Oct 30, 2012
Jun 21, 2011
Zero Access rootkit
Antimalware protection details
recommends that you download the
to get protected.
Detection last updated:
Released: Apr 13, 2013
Detection initially created:
Released: Jun 21, 2011
Trojan:Win64/Sirefef.B is a trojan that connects to a remote server to download arbitrary files which can include malware, such as other components of Sirefef, and may be present on an affected computer as a file named "consrv.dll".
Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.
The following system changes may indicate the presence of this malware:
- The presence of the following files:
- Alert notifications from installed antivirus software may be the only symptoms.
Technical Information (Analysis)
Trojan:Win64/Sirefef.B is a trojan that connects to a remote server to download arbitrary files which can include malware, such as other components of Sirefef.
This trojan is installed by other malware, such as Trojan:Win64/Sirefef.A, and may be present on an affected computer as the following file:
The trojan is injected into the process "svchost.exe" and its payload is executed.
Downloads arbitrary files
Trojan:Win64/Sirefef.B connects to a remote server to retrieve commands that could include the following actions:
- download arbitrary files or updated Sirefef components
- execute retrieved files
- inject retrieved files into other processes
Analysis by Shawn Wang
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an up-to-date, Microsoft security solution.
Some Sirefef infections may prevent you from running your Microsoft security solution. If this happens, you should uninstall your antivirus, reinstall it, then run a full-system scan. You can read about how to uninstall a program here.
The following Microsoft products detect and remove this threat:
Additional remediation steps
Sirefef makes lasting changes to your computer’s security settings that may need to be repaired. Sirefef stops and deletes a number of different security-related services on your computer. When using Microsoft security solutions to clean a Sirefef infection, these services will be restored to the Windows default installation settings.
The following Microsoft Fixits can be used for additional repair and configuration: