NEW BLOG POST: Windows Defender AV’s behavior monitoring coupled with cloud-powered machine learning models uncovered and blocked a massive Dofoil (Smoke Loader) coin mining campaign. Read the post
Aliases: Dropper/Smiscer.79360.B (AhnLab) W32/Dropper.AYXZ (Command) W32/Obfuscated.T (Norman) Trojan.DR.Smiscer!DcK/dp3l7Dg (VirusBuster) Trojan horse Crypt.NSQ (AVG) TR/Drop.Smiscer.HF.1 (Avira) Trojan.Generic.IS.439387 (BitDefender) Win32/Sirefef.Z (CA) BackDoor.Maxplus.6 (Dr.Web) Win32/Sirefef.P (ESET) Trojan-Dropper.Win32.Smiscer (Ikarus) Trojan-Dropper.Win32.Smiscer.hf (Kaspersky) Trj/Dropper.WF (Panda) Trojan.Win32.Generic.51F92A9D (Rising AV) Mal/EncPk-NL (Sophos) Trojan-Dropper.Win32.Smiscer.hl (Sunbelt Software) TROJ_Gen.CX34I8 (Trend Micro) ZeroAccess rootkit (other) ZeroAccess (other)
TrojanDropper:Win32/Sirefef.B is a trojan that drops Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:
Before you begin you will need:
- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer
- Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
- Save a copy of the Scanner on a blank CD, DVD, or USB drive
- Restart the infected computer
- Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
- Let the Scanner clean your computer and remove any infections it finds
As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.