Detections
Analytics
XCP DRM Software Detection
medium Nessus Plugin ID 20212
Language:
Synopsis
The remote Windows host has a rootkit installed on it.Description
First 4 Internet's Extended Copy Protection (XCP) digital rights management software is installed on the remote Windows host. While it is not malicious per se, the software hides files, processes, and registry keys / values from ordinary inspection, which has been exploited by several viruses to hide from antivirus software.Solution
On the affected host, run the DOS command 'cmd /k sc delete $sys$aries' to deactivate the software and reboot.See Also
http://www.nessus.org/u?98ebd71b
http://www.nessus.org/u?db65f981
https://www.sophos.com/en-us/press-office/press-releases/2005/11/stinxe.aspx
Plugin Details
Severity: Medium
ID: 20212
File Name: xcp_drm_installed.nasl
Version: 1.16
Type: local
Agent: windows
Family: Windows
Published: 11/16/2005
Updated: 2/1/2022
Asset Inventory: true
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
CPE: cpe:/a:first4internet_xcp_drm:first4internet_xcp_drm
Required KB Items: SMB/Registry/Enumerated, SMB/svcs