There are no common symptoms associated with this threat - links are activated within IFrames while viewing web content on maliciously modified pages. Alert notifications from installed antivirus software may be the only symptoms.
Trojan:WinNT/Sirefef.H is a trojan that could intercept network traffic or inject code into other processes. It is installed by other malware such as TrojanDropper:Win32/Sirefef.B.
What to do now
Win32/Sirefef is a dangerous threat that uses advanced stealth techniques to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove it.
Download and run the Microsoft Safety Scanner
Before you begin you will need:
A PC that is not infected and is connected to the Internet. You will use this PC to download a copy of the Microsoft Safety Scanner
A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected PC
Trojan:WinNT/Sirefef.H is a trojan that could intercept network traffic or inject code into other processes.
This trojan is installed by other malware such as TrojanDropper:Win32/Sirefef.B, a trojan dropper. In the wild, the trojan dropper may be distributed as executable files with enticing names, as in the following examples:
When Trojan:WinNT/Sirefef.H executes, it creates a device as "\\??\\ACPI#PNP0303#2&da1a3ff&0\\U\\$<random 8 digits>" and injects trojan DLL code into the process ‘services.exe’. The injected DLL code installs another trojan component into an Alternate Data Stream as the following:
%SystemRoot%\%u:%u, where "%u" is a value computed from hard disk drive information (volume creation time)