Sign in with
Sign up | Sign in
Your question
Closed

How to remove Securom malware after uninstalling the Bioshock demo

Last response: in Video Games
Share
August 25, 2007 5:14:25 PM

Like many others I installed the Bioshock demo, played it and then later uninstalled it. Much to my horror I later discovered that even the demo installs Sony's Securom DRM sh*tware and, whats worse, leaves Securom on your system even if you uninstalled the Bioshock demo! :fou: 

This is a security risk! :non: 

So without further ado:

Securom uninstallation instructions for Windows XP SP2

Disclaimer 1: Only attempt these uninstallation instructions if you are reasonably computer literate and have backed-up your entire system.
Disclaimer 2: Only attempt these uninstallation instructions if you have no games installed which require Securom to be present.
Disclaimer 3: Only attempt these uninstallation instructions if you previously had to authorised your PC with Securom before you could play a game and that game is now uninstalled.

* Step 1: Uninstall the Bioshock demo.

* Step 2: Remove the Securom registry entries.
The Securom registry entries are deliberately made non-removable by default. In order to remove them download the http://www.microsoft.com/technet/sysinternals/Miscellan... RegDelNull registry editing utility from Microsoft and install it on your C partition.
Run the following two commands from a Windows command prompt: "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s" and "C:\regdelnull HKEY_USERS\<Computer specific key>\Software\SecuROM -s" where "<Computer specific key>" can be determined by searching the registry for the "Securom" directory key. This "<Computer specific key>" typically has a form like "S-1-5-21-2052111302-1757341266-724545543-500". Once these two RegDelNull commands have been successfully issued the registry should be checked to confirm that these two keys have been deleted. If they are still present they will now be removeable due to the action of the RegDelNull utility.

* Step 3: Removal of the Securom service and related utilities.
Open a Windows command prompt and change directory to "c:\windows\system32". Type "uaservice7 /remove". This will stop the Securom user access service, and clean up its relevant registry entries. On the Windows command prompt type "regsvr32 /u cmdlineext.dll". Reboot and then manually delete the files "uaservice7.exe" and "cmdlineext.dll" from "c:\windows\system32". Note: Both of these files are Securom installed files which can be verified by checking their file properties (Right click - Properties).

* Step 4: Removal of Securom files under "C:\Documents and Settings".
Securom installs a hidden directory with 6 files under "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". The first 4 ordinary text files can simply be manually deleted once Windows explorer has been configured to show hidden files and folders. The two remaining malformed nominally unremoveable files require a special method to delete: Invoke a Windows command prompt with full Administrator privileges by typing the following into a Windows command prompt: "at <your current time + 1 minute> /interactive %systemroot%\system32\cmd.exe" e.g. "at 9:02pm /interactive %systemroot%\system32\cmd.exe". This will open a new Administrator command line when the time set has been attained. In this new command prompt change directory into the Securom folder e.g. "cd C:\Documents and Settings\<Your Administrator name>\Application Data\Securom". Issue the following command to show the two remaining hidden malformed files: "dir /A". To delete the two remaining hidden malformed files issue the following command: "del /F /AH *". Confirm "yes" for each of the two file deletions of the malformed files. Finally, the directory "C:\Documents and Settings\<Your Administrator name>\Application Data\Securom" can be deleted as per normal practice from within Windows explorer.
August 25, 2007 9:19:13 PM

WOOT IT WORKED IT WORKED :D  thanks

by the way do you know why Jack left?? its rather lonely without him to be quite honest.. too lose such an old member really sucks
August 26, 2007 8:49:32 PM

does this work for the full game? (i'm not finished playing it yet but when i do...)
edit: also I need to ask how to do it on vista (if anyone knows how) as it occurs to me that that is what I am running
Related resources
August 27, 2007 1:23:28 PM

Well 2k just lost a customer for bioshock. I am not putting any of sony's garbage DRM malware on my computer. This is getting pathetic. I can't believe that you put this crap on the computer and you can't get it off after you uninstall. Screw bioshock, sony, and securom. God, I hope someone sues them all for trespass to chattles. Those morons will never learn that people own their computers and have paid for their stuff. WTF do they leave it on others computers.

There is no reason that people should have to manually erase this garbage in the registry. Not everyone is leet with computers.
August 27, 2007 8:48:42 PM

They are supposedly going to give people a program to remove securerom after a while (though it suxks that they put it in in the first place)
August 28, 2007 3:44:51 AM

In principle, I don't like uninstalling something and having it leave stuff behind on my computer. But what impact does it have anyway?

I was going to try and manually uninstall it using the steps you listed above, but I checked the list of other games that use it. I already had it from Tomb Raider: Anniversary. :( 

August 28, 2007 8:46:53 PM

Please don't buy this game if you do not want to end up 'hiring' your games instead of buying them. If this games reach the number of sales it deserves as game, the publishers will be using more of this dunk. It really does deserve to sell well because it is a good game, but only if it hadn't had the DRM.


August 28, 2007 9:23:35 PM

Immediate impact? Who knows. The last Sony DRM system though was an open door for anyone's rootkits to hide behind.

As usual, it's only the legitimate customers that'll be impacted. They've already been having to modify their system due to it being circumvented.

Someday they'll spend money developing games and not futile attempts at copy protection. I can dream I guess.
August 29, 2007 11:54:39 PM

or a playstation that doesn't cost as much as small house :lol: 
August 31, 2007 2:13:21 AM

On a Vista 64bit OS all I've got for securom is that
first registry key "C:\regdelnull HKEY_CURRENT_USER\Software\SecuROM -s"
After that, I've can't any other keys nor services. Am I doing this right or
does this program do not support Vista x64?


August 31, 2007 5:26:21 AM

What are you guys talking about? I installed the BioShock demo off Steam, and it didn't install Securom. I've gone through my registry 3 times now, and I cannot find a registry key for SecuRom anywhere in it, on both my PC's that I played BioShock on.
I don't think the demo actually installs SecuRom software, or if it does, when I uninstalled it the SecuRom stuff went with it.
August 31, 2007 7:05:45 AM

Or just reformat.
August 31, 2007 10:04:42 AM

Whoa whoa whoa....

Yes, invasive stuff that stays behind when you uninstall is not nice. Most of the software I've met does that on Windows, so this DRM stuff is really nothing "new" but it still sucks eggs.

Quote:
Please don't buy this game if you do not want to end up 'hiring' your games instead of buying them.


Hello? You NEVER OWN any digital content you "buy", you only purchase a license to use said form of entertainment. Hence license agreements, etc. I agree that malware stinks and it's not necessary to put it into the installers of games. But lets try to get our facts straight here. Where they've crossed the line is they're potentially violating their own agreement with you from their end by badly implementing their copy protection scheme.

Quote:
What are you guys talking about? I installed the BioShock demo off Steam, and it didn't install Securom. I've gone through my registry 3 times now, and I cannot find a registry key for SecuRom anywhere in it, on both my PC's that I played BioShock on.
I don't think the demo actually installs SecuRom software, or if it does, when I uninstalled it the SecuRom stuff went with it.


Exactly; I think they're taking the first steps to fix it. That doesn't help you if you have a disc copy but I'm sure that if Valve can do it, so can 2K and Securom, and it sounds like they're going to scrap the DRM if things keep going like this. If Securom as a company can't uninstall their own software there's something very wrong.
September 1, 2007 1:30:16 AM

I couldn't find anything either.. But my keyboard has been lagging for a while now.. >_<
September 3, 2007 11:19:11 AM

Fixed my page fault something BSOD on shutdown.
September 3, 2007 6:51:38 PM

I did not have this file uaservice7

But the other one was there.

I only had the first Null reg key as well....

there are still other SecuROM entries should I just remove them?

This is different then the normal secuROM on cd;s like Dark Messiah and Tomb Raider Anniversary is it not? since those just tell the game to look for the disc?

EDIT

Well some of the registry keys DO come back when you play even a "normal" SecuROM game.

But none of those files come back....
Anonymous
November 29, 2008 1:23:38 PM

Did you get SecuROM from EA software without conformation or anything in your user agreement? Go to and fill out the form. You could collect somethingin a class action agreement!
April 13, 2009 2:35:53 AM

How do you change your directory ? I'm a cmd noob D: win 32 sp2 ?
April 13, 2009 2:42:37 AM

IM MORE CONFUSED HOW DO I INSTALL IT ON MY C PARTITION?

FIGURED OUT command prompt commands :) 
July 30, 2009 3:38:57 PM

Wombat2:

Followed your instructions, more or less. Cleaned out all the crap. Thanks!

Now how do I stop a command prompt from popping up every day at the same time?
July 30, 2009 8:52:32 PM

What exactly does drm do, i think it stands for digital rights managment, at lest thats what i heard. Why is it so bad?
July 30, 2009 9:13:48 PM

It not only limits your rights to use something you paid for (or not), but also it (a) might not be removable even after you have removed a product (in my case a game demo) and (b) may make your computer more vulnerable to rootkit invasion.
July 30, 2009 9:37:50 PM

This DRM is always active, not just when you start the game. That said, it has been known to cause erros reading disks on you optical drive causing windows to drop to slower transfer rates and worst actual drive failure.

I have no issue with authorizing my disc, cd key ect, but anything that runs all the time and causes known issues is a problem. Worse they do not even tell you it has been installed.

This even came with the DEMO of the game, what are they protecting there? To add to that, this system also limmits the number of times you may install a game. You know how many times i have installed old games(i replay games from time to tome)? more then 5 that is for sure.

At a later date, they did take off the install limit, but that was too little to late.

Last off, this DRM (Securom) has system access it should not and leading to a security hole on all systems with it installed.
October 4, 2009 10:37:29 PM

This solution worked for me. Great walkthrough!
October 5, 2009 12:02:55 AM

This topic has been closed by Randomizer
!