUSIC PLAYER" before your computer goes to sleep, or
change your computer's setting to prevent the computer from going to
sleep.
Moving Music Files On Your Computer
If you move your music files from one folder to another, you may no
longer be able to play back or transfer music from within the "MUSIC
PLAYER" player. To prevent this from happening, please avoid moving
or deleting.
Backup and Restore
If you are backing up your "MUSIC PLAYER" data to CD-R or another
external storage device, you might experience problems because of
text restrictions on folder and file names
Playing and Downloading Music At the Same
Time
On some machines, if you are downloading music and play music at the
same time, you may overload the system. If this occurs, you should
stop the music from playing and wait until your download is finished
until you resume playing music.
Microsoft Internet Explorer Network Settings
When you use "MUSIC PLAYER" to download music, be sure to use your
Web browser to acquire the proxy server settings. Please refer to
the provided Help for more details about how to do proxy server
settings for the Web browser.
back to top
CONTACT
For more information, please visit our support site online at:
Step 6 ~ Machine madness
After listening to the music, I removed the disc and went about my normal work. On this machine I have a broadband connection on a wireless network. I am the administrator and have things in lockdown mode and working very well. After about an hour, the machine was cycling high and low, back and forth and my program would not respond. I opened "task manager" and found the first two items that gave me some concern. Those two items were:
CD_Proxy.exe
$sys$DRMServer.exe
So I went to open my Firefox web browser and nothing would happen! I waited and then clicked on it again. This time a error message came up saying that Firefox could not open and needed to close. I sent the debug file to Mozilla and opened my Internet Explorer browser and went to the Mark Russinovich's website. And sure enough, these items were listed. The Rootkit had my machine! I took this machine offline and shut it down and went home for the day.
The next day I came in and started digging through the machines
system files. I first wanted to learn about the damage first hand,
but after much time, I simply wanted to fix the machine and get it
working again.
Step 7 ~ Scrubbing the infection
11/27/2005 ~ The F-Secure BlackLight Beta has been used by me in the past to remove other Rootkits, so I gave it a try. It did not remove any of these items on three different attempts. I found a few other "odd" files while running this tool that I did not want on the machine, but they were not listed as being part of the Sony XCP Rootkit/malware. They were installed on the same day, when I went online looking for information from the malware installed on the machine. I removed them, rebooted the machine and the Firefox web browser worked normal again.
After that, I ran scans with updated dat files on Ad-Aware SE, Spybot Search & Destroy, Microsoft Defender, Spyware Killer and Ewido. This machine is also being protected by F-Secure Security Suite, which is updated. None of these programs acted any different or discovered any traces of trouble. After looking through the machines, I found that the Windows Defender had deactivated a registry item belonging to the DRM Rootkit.
Next, I attempted to run a scan with Webroot Spy Sweeper, which would not respond or open at all. I had to unplug the machine to unfreeze it. Waited a minute and restarted the machine. After several minutes of not responding again, it finally opened and informed me that a new program version was available to download. I downloaded it and updated the dat files. It now says it has a new feature to detect Rootkits. I was happy to find myself in good timing for this update!
With the updated edition, I ran a full scan it still passed over this malware, saying everything was clear. So, I downloaded the RootkitRevealer tool by Mark Russinovich and it would not unzip or install. This was alarming to me, because I have used this tool many times in the past. It has always worked well at revealing the bad items to me and then I would manually remove the files one by one.
I could not spend any more time on the machine today, so I turned it off and went about my day.
11/29/2005 ~ Ran all of the scans again and nothing new happened and nothing new was discovered by them. I was not able to spend the time, so I left it on, but offline. It runs very slow.
12/02/2005 ~ Came in and took the machine online and updated all of my scanners and tools. I used HiJackThis! and removed the two files, which is the third time doing so:
HKLM\SYSTEM\CurrentControlSet\Services\CD_Proxy
HKLM\SYSTEM\CurrentControlSet\Services\$sys$DRMServer
And then I ran the RootkitRevealer, along with digging through every system32 file and discovered the following files, which I verified at the Bleeping Computer website:
C:\Windows\System32\$sys$filesystem\$sys$DRMServer.exe
C:\Windows\System32\$sys$filesystem\$sys$parking
C:\Windows\System32\$sys$filesystem\aries.sys
C:\Windows\System32\$sys$filesystem\crater.sys
C:\Windows\System32\$sys$filesystem\DbgHelp.dll
C:\Windows\System32\$sys$filesystem\lim.sys
C:\Windows\System32\$sys$filesystem\oct.sys
C:\Windows\System32\$sys$filesystem\Unicows.dll
C:\windows\CDProxyServ.exe
C:\windows\DbgHelp.dll
C:\windows\system32\$sys$caj.dll
C:\windows\system32\$sys$upgtool.exe
C:\windows\system32\AXPSupport.dll
C:\windows\system32\ECDPlayerControl.ocx
C:\windows\system32\InstallContinue.exe
C:\windows\system32\driver\$sys$cor.sys
C:\windows\system32\TMPX\APIX.vxd
C:\windows\system32\TMPX\ASPIENUM.vxd
C:\windows\system32\TMPX\WNASPI.dll
C:\windows\system32\TMPX\WNASPI32.dll
C:\windows\system32\Unicows.dll
And the five system drivers:
HKLM\SYSTEM\CurrentControlSet\Services\$sys$aries
HKLM\SYSTEM\CurrentControlSet\Services\$sys$cor
HKLM\SYSTEM\CurrentControlSet\Services\$sys$crater
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM
Out of the above listed items, $sys$aries is the Rootkit/malware.
The other files belong to the DRM (Digital Rights Media) and related
software.
So I ran another scan with F-Secure's virus scanner. About ten minutes into it, a pop up said it found the trojan.XCP.Rootkit and that it could not disinfect it, so I let it delete it. I opened task manager and it showed the two running services:
CD_Proxy.exe
$sys$DRMServer.exe
So I opened HiJackThis! and found them again listed, so I removed them. I ran every scanner and came up clean. I restarted the machine and it ran slow again, so I opened task manager and they were listed again! I used the "end process" tab and the CD_Proxy went away, but the DRMServer came back 11 times before I gave up trying again. I then went to the website Sophos and downloaded their tool that was designed for this infection. After running the tool, it came up clean with nothing. I knew there was 'something' so I found the setting and clicked "scan all files" and it found the DRMServer and two registry files. It cleaned them and I restarted the machine after all scanners came up clean and the two files were running in task manager again:
CD_Proxy.exe
$sys$DRMServer.exe
I ran out of time so I came home today with this machine still infected, but all of the scanners say it is clean!
I can clean this computer myself but it will take a lot more time than having a tool do it for me. I have experience working in the registry and system files, so this is where I will end up more than likely. Tomorrow is Saturday and I have other projects to work on, but Monday I will be picking up on this task again.
The machine has been disabled and no longer in use by the office. There will be much time spent, making this machine correct again.
This is a very serious problem! Just think of how many computer's are surfing the web without this knowledge. They have done everything right when it comes to their computer security and surfing habits. Still, they have no idea they are carrying around a time bomb waiting to shut down their machine! Or worse, they do some holiday shopping, only to find they have had their identity stolen and their machine corrupted. This is the worse time of year for something like this to be hidden on consumer's machines. The only thing worse will be the consumers who spend their money on Sony products and then have to pay a repair person to fix the machine and then having to go through the horrors of identity theft!
No matter how you look at this situation, it is as bad as it gets, when it comes down to people's trust.
If you have been infected by this or any music cd's copy protection program, please contact us with your story as we are gathering information to sue the responsible parties. At the bottom of the page, you will find a link to our "contact us" E-Z form.
And do not use any programs from the Sony websites to remove their malware. You should follow the instructions offered by Mark Russinovich or other 'third party' sources. Another credible source you can turn to for help is Bleeping Computers. As a member, I trust the advice offered there and know that you will be in good hands. And if you do not want to understand the technical side of this problem, but want to verify and remove some of the "key components" of this malware by way of a free, trusted scanner, please visit Sophos. They provide a very small download that will scan system and remove the items. More scanners are being developed by the hour. Most of the tools we recommend and use will have their 'definition' file updated to remove this malware, soon. I would expect several options in a week or two, at the most.
So far, I have followed the steps that a novice, computer user would have. While I have the experience to manually scrub the machine, it will take many hours to do so. I wanted to provide something more for my visitors. By doing so, I hope they will understand the serious problem associated with companies installing malware onto consumer's machines. I have cleaned my home machine of this nasty Rootkit and will be doing so on the work machine as well.
I will be following the advice given by Mark's website next week and I will post the results here! Check back to learn how this ends up!
12/22/2005 ~ I did not give up on updating this page, I simply have not had time to repair this machine. It has been out of order and untouched since the last entry on 12/02/2005! It will require many hours of hand work, which I have not had lately. I will scrub this machine and finish the section in January 2006.
02/22/2006 ~ Wow! How time flies when your cleaning malware from machines. After much work learning from this infection, I am left with a sick feeling in my stomach. Not so much for me, but for you - the average surfer who can not speed the next sixty hours or so cleaning their machines properly after such a nasty infection as this Sony music product. I was hoping to find a simply work around to explain on this page so visitors could follow along and scrub up. However, I must direct you to three options at press time:
-
Reformat your hard drive
-
Follow the extensive directions provided by Mark Russinovich's website.
-
Use the software programs listed on this page to disable the main component of this nasty Rootkit and scrub up 70%, and make a plan for reformatting your hard drive soon.
If you plan on reformatting, prepare a detailed list of the files, folders and software you plan on re-installing and locate/create the proper media back ups (cds, dvds, flash drive, etc.) of these items. If you have a old version of Windows XP, you can visit the Microsoft site and order the SP2 disc as this will save you around 12 hours of dial up mayhem. Once you have everything, all that is left is to reformat (which just means to wipe the drive clean of data) and re-install everything. You should plan on this being a 'weekend' project, however you will rewarded with a spy-free machine that is as fast and fresh as the day you bought it. I think all machines should get a fresh start at some point as a major cleaning and overhaul, just not forced on me by a malware infection. Once you have installed Windows XP, SP2 upgrade, it is time to lockdown your machine. Now is the time to visit our exclusive Safe Lockdown studies which will walk you through the next steps of updating and securing your machine. The factory default leaves too many doors open for entry into your machine, so the factory settings must be tweaked - which is what the Lockdown page is all about! You will find everything needed to set up security and performance on your machine.
After you spend the time scrubbing up and restoring your machine to pre-Sony status, be sure to drop Sony a line and thank them for the extra time & money they have caused you!
06/20/2006 ~ For all of the visitors following along with us on the Sony music malware mess, you should check out out the Class Action Settlement in force for you to join. This has become the only punishment afforded to Sony. So, sign on and get new music (hopefully malware free?) and by doing so, you can allow your "case" to be counted.
After helping so many victims scrub-up after this mess, we wanted to provide a "easy-a,b,c-approach" for our guests to follow. However, we have not found a 100% safe & easy way to get clean results every time. Mark Russinovich has the best solution for competent computer users, while a complete reinstall of the windows operating system is the preferred method for complete, effective system cleaning. Starting over fresh (reformatting) can be just the thing when it comes to serious problems entangled within the core components of Windows. Not only will it clean up the malware/rootkit, It will reward you with a much faster machine and with everything working as was the day you bought it. All of those pesky error messages about missing dll files and such - will be gone.
Back-up your files and break out the restore disks and start fresh!
08/05/2006 ~ If you really do not want to reformat your hard drive, you can clean this infection up with Windows Defender, HiJackThis! and JV16 PowerTools 2006. While the first two are free, the last one can be used for free with the thirty day trial. You will find them on our Downloads page if you do not have them already.
If this the way you want to go, follow the steps below.
*If you open the Task Manager (type and the same time: CTRL ALT DELETE) you will see the malware running on your machine if you are infected.
Step 1: Windows Defender ~ Run a scan with the current, updated version and it will remove the Rootkit. Now you can move onto step 2.
Step 2: HiJackThis! ~ Run a scan and write down any remaining items that match the XCP malware list above and move onto step 3.
Step 3: JV16 PowerTools 2006 ~ Open up the remove file tool and write in the exact information you wrote down from step 2 and then click remove. You are ready for step 4.
Step 4: Restart your machine and run HiJackThis again. Check for the files you wrote down in step 2. They all should be gone BUT one. Write down the name and move onto step 5.
Step 5: Open JV16 PowerTools and use the "rename a file" tool. Type in exactly what you wrote down on step 4 and then rename it by adding the following to the end of the file name: /happy.exe and then restart your machine and move onto the final step.
Step 6: Rerun HiJackThis! and all of the items should be gone. If you open task manager, you will not see the malware running anymore.
Step 7: Restart your machine and repeat step 3 for the remain file that you renamed in step 5. This should remove it.
Your machine is now clean of this malware mess by Sony.
We will be revising this article to better fit the feedback we receive from you.