How to remove Securom malware after uninstalling the Bioshock demo

Like many others I installed the Bioshock demo, played it and then later uninstalled it. Much to my horror I later discovered that even the demo installs Sony's Securom DRM sh*tware and, whats worse, leaves Securom on your system even if you uninstalled the Bioshock demo!

This is a security risk!

So without further ado:

Securom uninstallation instructions for Windows XP SP2

Disclaimer 1: Only attempt these uninstallation instructions if you are reasonably computer literate and have backed-up your entire system.
Disclaimer 2: Only attempt these uninstallation instructions if you have no games installed which require Securom to be present.
Disclaimer 3: Only attempt these uninstallation instructions if you previously had to authorised your PC with Securom before you could play a game and that game is now uninstalled.

* Step 1: Uninstall the Bioshock demo.

* Step 2: Remove the Securom registry entries.
The Securom registry entries are deliberately made non-removable by default. In order to remove them download the http://www.microsoft.com/technet/s [...] lNull.mspx RegDelNull registry editing utility from Microsoft and install it on your C partition.
Run the following two commands from a Windows command prompt: "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s" and "C:\regdelnull HKEY_USERS\<Computer specific key>\Software\SecuROM -s" where "<Computer specific key>" can be determined by searching the registry for the "Securom" directory key. This "<Computer specific key>" typically has a form like "S-1-5-21-2052111302-1757341266-724545543-500". Once these two RegDelNull commands have been successfully issued the registry should be checked to confirm that these two keys have been deleted. If they are still present they will now be removeable due to the action of the RegDelNull utility.

* Step 3: Removal of the Securom service and related utilities.
Open a Windows command prompt and change directory to "c:\windows\system32". Type "uaservice7 /remove". This will stop the Securom user access service, and clean up its relevant registry entries. On the Windows command prompt type "regsvr32 /u cmdlineext.dll". Reboot and then manually delete the files "uaservice7.exe" and "cmdlineext.dll" from "c:\windows\system32". Note: Both of these files are Securom installed files which can be verified by checking their file properties (Right click - Properties).

* Step 4: Removal of Securom files under "C:\Documents and Settings".
Securom installs a hidden directory with 6 files under "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". The first 4 ordinary text files can simply be manually deleted once Windows explorer has been configured to show hidden files and folders. The two remaining malformed nominally unremoveable files require a special method to delete: Invoke a Windows command prompt with full Administrator privileges by typing the following into a Windows command prompt: "at <your current time + 1 minute> /interactive %systemroot%\system32\cmd.exe" e.g. "at 9:02pm /interactive %systemroot%\system32\cmd.exe". This will open a new Administrator command line when the time set has been attained. In this new command prompt change directory into the Securom folder e.g. "cd C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". Issue the following command to show the two remaining hidden malformed files: "dir /A". To delete the two remaining hidden malformed files issue the following command: "del /F /AH *". Confirm "yes" for each of the two file deletions of the malformed files. Finally, the directory "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom" can be deleted as per normal practice from within Windows explorer.

WOOT IT WORKED IT WORKED thanks

by the way do you know why Jack left?? its rather lonely without him to be quite honest.. too lose such an old member really sucks

Well 2k just lost a customer for bioshock. I am not putting any of sony's garbage DRM malware on my computer. This is getting pathetic. I can't believe that you put this crap on the computer and you can't get it off after you uninstall. Screw bioshock, sony, and securom. God, I hope someone sues them all for trespass to chattles. Those morons will never learn that people own their computers and have paid for their stuff. WTF do they leave it on others computers.

There is no reason that people should have to manually erase this garbage in the registry. Not everyone is leet with computers.

In principle, I don't like uninstalling something and having it leave stuff behind on my computer. But what impact does it have anyway?

I was going to try and manually uninstall it using the steps you listed above, but I checked the list of other games that use it. I already had it from Tomb Raider: Anniversary.

Immediate impact? Who knows. The last Sony DRM system though was an open door for anyone's rootkits to hide behind.

As usual, it's only the legitimate customers that'll be impacted. They've already been having to modify their system due to it being circumvented.

Someday they'll spend money developing games and not futile attempts at copy protection. I can dream I guess.

On a Vista 64bit OS all I've got for securom is that
first registry key "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s"
After that, I've can't any other keys nor services. Am I doing this right or
does this program do not support Vista x64?

Or just reformat.

I couldn't find anything either.. But my keyboard has been lagging for a while now.. >_<

I did not have this file uaservice7

But the other one was there.

I only had the first Null reg key as well....

there are still other SecuROM entries should I just remove them?

This is different then the normal secuROM on cd;s like Dark Messiah and Tomb Raider Anniversary is it not? since those just tell the game to look for the disc?

EDIT

Well some of the registry keys DO come back when you play even a "normal" SecuROM game.

But none of those files come back....

How do you change your directory ? I'm a cmd noob D: win 32 sp2 ?

Wombat2:

Followed your instructions, more or less. Cleaned out all the crap. Thanks!

Now how do I stop a command prompt from popping up every day at the same time?

It not only limits your rights to use something you paid for (or not), but also it (a) might not be removable even after you have removed a product (in my case a game demo) and (b) may make your computer more vulnerable to rootkit invasion.

This solution worked for me. Great walkthrough!