MICA Specialties Banner


 

XCP Malware was a failed attempt by Sony Music Corp to control what you did with music purchased from their artists. Because of this and several other factors, Sony products have been removed from our product testing page. After a long process of promoting, educating and cleaning machines from malware, we have been left with no other choice. The internet was just starting to become a "little" cleaner and safer, and what does this company do: THEY HIRE A MALWARE COMPANY AND HIDE IT ON MUSIC CD's! Can you believe they would even try something like this? I can't! I really could not! Thanks to a true malware fighter, Mark Russinovich, we are getting to the bottom of this very serious problem.

As part of the work by the CAAM Commitee, we have included several points of contact on the Sony Music Company. Please use the "action letter" by using your copy and paste tools and visiting the website we have listed. By you spending one minute today, you will allow your voice to be heard and prevent this kind of abuse in the future. After all, they have not/will not say the words "we will never again use malware on our customers again!"

Until we get big business to walk the walk with us, we are all targets. Help us put a stop to this today! 

__________________________________________________________________

 

CAAM ACTION LETTER ~ CAAM ACTION LETTER ~ CAAM ACTION LETTER

 Consumers Active Against Malware

 

Please be advised that adware, spyware, pop-ups and all other forms of malware is no longer accepted by the internet community. You have abused the trust of the consumer by adding the XCP malware to the cd's we PURCHASE from you. I will not by products from you that includes malware or any other form of SPYING SOFTWARE.

As a surfer and shopper, I refuse to do business with companies that use these tactics on their customers. Your company will suffer financial loss by including malware with your products. I have a choice in who I do business with, and so do you.

 

CAAM Member and Supporter

www.caam.micaspecialties.org

 

CAAM ACTION LETTER ~ CAAM ACTION LETTER ~ CAAM ACTION LETTER

 

__________________________________________________________________

 

Website contact: Click here! This will take you to their 'E-Z form' at the Sony website. Copy the CAAM Action Letter above then visit the website and paste it into the form field. And if possible, write letters to the two addresses below. You can print the CAAM Action letter and send that as well. Send them a fax and make a call too!

 

Postal Mail: USA Sony Corporation of America
                 Investor Relations
                 550 Madison Avenue, 27th Floor,
                 New York, NY 10022-3211

 

Postal Mail: Sony Music Online Services
                 550 Madison Ave, 24th Fl
                 New York, NY 10022-3211

 

Telephone: 1-800-556-3411 - U.S. and Canada        

                1-402-573-9867 - International

 

Facsimile: 1-212-833-6938

 

For a complete list of the cd's infected with this Rootkit/malware, please visit here.

 

To the Top

 

 

Here is the results from installing the player and running the cd on my work machine.

 

Step 1 ~ Purchasing the infected disc.

 

11/07/2005 ~ I was wanting some new music and thought I would check out the BMG/Sony website. After much time looking through the listings, I decided on a few titles and waited for them to arrive. After a few days, I forgot about ordering anything and went about my normal computer work, cleaning malware from infected machines. 

 

 

11/09/2005 ~ While I was checking out the new post over at a forum I work in, I saw a post about a "new threat" being passed around by a music cd. This was very interesting to me as a computer security consultant. One of the links provided brought me to the sysinternals blog and was very surprised!

 

I thought I was reading something wrong here. But, it was all true. I spent some time reading what was happening, so I would be informed of the ways to help my visitors clean their machines of this new malware. One of the things that surprised me was the fact that this was a standard Rootkit, which anyone in the computer world knows are BAD NEWS. Could Sony do something like this? Would they risk their reputation with computer experts that shun any use of malware?

 

Well, they did. 

 

And then they did nothing to inform consumers of this while installing the music cd into their machines. Who would have guessed that playing a simple music cd from a trusted source, would break your machine?

 

Most would not.

 

I spent a lot of time on this malware discovery and then after a seven or eight days, I went on with my work. Every so often, I would check out the information on it and was seeing some stories on my local news channels. Then I read from Sony that they were pulling the inventory of the infected cd's and that the new ones would be Rootkit free and that they had a tool for removing the malware item. I was glad to hear this from them.  

 

Some more time went by and I started hearing about this new removal tool at the Sony website causing more security problems and that it was difficult to use. Now I was even more upset with them.

 

Some more time went by and I thought the cds were at least off the market and that new cds were being shipped to replace the infected ones.

 

 

11/24/2005 ~ I stopped by the post office and my cds arrived! I was happy to have some new music to listen to, while working. I had a lot of work to do at work, so I brought two or three with me and started playing them. Things were fine, until I came across the Van Zant cd that was discovered by Mark Russinovich. I went to several the sony website and it said that they had pulled the infected cds from the stores and their inventory. I went ahead and put the cd into my work machine. 

