From Symantec site (Norton) When SecurityRisk.First4DRM is executed, it performs the following actions: 1. Copies itself as the following file: %System%$sys$filesystemaries.sys. Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). 2. Creates the following registry subkey: HKEY_LOCAL_MACHINESystemCurrentControlSetServices$sys$aries which loads the risk as a device driver when the compromised computer is started.

Stupidity also evolves!