Trojan:Win32/Sirefef.AB

(?)

Encyclopedia entry
Updated: Oct 30, 2012 | Published: Mar 16, 2012

Aliases

Backdoor/Win32.ZAccess

AhnLab

BackDoor.Maxplus.90 (Dr.Web)
Win32/Sirefef.DL trojan (ESET)
Backdoor.Win32.ZAccess (Ikarus)
Backdoor.Win32.ZAccess.aug (Kaspersky)
Mal/Sirefef-AA (Sophos)
BKDR_ZACCESS.FP (Trend Micro)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.153.100.0
Released: Jun 18, 2013

Detection initially created:
Definition: 1.121.566.0
Released: Feb 28, 2012

Summary

Trojan:Win32/Sirefef.AB is a component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload.

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

Top

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Top

Technical Information (Analysis)

Trojan:Win32/Sirefef.AB is a component most likely installed by Win32/Sirefef. It may be used to establish network connections.

Analysis by Shali Hsieh

Top

Prevention

Take these steps to help prevent infection on your computer.

Top

Recovery

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an up-to-date, Microsoft security solution.

Some Sirefef infections may prevent you from running your Microsoft security solution. If this happens, you should uninstall your antivirus, reinstall it, then run a full-system scan. You can read about how to uninstall a program here.

The following Microsoft products detect and remove this threat:

Microsoft Security Essentials or, for Windows 8, Windows Defender
Microsoft Safety Scanner

Additional remediation steps

Sirefef makes lasting changes to your computer’s security settings that may need to be repaired. Sirefef stops and deletes a number of different security-related services on your computer. When using Microsoft security solutions to clean a Sirefef infection, these services will be restored to the Windows default installation settings.

The following Microsoft Fixits can be used for additional repair and configuration:

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.