 

 

To the Top

 

Step 2 ~ Starting the cd 

EULA ~ FULYA

I have read hundreds. if not thousands of EULA's in my time. They can be quite boring and long, but very important. This is the contract I am entering into with the company that made the software on the disc I am using. I feel that I need to read them all, so I will understand what they are giving me. And this is where I find myself getting more upset. Their Eula did not say they were installing an Rootkit onto my machine. And I soon realized that if someone like me, who works in the computer security industry, could get tricked, what about the average consumer! Here is the exact information that came up on the machine:

 

IMPORTANT-READ CAREFULLY: This compact disc (“CD”) product contains standard so-called “Red Book”-compliant audio files that can be played on any standard CD player, including those contained in many personal home computer systems. As an added feature, this compact disc (“CD”) product also enables you to convert these audio files into digital music files and/or may also contain other already existing digital content (such files and content, collectively, the “DIGITAL CONTENT”), any of which may be stored on the hard drive of a personal home computer system owned by you (“YOUR COMPUTER”) and accessed via YOUR COMPUTER or certain approved, compatible portable devices owned by you (each, an “APPROVED PORTABLE DEVICE”).

Before you can play the audio files on YOUR COMPUTER or create and/or transfer the DIGITAL CONTENT to YOUR COMPUTER, you will need to review and agree to be bound by an end user license agreement or “EULA”, the terms and conditions of which are set forth below. Once you have read these terms and conditions, you will be asked whether or not you agree to be bound by them. Click “AGREE” if you agree to be bound. Click “DISAGREE” if you do not agree to be bound. Please keep in mind, however, that if you do not agree to be bound by these terms and conditions, you will not be able to utilize the audio files or the DIGITAL CONTENT on YOUR COMPUTER.

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER. The SOFTWARE is intended to protect the audio files embodied on the CD, and it may also facilitate your use of the DIGITAL CONTENT. Once installed, the SOFTWARE will reside on YOUR COMPUTER until removed or deleted. However, the SOFTWARE will not be used at any time to collect any personal information from you, whether stored on YOUR COMPUTER or otherwise.

Once the SOFTWARE has been installed on YOUR COMPUTER, a menu will then appear on the screen of YOUR COMPUTER, giving you the option of playing the audio files on YOUR COMPUTER, creating a copy of the DIGITAL CONTENT directly onto the hard drive of YOUR COMPUTER, or making a limited number of back-up copies of the CD onto other, recordable CDs. If you choose to create a copy of the DIGITAL CONTENT, the menu will then prompt you to select a file format for the DIGITAL CONTENT. Once you have selected a file format, a copy of the DIGITAL CONTENT will automatically be created in that file format and transferred onto the hard drive of YOUR COMPUTER, where you will be able to access it using an APPROVED MEDIA PLAYER (see below) or, at you election, transfer it from YOUR COMPUTER onto an APPROVED PORTABLE DEVICE.

In order to access the DIGITAL CONTENT on YOUR COMPUTER, you will need to have a copy of an approved media player software program that is capable of playing the DIGITAL CONTENT in the file format you selected (each such approved media player, an “APPROVED MEDIA PLAYER”) on YOUR COMPUTER. You may already have a copy of an APPROVED MEDIA PLAYER on YOUR COMPUTER. If you do, you will be able to play the DIGITAL CONTENT on YOUR COMPUTER without doing anything further. This CD may also contain an APPROVED MEDIA PLAYER for the file format you selected. If it does, the menu that appears on the screen of YOUR COMPUTER will prompt you on how to transfer a copy of that APPROVED MEDIA PLAYER onto YOUR COMPUTER. To the extent you utilize an APPROVED MEDIA PLAYER contained on this CD, your use of such APPROVED MEDIA PLAYER may be subject, in each instance, to separate terms and conditions provided by the owner of the APPROVED MEDIA PLAYER concerned. If you do not already have a copy of an APPROVED MEDIA PLAYER on YOUR COMPUTER, and if this CD does not contain a compatible APPROVED MEDIA PLAYER, then you will then need to secure a compatible APPROVED MEDIA PLAYER elsewhere (e.g., on an Internet website, where you can download one).


END-USER LICENSE AGREEMENT

This End-User License Agreement (“EULA”) is a legal agreement between you and SONY BMG MUSIC ENTERTAINMENT (“SONY BMG”), a general partnership established under Delaware law. By clicking on the “AGREE” button below, you will indicate your acceptance of these terms and conditions, at which point this EULA will become a legally binding agreement between you and SONY BMG.

Article 1. GRANT OF LICENSE
1. Subject to your agreement to the terms and conditions set forth in this EULA, SONY BMG grants to you a personal, non-exclusive and non-transferable license, with no right to grant sublicenses, to:
(a) install one (1) copy of SOFTWARE onto the hard drive of YOUR COMPUTER, solely in machine-executable form;
(b) install one (1) copy of any APPROVED MEDIA PLAYER(S) contained on this CD onto the hard drive of YOUR COMPUTER, solely in machine-executable form;
(c) use the SOFTWARE and any APPROVED MEDIA PLAYER(S) contained on this CD to access the DIGITAL CONTENT on YOUR COMPUTER or on an APPROVED PORTABLE DEVICE;
in each instance, solely for your own personal and private use and not for any other purpose (including, without limitation, any act of electronic or physical distribution, making available, performance or broadcast, or any act for profit or other commercial purpose) and in accordance with the terms and conditions set forth in this EULA.
2. The DIGITAL CONTENT and the SOFTWARE contained on this CD are sometimes referred to herein, collectively, as the “LICENSED MATERIALS”.

