How to remove DRM software

Posted on 2011-05-04
Last Modified: 2012-05-11
Some how this got installed on a users xp system? He is remote working from home so I;m trying to remove it remotely. there is a process int he task manager called fph.exe that runs this software and cannot be killed. I have deleted the entires int he registry, but the process just puts them back. I delete the fasoo folder for program files and the process puts it back.  Any idea how to uninstall it or kill this process?

Mcafee av will not remove it or find it.

Question by:rdefino
    LVL 47

    Expert Comment

    Try RevoUninstaller and see.
    LVL 47

    Accepted Solution

    If RevoUninstaller won't get rid of it, we can use ComboFix to remove all its files using its script function. ComboFix will stop connection while it's scanning but reconnects soon after before the end of scan.

    Please download ComboFix by sUBs:

    STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log. Please save that log and attach it in your next reply.
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    ComboFix tutorial:

    OR, You can try running RogueKiller, without rebooting followed by a Quick scan of MalwareBytes and see if it gets it.
    Here's article of RogueKiller.
    LVL 6

    Assisted Solution

    You may be able to kill the process by using Sysinternals' pskill.  Sysinternals, now owned by Microsoft, has a set of tools you can download and install,  I've had a few instances of malicious processes that would not die, but I was able to kill them using pskill and that enabled me to delete locked files on the system as well.  

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
    Read about achieving the basic levels of HRIS security in the workplace.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now