Infected by Starforce DRM

And I was wondering why my Windows system was so unstable lately. I managed to avoid the Sony debacle just to get hit by the Starforce mallware. What is it? It is yet another retarded copy protection tool that is installed on your system without your knowledge – but it is not bundled with music, but with commercial games.

What does it do?

one of the common problems brought by Starforce: under Windows XP, if packets are lost during the reading or writing of a disk, XP interprets this as an error and steps the IDE speed down. Eventually it will revert to 16bit compatibility mode rendering a CD/DVD writer virtually unusable. In some circumstances certain drives cannot cope with this mode and it results in physical hardware failure (Most commonly in multiformat CD/DVD writer drives). A sure sign of this step down occurring is that the burn speeds will get slower and slower (no matter what speed you select to burn at). Starforce, on a regular basis, triggers this silent step down. Until it reaches the latter stages most people do not even realise it is happening.

Moreover, the Starforce drivers, installed on your system, grant ring 0 (system level) privileges to any code under the ring 3 (user level) privileges. Thus, any virus or trojan can get OS privileges and totally control your system. Since Windows 2000, the Windows line security and stability got enhanced by separating those privileges, but with the Starforce drivers, the old system holes and instabilities are back and any program (or virus) can reach the core of your system by using the Starforce drivers as a backdoor.

Emphasis mine. And yes, I had allot of issues with my burner lately, and allot of stability issues. McAfee did not detect anything so far, but it is very possible that I have been rooted. I’m preparing to move some of my data around to other partitions and drives and do a clean install sometime soon. Sigh…

How do you know if you have Starforce? Go to device manager, then enable the “show hidden devices” in the view menu, and look under Non-plug and play. If you see anything named Starforce there you are infected. I recommend downloading the removal tool as soon as possible. This tool worked for me.

Of course, you have to stop playing the game that infected you. Starforce usually reinstalls itself whenever you launch the application it protects.

Following games are known to be carriers of this nasty mallware. I am hiding the list save space on the front page. Please click on the link to expand the list below.

# 7 Sins
# Anstoss 4
# Area 51
# Bandits: Phoenix Rising
# Bet on Soldier
# Beyond Divinity
# Black Mirror
# Blitzkrieg 2
# Blitzkrieg: Rolling Thunder
# Breed
# Broken Sword 3: The Sleeping Dragon
# Brothers in Arms: Earned in Blood
# Chaos League
# Chaos League: Sudden Death
# Codename: Outbreak
# Codename: Panzers – Phase One
# Codename: Panzers – Phase Two
# Cold War
# Colin McRae Rally 2005
# Cossacks II: Napoleonic Wars
# Cross Racing Championship 2005
# Curse: The Eye of Isis
# Cycling Manager 3
# Cycling Manager 3
# Cycling Manager 4
# D-Day
# Dead to Rights
# Demonic Speedway
# Desert Rats vs Afrika Korps
# Domination
# Emergency Fire Response
# Enigma: Rising Tide
# Etherlords II
# Fire Chief
# Fire Department
# Freedom Force vs The Third Reich
# Gangland
# Garfield
# Gooka: The Mystery of Janatris
# GT Legends
# GTR: FIA GT Racing Game
# Heroes of Might and Magic V
# Horse Race Manager
# Icewind Dale: Heart of Winter
# Keepsake
# Kicker Manager 2004
# Kill Switch
# King Kong
# Knights of the Temple 2
# Korea: Forgotten Conflict
# LMA Professional Manager 2005
# Lock On: Flaming Cliffs
# Medieval Lords
# Namco Museum 50th Anniversary
# Neuro Hunter
# Obscure
# Pariah
# Pax Romana
# Pferdehof – Pferd und Pony
# Pop Star Academy
# Postal 2: Apocalypse Weekend
# Prince of Persia: The Two Thrones
# Pro Rugby Manager
# Psi-Ops
# Pure Pinball
# Rally Championship Xtreme
# Restaurant Empire
# Restricted Area
# Revolution
# Runaway: A Road Adventure
# Scrapland
# Second Sight
# Silent Hunter 3
# Silent Storm
# Silkolene Honda Motocross GP
# Singles 2: Triple Trouble
# Singles: Flirt Up Your Life
# Sniper Elite
# Soldiers Heroes of World War 2
# Sommerspiele 2004
# Space Rangers 2
# Splinter Cell 3: Chaos Theory
# Star Wolves
# Steel Saviour
# Still Life
# Street Racing Syndicate
# Sudeki
# SuperPower 2
# Syberia II
# The Fall: Last Days of Gaia
# The Moment of Silence
# The Suffering: Ties That Bind
# The Westerner
# TOCA 2
# TrackMania
# TrackMania Nations
# TrackMania Sunrise
# Traitors Gate 2: Cypher
# UFO: Aftershock
# V8 Supercars 2
# Virtual Skipper 3
# Virtual Skipper 4
# Vivisector
# Wildlife Park
# World War II: Frontline Command
# Worms 4: Mayhem
# X2: The Threat
# X3: Reunion
# XIII
# Xpand Rally
# Xuan-Yuan Sword 4

If you installed any of the games on the list, you might be infected! Please check your device manager and throw that game out.

Update Wed, February 01 2006, 01:01 AM

It seems that Starforce creators are abusive and litigious bunch. They apparently threatened Cory Doctorow with a lawsuit for expressing his views on their shady software. Heh… Of course this is pure BS. I personally don’t think they have any legal grounds to do anything – but then again IANAL.

Doctorow on the other hand, worked for EFF so he probably has a pretty good idea of how silly that email is.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: