Most people who play FlyFF don't know that GameGuard installs a rootkit in order to protect FlyFF from hacking. Even fewer know that when you uninstall FlyFF, the rootkit is NOT removed! I would not know these things myself if GameGuard wasn't such an intolerable piece of crap, and I hadn't been forced to learn all about it as I was trying (without success) to make FlyFF playable on my computer.
Here's a summary of a security vulnerability in the GameGuard rootkit. It includes the source code of a program to exploit the hole, and source for a program to uninstall the rootkit:
I have also read that some of the newer anti-rootkit programs, like F-Secure Blacklight, SysInternals Rootkit Revealer, and Sophos Anti-Rootkit will find the GG rootkit and destroy it.
But for those of you who like me are oldskool, this is a set of directions I typed up on how to remove the GameGuard rootkit by hand:
The short version - uninstall FlyFF, then cold boot to Safe Mode and delete all files under C:\WINDOWS and subdirs that match the pattern "NPPT*.*" except for npptools.dll.
The long version - Recommend you save these directions as a notepad .txt file in C:\, that way you can find them in safe mode real easy.
First, FlyFF needs to be uninstalled before you do this. FlyFF will (attempt to) reinstall the rootkit whenever you run it. So kill FlyFF first.
To get into Safe Mode, reboot (cold boot with full power off is best) and then start tapping the F8 key. If you start tapping too early the BIOS may complain about a stuck key. You may have to reboot and try again in that case. If all goes well you'll get a text screen allowing you to boot into different modes. I recommend "Safe Mode with Command Prompt".
You may still have to login, and when you do the screen should be all ugly and low-resolution and there should be a DOS window waiting. Now do the following:
dir /a /s nppt*.*
Should find two files in c:\windows\system32\, NPPTNT2.SYS and NPPT9X.VXD. And probably one or two others elsewhere as well. Delete all of them. Don't miss any. The only exception is a file called "npptools.dll" which is not from GameGuard, it's part of Microsoft's Network Monitoring API. Don't delete that one. But all the rest, because they might be backup copies of the rootkit that Windows will re-install at next bootup. (It's possible some files you need to delete might have their protection attributes set. You'll know because it won't let you delete them. You can unset protection with the command "attrib -h -s filename.etc".)
When you've deleted them all, shut down again (probably have to use Ctrl-Alt-Del and then click the "Shutdown" button) and then boot up normally. The rootkit is now gone. There will probably still be some unused registry keys kicking around in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl