How to remove Securom malware after uninstalling the Bioshock demo

Status
Not open for further replies.

Wombat2

Distinguished
Jul 17, 2006
518
0
18,980
Like many others I installed the Bioshock demo, played it and then later uninstalled it. Much to my horror I later discovered that even the demo installs Sony's Securom DRM sh*tware and, whats worse, leaves Securom on your system even if you uninstalled the Bioshock demo! :fou:

This is a security risk! :non:

So without further ado:

Securom uninstallation instructions for Windows XP SP2

Disclaimer 1: Only attempt these uninstallation instructions if you are reasonably computer literate and have backed-up your entire system.
Disclaimer 2: Only attempt these uninstallation instructions if you have no games installed which require Securom to be present.
Disclaimer 3: Only attempt these uninstallation instructions if you previously had to authorised your PC with Securom before you could play a game and that game is now uninstalled.

* Step 1: Uninstall the Bioshock demo.

* Step 2: Remove the Securom registry entries.
The Securom registry entries are deliberately made non-removable by default. In order to remove them download the http://www.microsoft.com/technet/sysinternals/Miscellaneous/RegDelNull.mspx RegDelNull registry editing utility from Microsoft and install it on your C partition.
Run the following two commands from a Windows command prompt: "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s" and "C:\regdelnull HKEY_USERS\<Computer specific key>\Software\SecuROM -s" where "<Computer specific key>" can be determined by searching the registry for the "Securom" directory key. This "<Computer specific key>" typically has a form like "S-1-5-21-2052111302-1757341266-724545543-500". Once these two RegDelNull commands have been successfully issued the registry should be checked to confirm that these two keys have been deleted. If they are still present they will now be removeable due to the action of the RegDelNull utility.

* Step 3: Removal of the Securom service and related utilities.
Open a Windows command prompt and change directory to "c:\windows\system32". Type "uaservice7 /remove". This will stop the Securom user access service, and clean up its relevant registry entries. On the Windows command prompt type "regsvr32 /u cmdlineext.dll". Reboot and then manually delete the files "uaservice7.exe" and "cmdlineext.dll" from "c:\windows\system32". Note: Both of these files are Securom installed files which can be verified by checking their file properties (Right click - Properties).

* Step 4: Removal of Securom files under "C:\Documents and Settings".
Securom installs a hidden directory with 6 files under "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". The first 4 ordinary text files can simply be manually deleted once Windows explorer has been configured to show hidden files and folders. The two remaining malformed nominally unremoveable files require a special method to delete: Invoke a Windows command prompt with full Administrator privileges by typing the following into a Windows command prompt: "at <your current time + 1 minute> /interactive %systemroot%\system32\cmd.exe" e.g. "at 9:02pm /interactive %systemroot%\system32\cmd.exe". This will open a new Administrator command line when the time set has been attained. In this new command prompt change directory into the Securom folder e.g. "cd C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". Issue the following command to show the two remaining hidden malformed files: "dir /A". To delete the two remaining hidden malformed files issue the following command: "del /F /AH *". Confirm "yes" for each of the two file deletions of the malformed files. Finally, the directory "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom" can be deleted as per normal practice from within Windows explorer.
 

maverick7

Distinguished
Aug 4, 2006
920
0
18,980
WOOT IT WORKED IT WORKED :D thanks

by the way do you know why Jack left?? its rather lonely without him to be quite honest.. too lose such an old member really sucks
 

spuddyt

Distinguished
Jul 21, 2007
2,114
0
19,780
does this work for the full game? (i'm not finished playing it yet but when i do...)
edit: also I need to ask how to do it on vista (if anyone knows how) as it occurs to me that that is what I am running
 

gahleon

Distinguished
Jan 7, 2006
347
0
18,780
Well 2k just lost a customer for bioshock. I am not putting any of sony's garbage DRM malware on my computer. This is getting pathetic. I can't believe that you put this crap on the computer and you can't get it off after you uninstall. Screw bioshock, sony, and securom. God, I hope someone sues them all for trespass to chattles. Those morons will never learn that people own their computers and have paid for their stuff. WTF do they leave it on others computers.

There is no reason that people should have to manually erase this garbage in the registry. Not everyone is leet with computers.
 

spuddyt

Distinguished
Jul 21, 2007
2,114
0
19,780
They are supposedly going to give people a program to remove securerom after a while (though it suxks that they put it in in the first place)
 

eqselgonas

Distinguished
Jun 29, 2007
20
0
18,510
In principle, I don't like uninstalling something and having it leave stuff behind on my computer. But what impact does it have anyway?

I was going to try and manually uninstall it using the steps you listed above, but I checked the list of other games that use it. I already had it from Tomb Raider: Anniversary. :(

 

hesido

Distinguished
Aug 24, 2006
23
0
18,510
Please don't buy this game if you do not want to end up 'hiring' your games instead of buying them. If this games reach the number of sales it deserves as game, the publishers will be using more of this dunk. It really does deserve to sell well because it is a good game, but only if it hadn't had the DRM.


 

jalek

Distinguished
Jan 29, 2007
524
1
18,995
Immediate impact? Who knows. The last Sony DRM system though was an open door for anyone's rootkits to hide behind.

As usual, it's only the legitimate customers that'll be impacted. They've already been having to modify their system due to it being circumvented.

Someday they'll spend money developing games and not futile attempts at copy protection. I can dream I guess.
 

lp231

Splendid
On a Vista 64bit OS all I've got for securom is that
first registry key "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s"
After that, I've can't any other keys nor services. Am I doing this right or
does this program do not support Vista x64?


 

Christopher1

Distinguished
Aug 29, 2006
666
3
19,015
What are you guys talking about? I installed the BioShock demo off Steam, and it didn't install Securom. I've gone through my registry 3 times now, and I cannot find a registry key for SecuRom anywhere in it, on both my PC's that I played BioShock on.
I don't think the demo actually installs SecuRom software, or if it does, when I uninstalled it the SecuRom stuff went with it.
 

Retrogame

Distinguished
Aug 31, 2007
34
0
18,530
Whoa whoa whoa....

Yes, invasive stuff that stays behind when you uninstall is not nice. Most of the software I've met does that on Windows, so this DRM stuff is really nothing "new" but it still sucks eggs.

Please don't buy this game if you do not want to end up 'hiring' your games instead of buying them.

Hello? You NEVER OWN any digital content you "buy", you only purchase a license to use said form of entertainment. Hence license agreements, etc. I agree that malware stinks and it's not necessary to put it into the installers of games. But lets try to get our facts straight here. Where they've crossed the line is they're potentially violating their own agreement with you from their end by badly implementing their copy protection scheme.

What are you guys talking about? I installed the BioShock demo off Steam, and it didn't install Securom. I've gone through my registry 3 times now, and I cannot find a registry key for SecuRom anywhere in it, on both my PC's that I played BioShock on.
I don't think the demo actually installs SecuRom software, or if it does, when I uninstalled it the SecuRom stuff went with it.

Exactly; I think they're taking the first steps to fix it. That doesn't help you if you have a disc copy but I'm sure that if Valve can do it, so can 2K and Securom, and it sounds like they're going to scrap the DRM if things keep going like this. If Securom as a company can't uninstall their own software there's something very wrong.
 
I did not have this file uaservice7

But the other one was there.

I only had the first Null reg key as well....

there are still other SecuROM entries should I just remove them?

This is different then the normal secuROM on cd;s like Dark Messiah and Tomb Raider Anniversary is it not? since those just tell the game to look for the disc?

EDIT

Well some of the registry keys DO come back when you play even a "normal" SecuROM game.

But none of those files come back....
 

flerb

Distinguished
Jul 30, 2009
2
0
18,510
Wombat2:

Followed your instructions, more or less. Cleaned out all the crap. Thanks!

Now how do I stop a command prompt from popping up every day at the same time?
 

flerb

Distinguished
Jul 30, 2009
2
0
18,510
It not only limits your rights to use something you paid for (or not), but also it (a) might not be removable even after you have removed a product (in my case a game demo) and (b) may make your computer more vulnerable to rootkit invasion.
 
This DRM is always active, not just when you start the game. That said, it has been known to cause erros reading disks on you optical drive causing windows to drop to slower transfer rates and worst actual drive failure.

I have no issue with authorizing my disc, cd key ect, but anything that runs all the time and causes known issues is a problem. Worse they do not even tell you it has been installed.

This even came with the DEMO of the game, what are they protecting there? To add to that, this system also limmits the number of times you may install a game. You know how many times i have installed old games(i replay games from time to tome)? more then 5 that is for sure.

At a later date, they did take off the install limit, but that was too little to late.

Last off, this DRM (Securom) has system access it should not and leading to a security hole on all systems with it installed.
 
Status
Not open for further replies.