is the detection for a component of the Win32/Sirefef family - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload.
The main executable for Trojan:Win32/Sirefef.N may be found in the following folder, along with other files related to Win32/Sirefef:
where <number> is a randomly-generated number. The files stored under this folder cannot normally be accessed.
is used to access the device object created by a Sirefef rootkit.
The presence of Trojan:Win32/Sirefef.N is an indication that the computer may be infected with other Sirefef rootkit components, such as Virus:Win32/Sirefef.M.
Analysis by Mihai Calota
The following system changes may indicate the presence of this malware:
- The presence of the following folder: