Both Bioshock and Bioshock Demo install Rootkit

Status
Not open for further replies.

Harvik780

ToTheBeatOfUrHeart
BioShock Demo Installs SecuROM Service

2K Games recently issued at statement addressing the DRM protection and widescreen problems for the BioShock PC game. In the statement 2K reveals a change in number of activations available with each copy of BioShock. Consumers are now allowed to activate their copy of BioShock a total of five times via the SecuROM network. Problems have already surfaced on the third-party severs preventing users from activating their copy of the game.

What 2K has failed to address is the the SecuROM service installed on your computer when installing BioShock, which is also included in the demo.

Microsoft offers a utility called RootkitRevealer located: here. The program will scan your system for rootkits. Once you scan your system, the program will reveal the SecuROM service with this message:

…\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY*

This is due to the * character at the end, causing the “Key Name Contains Embedded Nuls” message. Unfortunately, you may have to follow this lengthly procedure posted by a 2K forum member to remove the service installed by SecuROM (Thanks Wingsong):

Download RegDelNull here and place in C:
*www.microsoft.com/technet/sys…egDelNull.mspx

Download MoveOnBoot from here:
*www.snapfiles.com/get/moveonboot.html

Regedit (or more specifically..Securom) will not allow deleting of Securom Registry keys, hence the need for Regnull.

From command prompt (assuming RegDelNull is in root of C, type/paste

C:\regdelnull HKEY_USERS\S-1-5-21-2052111302-1757981266-725345543-500
\Software\SecuROM -s

(Im assuming this key is the same for all users..you can check yourself using Regedit)
When asked to delete..choose Yes

Do the same with this Key from command prompt (Start..Run):
C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s

Now run MoveOnBoot and navigate to the “hidden” securom folder in:

Docs and Settings\Admin\AppData\Securom

I chose 3 files for removal upon reboot. After I rebooted, Securom
wasnt in registry or Docs & settings folder.

Delete UAService7.exe from your windows/system32 folder.

The demo doesn’t require activation to play, so why is the SecuROM service included? This will most likely prompt another response from 2K Games to calm this ensuing anger from consumers on yet another problem despite the high ratings of the game.

Additional Information:

The SecuROM website defines its service, which might clarify what is being installed and how to remove it in a more simple manner:

SecuROM™ will install a Windows™ service module called “User Access Service” (UAService) on your system. This is a standard interface commonly used by several other applications as well. It is no spyware or rootkit at all. This module has been developed to enable users without Windows™ administrator rights the ability to access all SecuROM™ features. Please be assured that this service is installed only for security and convenience purposes. Since it is a standard Windows™ service, you can stop and delete this service, like any other Windows™ service. If deleted, the access for non-administrator users to SecuROM™ protected applications will be affected.

*REFERENCES TO ROOTKIT HAVE BEEN REMOVED, FURTHER INVESTIGATION HAS REVEALED A MISUNDERSTANDING IN THE SECUROM SERVICE

Source-
*www.gametab.com/news/1017115/
 
Status
Not open for further replies.
Top Bottom