Sirefef

By Domesticus in Trojans | 14,023 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (13 votes, average: 3.62 out of 5)
Loading ... Loading ...
 More... More

Sirefef Description

Sirefef is a multi-component malware family that has been very active in 2012. Commonly known as a variant of the infamous ZeroAccess family of rootkits, any infection associated with a Sirefef component is considered extraordinarily severe by ESG security researchers. ESG security analysts strongly recommend using an advanced anti-malware solution with anti-rootkit capabilities to remove any component in the Sirefef family. Due to Sirefef’s advanced rootkit techniques, this malware infection can evade detection and removal and improper removal can lead to irreparable operating system damage. Because of this, ESG malware analysts strongly dissuade any attempt to remove any Sirefef component manually.

Since there are many components involved in a Sirefef infection and countless variants of this malware infection, the actual payload of this infection varies from one case to another. ESG security researchers have noted that the Sirefef family of malware has been used to protect and install browser hijackers, fake security programs (Sirefef has been particularly linked to a massive outbreak of FakeVimes infections in 2012), and banking Trojans. However, most variants in the Sirefef family will have the following features:

  1. Malware in the Sirefef family has the ability to set up a backdoor into the compromised computer and contact a remote host in order to receive or send data.
  2. Sirefef malware can download and execute malicious files from a remote server.
  3. Malware components of the Sirefef family use advanced rootkit techniques to evade detection by most security programs and have the ability to disable many security applications and Windows components that are not properly updated.

Malware in the Sirefef family tend to infect system drivers and can reinstall themselves automatically after removal. They will also use advanced encryption to hide their components in a hidden file system within the infected hard drive. Due to the severity of a Sirefef-related infection, some essential system files may become irrevocably corrupted. In these cases, it may be necessary to reinstall your operating system and lose your data completely. The AA, AC, and AH variants of the Sirefef family (Trojan:Win32/Sirefef.AA, for example) will typically infect the victim’s computer system so severely that it may be necessary to wipe the victim’s hard drive and reinstall Windows entirely in order to be completely sure that the Sirefef infection has been removed completely.

Type: Trojans

How Can You Detect Sirefef?

Download SpyHunter’s Detection Scanner
to Detect Sirefef.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Sirefef Removal Details

Sirefef has typically the following processes in memory:

  • afd.sys
  • mrxsmb.sys
  • i8042prt.sys
  • netbt.sys
  • raspppoe.sys
  • win32k.sys
  • ipsec.sys
  • serial.sys

Important Article Disclaimer

ESG Support Center

This entry was last updated on 07/23/12 and posted on 03/18/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« Trojan Horse Generic27.AMVC
Windows Health Keeper »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.