Article 2. PRODUCT FEATURES
1. This CD contains technology that is designed to prevent users from making certain, unauthorized uses of the DIGITAL CONTENT, including, without limitation, the following:
(1) making and storing more than one (1) copy of the DIGITAL CONTENT in each available file format on the hard drive of YOUR COMPUTER;
(2) accessing the DIGITAL CONTENT on YOUR COMPUTER (once you have installed a copy of it on the hard drive of YOUR COMPUTER) using a media player that is not an APPROVED MEDIA PLAYER;
(3) transferring copies of the DIGITAL CONTENT that reside on the hard drive of YOUR COMPUTER on to portable devices that are not APPROVED PORTABLE DEVICES;
(4) burning more than three (3) copies of the DIGITAL CONTENT stored on YOUR COMPUTER (ATRAC OpenMG file format only) onto AtracCDs;
(5) burning more than three (3) copies of the DIGITAL CONTENT onto recordable compact discs in the so-called “Red Book”-compliant audio file format; and
(6) burning more than three (3) backup copies of this CD (using the burning application provided on the CD) onto recordable CDs and burning or otherwise making additional copies from the resulting backup copies.
2. PLEASE NOTE: Your use of the DIGITAL CONTENT and the other LICENSED MATERIALS may be subject to additional restrictions, under applicable copyright and other laws, that are not enforced or prescribed by any technology contained on this CD. The absence of any such technology designed to enforce these additional restrictions should in no way be viewed or interpreted as a waiver, on the part of SONY BMG or any other person or entity owning any rights in any of the LICENSED MATERIALS, of their respective rights to enforce any such additional restrictions regarding your use of the LICENSED MATERIALS. Your use of the DIGITAL CONTENT and the other LICENSED MATERIALS shall, at all times, remain subject to any and all applicable laws governing the use of such materials, including, without limitation, any restrictions on your use prescribed therein.
3. All of your rights to enjoy the DIGITAL CONTENT, as described herein, shall be subject to your continued ownership of all rights in and to the physical CD on which such DIGITAL CONTENT is embodied; should you transfer your ownership rights in the physical CD on which such DIGITAL CONTENT is embodied (in whole or in part) to any other person (whether by sale, gift or otherwise), your rights in both the physical CD and such DIGITAL CONTENT shall terminate.

Article 3. RESTRICTIONS ON USE OF LICENSED MATERIALS
1. Except to the extent otherwise expressly permitted hereunder or otherwise by the owner of the relevant rights in or to the LICENSED MATERIALS concerned, and without limitation, the following restrictions shall apply to your use of the LICENSED MATERIALS:
(a) You may not copy or reproduce any portion of the LICENSED MATERIALS.
(b) You may not distribute, share through any information network, transfer, sell, lease or rent any of the LICENSED MATERIALS to any other person, in whole or in part.
(c) You may not change, alter, modify or create derivative works, enhancements, extensions or add-ons to any of the LICENSED MATERIALS.
(d) You may not decompile, reverse engineer or disassemble any of the LICENSED MATERIALS, in whole or in part.
(e) You may not export the LICENSED MATERIALS outside of the country where you reside. (This clause 1(e) of Article 3 shall not be applicable within the European Economic Area (EEA).)
(f) You will at all times comply with, and will not circumvent or attempt to circumvent, any of the restrictions on use set forth in this Article 3 or elsewhere in this EULA.
2. In the event that the owner of the LICENSED MATERIALS is a party other than SONY BMG (each, a “LICENSOR”), you agree that such LICENSOR shall be a third party beneficiary under this EULA and, as such, shall have the right to enforce the terms and conditions of this EULA that pertain directly to such LICENSOR’S rights in and to the LICENSED MATERIALS concerned as if such LICENSOR was a party to this EULA. The rights granted to a Licensor under this Article shall not be revoked.
3. SONY BMG and each LICENSOR reserve the right to use the SOFTWARE and/or any APPROVED MEDIA PLAYER to enforce their respective rights in and to the DIGITAL CONTENT, including any and all of the restrictions on use set forth in this Article 3, at any time, without notice to you.

Article 4. INTELLECTUAL PROPERTY RIGHTS
All title to, and intellectual property rights in, the LICENSED MATERIALS and any related documents are and shall remain owned and/or controlled solely and exclusively by SONY BMG and/or its LICENSORS. SONY BMG and/or all respective LICENSORS reserve all rights in the LICENSED MATERIALS not specifically granted to you under this EULA.

