Microsoft security software detects and removes this threat.

This threat is a member of the Win32/Sirefef family. Trojans in this family can do different things, including:

  • Changing your search results
  • Downloading and running other files
  • Contacting remote hosts
  • Disabling security features

Sirefef variants can be installed by other malware, including members of the Trojan:Win32/Necurs family.

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Advanced troubleshooting

To restore your PC, you might need to download and run Windows Defender Offline. See our advanced troubleshooting page for more help.

You can also ask for help from other PC users at the Microsoft virus and malware community.

If you’re using Windows XP, see our Windows XP end of support page.

Restore your settings

Note that as part of the cleaning, our software might change some Windows services back to their default settings. If you had previously changed these settings, you might need to change them again.

The services that are reset include:

  • BFE – Base Filtering Engine
  • Iphlsvc – IP helper Service
  • MSMpSvc – Microsoft Antimalware service – MSE/FEP/SCEP
  • Sharedaccess – Internet Connection Sharing
  • WinDefend – Microsoft Antimalware service
  • Wscsvc - Windows Security Center
Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

See the Win32/Sirefef family description for more information.


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition: 1.129.338.0
Latest detected by definition: 1.193.3462.0 and higher
First detected on: Jun 23, 2012
This entry was first published on: Jun 23, 2012
This entry was updated on: Jun 03, 2014

This threat is also detected as:
  • Backdoor.Win32.ZAccess.tyi (Kaspersky)
  • Mal/ZAccess-CA (Sophos)
  • TR/ATRAPS.Gen2 (Avira)
  • TROJ_SIREFEF.CZ (Trend Micro)
  • Trojan.Win32.Alureon (Ikarus)
  • ZeroAccess (McAfee)