Trojan:Win32/Sirefef.AN

(?)

Encyclopedia entry
Updated: Oct 30, 2012 | Published: Jun 23, 2012

Aliases

Backdoor.Win32.ZAccess.tyi

Kaspersky

Mal/ZAccess-CA (Sophos)
TR/ATRAPS.Gen2 (Avira)
TROJ_SIREFEF.CZ (Trend Micro)
Trojan.Win32.Alureon (Ikarus)
ZeroAccess (McAfee)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.147.1205.0
Released: Apr 06, 2013

Detection initially created:
Definition: 1.129.338.0
Released: Jun 23, 2012

Summary

Trojan:Win32/Sirefef.AN is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

Top

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Top

Technical Information (Analysis)

For more information, please see the Win32/Sirefef family entry in our encyclopedia.

Related encyclopedia entries

Win32/Sirefef

Analysis by Horea Coroiu

Top

Prevention

Take these steps to help prevent infection on your computer.

Top

Recovery

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an up-to-date, Microsoft security solution.

Some Sirefef infections may prevent you from running your Microsoft security solution. If this happens, you should uninstall your antivirus, reinstall it, then run a full-system scan. You can read about how to uninstall a program here.

The following Microsoft products detect and remove this threat:

Microsoft Security Essentials or, for Windows 8, Windows Defender
Microsoft Safety Scanner

Additional remediation steps

Sirefef makes lasting changes to your computer’s security settings that may need to be repaired. Sirefef stops and deletes a number of different security-related services on your computer. When using Microsoft security solutions to clean a Sirefef infection, these services will be restored to the Windows default installation settings.

The following Microsoft Fixits can be used for additional repair and configuration:

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.