Sirefef.P is installed and run by other variants of Sirefef. It might have any of these file names:
Note that the file desktop.ini
is the name of a legitimate Windows
system file. This component of Sirefef
provides selected function calls for other components to establish network connections.
Sirefef.P runs another component of Sirefef, usually named one of the following:
Intercepts Windows system calls
Sirefef.P replaces the following system APIs with its own malicious instructions so that calls made to the original API will run the malicious code instead:
Sirefef.P hooks the API WSPStartup to enable it to run.
Refer to our Win32/Sirefef encyclopedia description for more information about this family.
Analysis by Shali Hsieh
The following could indicate that you have this threat on your PC: