Checking for the XCP Rootkit

Here’s a quick procedure to check whether you’ve been infected by Sony’s XCP rootkit:

  1. create a folder named test
  2. rename it to $sys$test

If the folder vanishes, you’re infected. Note that this only detects XCP, not MediaMax.

posted by MenTaLguY | 2005-11-17, 11:16 AM
hoodwink.d enhanced
Copyright © 1999-2007 MenTaLguY, unless otherwise noted.