is installed and run by other variants of Win32/Sirefef and may have the file name "800000cb.@".
provides the function call "800000cb_2" for Win32/Sirefef.
This function is used to monitor and inject Win32/Sirefef into the system process "svchost.exe".
For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.
Analysis by Shali Hsieh
The following system changes may indicate the presence of this malware:
- The presence of the file "800000cb.@"