Sony Rootkit: How to tell if you’ve been infected

Cited in the Spyware Weekly Newsletter : The Texas Attorney General’s web site has a two step check to determine if you’ve been hit by the Sony Rootkit.

1) From Windows, choose Start, then Run, then type cmd. At the command prompt, type (include the quote marks):

“cd windowssystem32$sys$filesystem”

If you are able to change to that folder, you have been infected. If you see the following message, then you likely are not infected: “The system cannot find the path specified.”

2) From Windows, open any word processor and create a text document (named test.txt). Once saved, rename the file to “$sys$test.txt”. Refresh the folder where you saved the file (by pressing the F5 button). If the file disappears, you have been infected.