Article 5. EXCLUSION OF WARRANTIES
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT YOU ARE INSTALLING AND USING THE LICENSED MATERIALS AT YOUR OWN SOLE RISK. THE LICENSED MATERIALS ARE PROVIDED “AS IS” AND WITHOUT WARRANTY, TERM OR CONDITION OF ANY KIND, AND SONY BMG, ITS LICENSORS AND EACH OF THEIR LICENSEES, AFFILIATES AND AUTHORIZED REPRESENTATIVES (EACH, A “SONY BMG PARTY”) EXPRESSLY DISCLAIM ALL WARRANTIES, TERMS OR CONDITIONS. EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT AND FITNESS FOR A GENERAL OR PARTICULAR PURPOSE. NO ORAL, WRITTEN OR ELECTRONIC INFORMATION OR ADVICE GIVEN BY ANY SONY BMG PARTY SHALL CREATE ANY WARRANTY, TERM OR CONDITION WITH RESPECT TO THE LICENSED MATERIALS OR OTHERWISE. SHOULD THE LICENSED MATERIALS PROVE TO BE DEFECTIVE, YOU (AND NOT THE SONY BMG PARTY CONCERNED) AGREE TO ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIRS OR CORRECTIONS. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, TERMS OR CONDITIONS IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY MANDATES LIABILITY, DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.

Article 6. LIMITATION OF LIABILITY
NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO, THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED EQUIPMENT, DOWN TIME AND USER’S TIME), EVEN IF THE SONY BMG PARTY CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES, COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO FIVE US DOLLARS (US $5.00). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.

Article 7. DAMAGES ARISING OUT OF YOUR ACTIONS
You shall defend and hold the SONY BMG PARTIES harmless from and against any and all liabilities, damages, costs, expenses or losses arising out of your use of the LICENSED MATERIALS, your negligent or wrongful acts, your violation of any applicable laws or regulations, and/or your breach of any provision of this EULA.

Article 8. UPDATES TO THE LICENSED MATERIALS
The SONY BMG PARTIES may from time to time provide you with updates of the SOFTWARE in a manner that the SONY BMG PARTIES deem to be appropriate. All such updates shall be deemed to be part of the SOFTWARE for all purposes hereunder. In the event that you fail to install an update, the SONY BMG PARTIES reserve the right to terminate the term of this EULA, along with your rights to use the LICENSED MATERIALS, immediately, without additional notice to you. The SONY BMG PARTIES shall not be liable for any loss or damage caused by reason of your failure to install any such update or your failure to do so in the manner instructed.

Article 9. EXPIRATION AND TERMINATION
1. The rights granted to you hereunder to use the DIGITAL CONTENT are conditioned upon your continued possession of, and your continued right under a license from SONY BMG to use, the original CD product that you purchased. In the event that you no longer possess or have the right under such license to use the original CD product, your rights hereunder to use the DIGITAL CONTENT shall expire immediately, without notice from SONY BMG.
2. Without prejudice to any other rights SONY BMG or any SONY BMG PARTY may have hereunder, the term of this EULA shall terminate immediately, without notice from SONY BMG, and all rights you may have hereunder to use the LICENSED MATERIALS shall be immediately revoked, in the event that you: (i) fail to comply with any provision of this EULA, (ii) fail to install an update of the SOFTWARE that was previously provided to you by the SONY BMG PARTIES within the time specified, or (iii) file a voluntary petition or are subject to an involuntary petition under applicable bankruptcy laws, are declared insolvent, make an assignment for the benefit of creditors, or are served with a writ of attachment , writ of execution, garnishment or other legal process pertaining to any of your assets or property.
3. Upon the expiration or termination of this EULA, you shall immediately remove all of the LICENSED MATERIALS from your personal computer system and delete or destroy them, along with any related documentation (and any copies thereof) that you may have received or otherwise may possess.
4. Articles 4 (Intellectual Property Rights), 6 (Limitation of Liability), 7 (Damages Arising Out Of Your Actions), 9 (Expiration and Termination), 10 (Governing Law and Waiver of Trial By Jury), and 11 (General) shall survive and remain in full force and effect following the expiration or termination of this EULA
5. To the extent relevant under applicable law, you and SONY BMG each agree, for the effectiveness of the termination clauses under this EULA, to waive any provisions, procedures and operation of any applicable law that might otherwise require judicial approval or a court order in order to effect the termination of this EULA.

Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY
1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS (STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS.
2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY WAY TO THIS EULA OR THE SOFTWARE.

Article 11. GENERAL
If any provision of this EULA is subsequently held to be invalid or unenforceable by any court or other authority, such invalidity or unenforceability shall in no way affect the validity or enforceability of any other provision of this EULA. This EULA shall be binding upon the parties’ authorized successors and assignees. Neither party’s waiver of any breach or failure to enforce any of the provision of this EULA at any time shall in any way affect, limit or waive such party’s right thereafter to enforce and compel strict compliance with every other provision. No modification of this EULA shall be effective unless it is set forth in a writing signed by SONY BMG.

(ID:239675.18 -- 1/7/2005)

 

To the Top

 

 

 

Step 3 ~ Agreeing and installing the player

I agreed to the EULA and installed the music player.

 

 

Step 4 ~ Playing the music

Things were going fine, working and listening to my new music. I thought the new music player was fine, but I did not see why the others cds opened in my Windows Media Player an this one had it's own. I started thinking about the Rootkit issue and than put it out of my head, because the bad inventory had been pulled and my cd did not come from a third party, but from them directly.

 

 

Step 5 ~ Clicking the help button

I decided that I should take a look around the cd and found this button in the top right hand corner that said "help." This was what I was wanting so I clicked on it. Below is the exact information that came up.

 

To the Top

 

Help Guide

This file contains important information regarding the software on this disc. It is strongly recommended that you read this entire document.

· Minimum System Requirements

· Getting Started

· Copying Music To Your Computer

· Making Copies of This Disc

· Frequently Asked Questions

· Known Issues

· About This Product

· Contact

 

MINIMUM SYSTEM REQUIREMENTS

To play the audio off the disc, your machine must meet the following requirements

·         Windows 98SE, Windows ME, Windows 2000 SP4, Windows XP Home, Windows XP Pro

·         Pentium II or higher with Windows 98SE, Windows ME

·         Pentium III or higher with Windows 2000 SP4, Windows XP Home, Windows XP Pro

·         at least 64MB RAM above recommended OS memory level

·         Microsoft DirectX 9.0 or higher recommended for Windows XP, required for all others (download)

To copy secure Windows Media files to your computer, your machine must also have the following:

·         at least 60MB free disk space to save audio tracks

·         Windows Media Player 9.0 or higher (download)

To make a secure backup copy of this disc, your machine must also have the following:

·         a CD-R, CD-RW, or other drive capable of burning CDs

·         at least 700MB free disk space

 

GETTING STARTED

To install the software on this disc, you must have Administrator rights on your computer. If you do not have Administrator rights, log out of your account and log in as an Administrator.

When you insert the disc into your computer, a player should automatically launch. This player allows you to listen to the music on the CD, copy the tracks to your hard drive, and make a limited number of backup copies of the audio on the disc.

If the player does not launch automatically, then follow these steps to launch the player manually.

Double click on the 'My Computer' icon on your desktop

Inside the 'My Computer' window, double click on the icon for your CD-ROM drive

Once you see the list of files on the disc, double click on the file named 'AUTORUN.EXE'.

 

COPYING MUSIC TO YOUR COMPUTER

You must use the software provided on this disc to copy the tracks to your computer. If you try to use your normal media player (RealPlayer, iTunes, Windows Media Player, MusicMatch) to copy the tracks to your computer, then the audio will sound distorted.

To copy tracks to your computer, click this icon inside the player. Next, select which format you would like to use to copy the tracks. You can copy tracks using secure Windows Media, or copy OpenMG tracks for use with Sony portable devices.

To copy tracks to your computer in the secure Windows Media format, you must have Windows Media 9 or higher installed on your computer. If you do not have Windows Media 9 installed, you can download it directly from Microsoft. Additionally, if you are running a version of Windows older than Windows XP, then you must also have DirectX 9 installed. You can download DirectX 9 directly from Microsoft.

To copy tracks to your computer in the OpenMG format for use with Sony portable devices, you must use the "MUSIC PLAYER" software provided on this disc. This application will be installed the first time you try to copy the OpenMG tracks to your computer. If the "MUSIC PLAYER" installer does not automatically launch, then follow these steps to launch the "MUSIC PLAYER" installer manually.

Double click on the 'My Computer' icon on your desktop

Inside the 'My Computer' window, double click on the icon for your CD-ROM drive

Once you see the list of files on the disc, double click on the folder named 'BIN'.

Once you see the list of files in the 'BIN' folder, double click on the folder named 'WIN32'.

Once you see the list of files in the 'WIN32' folder, double click on the file named 'MQSETUP.EXE'.

If you have problems or experience difficulty with any of these functions, please visit our website, http://www.contentprotectedmusic.com/ for more information.

 

MAKING COPIES OF THIS DISC

To make a backup copy of the audio on this disc, click this icon inside the player. Your computer must have a CD burner in order for this function to work. The software on this disc limits you to three backup copies of this disc. The resulting burned copy allows you to play the CD on all standard devices and computers, however, the ability to make additional copies and transfer files to the computer is disabled on copied discs.

 

FREQUENTLY ASKED QUESTIONS

I tried playing the disc through my normal media player and the music sounds choppy. Why?
In order to listen to the music on this disc, or to copy the tracks from this disc to your computer, you must use the software provided on this disc. To launch the software on this disc, follow the directions listed in "Getting Started."

I insert the CD and nothing happens. What do I do?
If the player on the disc does not start automatically, then follow the directions listed in "Getting Started" to launch the player.

The audio looks like it's playing, but I don't hear anything?
Make sure that your speakers are plugged in, and that your system volume is not muted. You can check these settings by double clicking on the speaker icon in the bottom right corner of your screen, next to the system clock.

Can I use my own CD burning software to make a backup copy of this disc?
Currently, the only way to make a legitimate copy of this disc is to use the software provided on this disc.

I cannot install the "MUSIC PLAYER" player.
On some Windows configurations, you must have Power User or Administrator access in order to install the "MUSIC PLAYER" player. Try logging into Windows as Administrator, and then running the "MUSIC PLAYER" installer.

back to top

 

OPENMG FORMAT KNOWN ISSUES

Using "MUSIC PLAYER" with OpenMG Jukebox and SonicStage
"MUSIC PLAYER" is not compatible with the following versions of the OpenMG Jukebox software.

· OpenMG Jukebox Software Version 2.2 (and lower)

· SonicStage Version 1.0.06 (and lower)

To ensure complete compatibility, you should download the latest version of this software from the "MUSIC PLAYER" website at http://www.openmg.com/MUSIC_PLAYER.

Using Windows 2000 Professional, Windows XP Professional, or Windows XP Home Edition
To install this software, you must log on as a user with Administrator or Power User rights. A user without these privileges cannot install the "MUSIC PLAYER" software. Also, once the program has been installed on your computer, you must login as an Administrator or Power User if you need to use the "MUSIC PLAYER" Backup Restore Tool.

Using Multiple Operating Systems on One Machine
If your computer has multiple operating systems installed, then you should not install "MUSIC PLAYER" for each operating system. Doing so can cause illegal data errors.

When your machines goes to Sleep
If "MUSIC PLAYER" is running and your computer goes to sleep, "MUSIC PLAYER" is known to experience problems. To prevent this, you should shut down "MUSIC PLAYER" before your computer goes to sleep, or change your computer's setting to prevent the computer from going to sleep.

Moving Music Files On Your Computer
If you move your music files from one folder to another, you may no longer be able to play back or transfer music from within the "MUSIC PLAYER" player. To prevent this from happening, please avoid moving or deleting.

Backup and Restore
If you are backing up your "MUSIC PLAYER" data to CD-R or another external storage device, you might experience problems because of text restrictions on folder and file names

Playing and Downloading Music At the Same Time
On some machines, if you are downloading music and play music at the same time, you may overload the system. If this occurs, you should stop the music from playing and wait until your download is finished until you resume playing music.

Microsoft Internet Explorer Network Settings
When you use "MUSIC PLAYER" to download music, be sure to use your Web browser to acquire the proxy server settings. Please refer to the provided Help for more details about how to do proxy server settings for the Web browser.

back to top

 

CONTACT

For more information, please visit our support site online at:

http://cp.sonybmg.com/xcp/

 

To the Top

 

 

Step 6 ~ Machine madness

After listening to the music, I removed the disc and went about my normal work. On this machine I have a broadband connection on a wireless network. I am the administrator and have things in lockdown mode and working very well. After about an hour, the machine was cycling high and low, back and forth and my program would not respond. I opened "task manager" and found the first two items that gave me some concern. Those two items were: 

 

CD_Proxy.exe
$sys$DRMServer.exe
 

So I went to open my Firefox web browser and nothing would happen! I waited and then clicked on it again. This time a error message came up saying that Firefox could not open and needed to close. I sent the debug file to Mozilla and opened my Internet Explorer browser and went to the Mark Russinovich's website. And sure enough, these items were listed. The Rootkit had my machine! I took this machine offline and shut it down and went home for the day.


The next day I came in and started digging through the machines system files. I first wanted to learn about the damage first hand, but after much time, I simply wanted to fix the machine and get it working again.

 

To the Top

 

 

Step 7 ~ Scrubbing the infection 

 

11/27/2005 ~ The F-Secure BlackLight Beta has been used by me in the past to remove other Rootkits, so I gave it a try. It did not remove any of these items on three different attempts. I found a few other "odd" files while running this tool that I did not want on the machine, but they were not listed as being part of the Sony XCP Rootkit/malware. They were installed on the same day, when I went online looking for information from the malware installed on the machine. I removed them, rebooted the machine and the Firefox web browser worked normal again.

 

After that, I ran scans with updated dat files on Ad-Aware SE, Spybot Search & Destroy, Microsoft Defender, Spyware Killer and Ewido. This machine is also being protected by F-Secure Security Suite, which is updated. None of these programs acted any different or discovered any traces of trouble. After looking through the machines, I found that the Windows Defender had deactivated a registry item belonging to the DRM Rootkit.

 

Next, I attempted to run a scan with Webroot Spy Sweeper, which would not respond or open at all. I had to unplug the machine to unfreeze it. Waited a minute and restarted the machine. After several minutes of not responding again, it finally opened and informed me that a new program version was available to download. I downloaded it and updated the dat files. It now says it has a new feature to detect Rootkits. I was happy to find myself in good timing for this update!

 

With the updated edition, I ran a full scan it still passed over this malware, saying everything was clear. So, I downloaded the RootkitRevealer tool by Mark Russinovich and it would not unzip or install. This was alarming to me, because I have used this tool many times in the past. It has always worked well at revealing the bad items to me and then I would manually remove the files one by one.

 

I could not spend any more time on the machine today, so I turned it off and went about my day.

 

 

11/29/2005 ~ Ran all of the scans again and nothing new happened and nothing new was discovered by them. I was not able to spend the time, so I left it on, but offline. It runs very slow.

 

 

12/02/2005 ~ Came in and took the machine online and updated all of my scanners and tools. I used HiJackThis! and removed the two files, which is the third time doing so:

 

HKLM\SYSTEM\CurrentControlSet\Services\CD_Proxy
HKLM\SYSTEM\CurrentControlSet\Services\$sys$DRMServer

 

And then I ran the RootkitRevealer, along with digging through every system32 file and discovered the following files, which I verified at the Bleeping Computer website:

C:\Windows\System32\$sys$filesystem\$sys$DRMServer.exe
C:\Windows\System32\$sys$filesystem\$sys$parking
C:\Windows\System32\$sys$filesystem\aries.sys
C:\Windows\System32\$sys$filesystem\crater.sys
C:\Windows\System32\$sys$filesystem\DbgHelp.dll
C:\Windows\System32\$sys$filesystem\lim.sys
C:\Windows\System32\$sys$filesystem\oct.sys
C:\Windows\System32\$sys$filesystem\Unicows.dll
C:\windows\CDProxyServ.exe
C:\windows\DbgHelp.dll
C:\windows\system32\$sys$caj.dll
C:\windows\system32\$sys$upgtool.exe
C:\windows\system32\AXPSupport.dll
C:\windows\system32\ECDPlayerControl.ocx
C:\windows\system32\InstallContinue.exe
C:\windows\system32\driver\$sys$cor.sys
C:\windows\system32\TMPX\APIX.vxd
C:\windows\system32\TMPX\ASPIENUM.vxd
C:\windows\system32\TMPX\WNASPI.dll
C:\windows\system32\TMPX\WNASPI32.dll
C:\windows\system32\Unicows.dll

 

And the five system drivers:

HKLM\SYSTEM\CurrentControlSet\Services\$sys$aries
HKLM\SYSTEM\CurrentControlSet\Services\$sys$cor
HKLM\SYSTEM\CurrentControlSet\Services\$sys$crater
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM

Out of the above listed items, $sys$aries is the Rootkit/malware. The other files belong to the DRM (Digital Rights Media) and related software.

 

So I ran another scan with F-Secure's virus scanner. About ten minutes into it, a pop up said it found the trojan.XCP.Rootkit and that it could not disinfect it, so I let it delete it. I opened task manager and it showed the two running services:

 

CD_Proxy.exe
$sys$DRMServer.exe

  

So I opened HiJackThis! and found them again listed, so I removed them. I ran every scanner and came up clean. I restarted the machine and it ran slow again, so I opened task manager and they were listed again! I used the "end process" tab and the CD_Proxy went away, but the DRMServer came back 11 times before I gave up trying again. I then went to the website Sophos and downloaded their tool that was designed for this infection. After running the tool, it came up clean with nothing. I knew there was 'something' so I found the setting and clicked "scan all files" and it found the DRMServer and two registry files. It cleaned them and I restarted the machine after all scanners came up clean and the two files were running in task manager again:

 

CD_Proxy.exe
$sys$DRMServer.exe

 

I ran out of time so I came home today with this machine still infected, but all of the scanners say it is clean!

 

I can clean this computer myself but it will take a lot more time than having a tool do it for me. I have experience working in the registry and system files, so this is where I will end up more than likely. Tomorrow is Saturday and I have other projects to work on, but Monday I will be picking up on this task again. 

 

The machine has been disabled and no longer in use by the office. There will be much time spent, making this machine correct again.

 

This is a very serious problem! Just think of how many computer's are surfing the web without this knowledge. They have done everything right when it comes to their computer security and surfing habits. Still, they have no idea they are carrying around a time bomb waiting to shut down their machine! Or worse, they do some holiday shopping, only to find they have had their identity stolen and their machine corrupted. This is the worse time of year for something like this to be hidden on consumer's machines. The only thing worse will be the consumers who spend their money on Sony products and then have to pay a repair person to fix the machine and then having to go through the horrors of identity theft!

 

No matter how you look at this situation, it is as bad as it gets, when it comes down to people's trust.       

 

If you have been infected by this or any music cd's copy protection program, please contact us with your story as we are gathering information to sue the responsible parties. At the bottom of the page, you will find a link to our "contact us" E-Z form.

 

And do not use any programs from the Sony websites to remove their malware. You should follow the instructions offered by Mark Russinovich or other 'third party' sources. Another credible source you can turn to for help is Bleeping Computers. As a member, I trust the advice offered there and know that you will be in good hands. And if you do not want to understand the technical side of this problem, but want to verify and remove some of the "key components" of this malware by way of a free, trusted scanner, please visit Sophos. They provide a very small download that will scan system and remove the items. More scanners are being developed by the hour. Most of the tools we recommend and use will have their 'definition' file updated to remove this malware, soon. I would expect several options in a week or two, at the most.     

