The following system changes may indicate the presence of this malware:
The presence of the following file: Akapulko.exe
Trojan:Win32/Sirefef.M is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
What to do now
Win32/Sirefef is a dangerous threat that uses advanced stealth techniques to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove it.
Download and run the Microsoft Safety Scanner
Before you begin you will need:
A PC that is not infected and is connected to the Internet. You will use this PC to download a copy of the Microsoft Safety Scanner
A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected PC
For information on the files and registry entries Win32/Sirefef.M creates, please refer to the Rogue:Win32/Sirefef, containing the interface and controls used to display the fake security scanner.
Downloads and executes arbitrary files
Trojan:Win32/Sirefef.M contacts a specific IP address on port 8082, downloading a resource only DLL detected as Rogue:Win32/Sirefef, containing the interface and controls used to display the fake security scanner.
For more details about the payload of this Rogue, please refer to the Rogue:Win32/Sirefef description.