These instructions are excerpted from

Lessons from the Sony CD DRM Episode
J. Alex Halderman and Edward W. Felten∗
Center for Information Technology Policy
Department of Computer Science
Princeton University
Extended Version – February 14, 2006

Which is a rather lengthy treatise of the fallout from the Sony DRM/Rootkit scandal.

Deactivating XCP:

XCP’s active protection is more complicated to deactivate than MediaMax’s, because it comprises several
processes that are more deeply entangled in the system configuration and are hidden by the XCP rootkit.
Deactivation requires a three-step procedure, which we describe here in detail so that affected users can
decontaminate their systems.
1. The first step is to remove the rootkit. From the command prompt, run sc delete $sys$aries.
Delete the rootkit’s program file %windir%\system32\$sys$filesystem\aries.sys, and
reboot the system. Disabling the rootkit exposes the previously hidden files, registry entries, and
processes.
2. Next, edit the system registry to remove references to XCP’s filter drivers and CoDeviceInstallers.
XCP uses the Windows filter driver facility to intercept commands to the CD drives and IDE bus.
If these filter drivers are not removed, the CD and IDE device drivers will fail to initialize after the
program files for the filter drivers are deleted. This can cause the CD drives to malfunction, or, worse,
cause the system to fail to boot because the IDE device driver is disabled.
First remove references to the $sys$cor filter driver, which intercepts commands sent to the IDE
device. Use the Windows Registry Editor to search for occurrences of $sys$cor in registry entries
named UpperFilters. Edit each list of filters to remove the reference to $sys$cor. (You will
need to temporarily change the security permissions on the enclosing registry key to grant yourself
permission to edit the filters list.) References to this filter driver may occur in multiple registry keys;
be sure to remove them all.
Repeat this step to remove references to the $sys$crater filter driver, which intercepts commands
sent to the CD drive. This filter driver appears in devices’ LowerFilters lists. Be sure to remove
all occurrences.
Search the registry once again for $sys$caj.dll. This file is configured as a CoDeviceInstaller
for the CD-ROM and IDE devices. It installs the filter drivers when any new CD drive or IDE bus
device is configured. Remove the lines from any list of CoDeviceInstallers in which they appear:
$sys$caj.dll,CoInstallCdrom, $sys$caj.dll,CoInstallPC.

3. The next step is to delete the XCP services and remove the XCP program files. Open a command
prompt and issue these commands:
sc delete $sys$crater
sc delete $sys$lim
sc delete $sys$oct
sc delete cd proxy
sc delete $sys$drmserver
sc delete $sys$cor

del %windir%\system32\$sys$filesystem\crater.sys
del %windir%\system32\$sys$filesystem\lim.sys
del %windir%\system32\$sys$filesystem\oct.sys
del %windir%\system32\drivers\$sys$cor.sys
del %windir%\system32\$sys$caj.dll
del %windir%\system32\$sys$upgtool.exe
Reboot and remove two remaining XCP program files:
del %windir%\CDProxyServ.exe
del %windir%\system32\$sys$filesystem\$sys$DRMServer.exe
Performing these steps will deactivate the XCP active protection, leaving only the passive protection on
XCP CDs in force. The procedure easily could be automated to create a point-and-click removal tool.

**********************************************

I know this shit has been out for a while, but a hell of a lot of computers were infected with Sony's rootkit DRM. If you have a old(or ANY) Windows machine and EVER played a Sony/EMI CD labelled "XCP"(extended Copy Protection) and later had trouble ripping CD's (or didn't try to), you should assume this shit is in YOUR machine!

Sony's rootkit can be(and no doubt has been by now) used by bot herders to gain administrator access, install additional software, and take control of your computer to send spam or harvest your personal information!

Sony was sued over this and ended up recalling and offering to replace the affected CD's. They were also forced to publish an uninstaller, but guess what? Their procedure kills the DRM but leaves lots of security holes for the RIAA to get in later, so don't use it-do it right.

Microsoft reportedly also released software as un update to "Windows Defender" almost two years ago to kill this, but if you have an "unauthorized" copy of Windows this might not be available-and updating Wondows exposes you to Microsoft's OWN DRM software these days.

IF YOU HAVE ANY SONY/EMI discs labelled "XCP",here is a way to disable the DRM, using only ordinary sticky tape. A permanent marker would also work.

From /www.techsupportforum.com:

According to Gartner analysts Martin Reynolds and Mike McGuire, Sony's XCP technology is stymied by sticking a fingernail-size piece of opaque tape on the outer edge of the CD.

That, the pair said in a brief posted online, renders "session 2 -- which contains the self-loading DRM software — unreadable. The PC then treats the CD as an ordinary single-session music CD, and the commonly used CD 'rip' programs continue to work as usual."

*******************

Having done this, rip the audio to mp3, burn a new disc, and TRASH the Sony ones! If you use a permanent marker to permanently cover the portion with the DRM, you can keep the disc, but why worry? If you trash them, BREAK them so they don't infect someone else's computer.

DO NOT BUY music or movies at a store-ever. New DRM schemes are still coming out, and the next CD you buy could be the one that kills your computer dead. It's much safer to download, and it doesn't feed money to lawsuit happy RIAA and MPAA pigs.