 

So far, I have followed the steps that a novice, computer user would have. While I have the experience to manually scrub the machine, it will take many hours to do so. I wanted to provide something more for my visitors. By doing so, I hope they will understand the serious problem associated with companies installing malware onto consumer's machines. I have cleaned my home machine of this nasty Rootkit and will be doing so on the work machine as well.   

I will be following the advice given by Mark's website next week and I will post the results here! Check back to learn how this ends up!

 

 

12/22/2005 ~ I did not give up on updating this page, I simply have not had time to repair this machine. It has been out of order and untouched since the last entry on 12/02/2005! It will require many hours of hand work, which I have not had lately. I will scrub this machine and finish the section in January 2006.

 

 

02/22/2006 ~ Wow! How time flies when your cleaning malware from machines. After much work learning from this infection, I am left with a sick feeling in my stomach. Not so much for me, but for you - the average surfer who can not speed the next sixty hours or so cleaning their machines properly after such a nasty infection as this Sony music product. I was hoping to find a simply work around to explain on this page so visitors could follow along and scrub up. However, I must direct you to three options at press time:

  •  Reformat your hard drive

  •  Follow the extensive directions provided by Mark Russinovich's website.

  •  Use the software programs listed on this page to disable the main component of this nasty Rootkit and scrub up 70%, and make a plan for reformatting your hard drive soon.

If you plan on reformatting, prepare a detailed list of the files, folders and software you plan on re-installing and locate/create the proper media back ups (cds, dvds, flash drive, etc.) of these items. If you have a old version of Windows XP, you can visit the Microsoft site and order the SP2 disc as this will save you around 12 hours of dial up mayhem. Once you have everything, all that is left is to reformat (which just means to wipe the drive clean of data) and re-install everything. You should plan on this being a 'weekend' project, however you will rewarded with a spy-free machine that is as fast and fresh as the day you bought it. I think all machines should get a fresh start at some point as a major cleaning and overhaul, just not forced on me by a malware infection. Once you have installed Windows XP, SP2 upgrade, it is time to lockdown your machine. Now is the time to visit our exclusive Safe Lockdown studies which will walk you through the next steps of updating and securing your machine. The factory default leaves too many doors open for entry into your machine, so the factory settings must be tweaked - which is what the Lockdown page is all about! You will find everything needed to set up security and performance on your machine.

After you spend the time scrubbing up and restoring your machine to pre-Sony status, be sure to drop Sony a line and thank them for the extra time & money they have caused you! 

 

 

06/20/2006 ~ For all of the visitors following along with us on the Sony music malware mess, you should check out out the Class Action Settlement in force for you to join. This has become the only punishment afforded to Sony. So, sign on and get new music (hopefully malware free?) and by doing so, you can allow your "case" to be counted.

After helping so many victims scrub-up after this mess, we wanted to provide a "easy-a,b,c-approach" for our guests to follow. However, we have not found a 100% safe & easy way to get clean results every time. Mark Russinovich has the best solution for competent computer users, while a complete reinstall of the windows operating system is the preferred method for complete, effective system cleaning. Starting over fresh (reformatting) can be just the thing when it comes to serious problems entangled within the core components of Windows. Not only will it clean up the malware/rootkit, It will reward you with a much faster machine and with everything working as was the day you bought it. All of those pesky error messages about missing dll files and such - will be gone.

Back-up your files and break out the restore disks and start fresh!   

 

08/05/2006 ~ If you really do not want to reformat your hard drive, you can clean this infection up with Windows Defender, HiJackThis! and JV16 PowerTools 2006. While the first two are free, the last one can be used for free with the thirty day trial. You will find them on our Downloads page if you do not have them already.

If this the way you want to go, follow the steps below.

*If you open the Task Manager (type and the same time: CTRL ALT DELETE) you will see the malware running on your machine if you are infected.

Step 1: Windows Defender ~  Run a scan with the current, updated version and it will remove the Rootkit. Now you can move onto step 2.

Step 2: HiJackThis! ~  Run a scan and write down any remaining items that match the XCP malware list above and move onto step 3.

Step 3: JV16 PowerTools 2006 ~  Open up the remove file tool and write in the exact information you wrote down from step 2 and then click remove. You are ready for step 4.

Step 4: Restart your machine and run HiJackThis again. Check for the files you wrote down in step 2. They all should be gone BUT one. Write down the name and move onto step 5.

Step 5: Open JV16 PowerTools and use the "rename a file" tool. Type in exactly what you wrote down on step 4 and then rename it by adding the following to the end of the file name: /happy.exe and then restart your machine and move onto the final step.

Step 6: Rerun HiJackThis! and all of the items should be gone. If you open task manager, you will not see the malware running anymore.

Step 7: Restart your machine and repeat step 3 for the remain file that you renamed in step 5. This should remove it.

Your machine is now clean of this malware mess by Sony.

 

We will be revising this article to better fit the feedback we receive from you.