Trojan:Win64/Sirefef.D Description

The Trojan:Win64/Sirefef.D Trojan is what is known as a Trojan dropper. This means that Trojan:Win64/Sirefef.D is used as a delivery system for other malware. As part of its infection process, a Trojan dropper ‘drops’ or installs malware onto the victim’s computer. Trojan:Win64/Sirefef.D in particular is a rootkit dropper, that is, Trojan:Win64/Sirefef.D is specifically designed to infect a computer system with a rootkit. Rootkits are notorious as being some of the most difficult to remove malware infections. In fact, some kinds of rootkits are so difficult to remove that it is often almost impossible to know for certain if the rootkit has been fully removed from the infected computer system. In the case of many rootkit infections, reformatting the infected hard drive may be the only option that is guaranteed to remove the problem. In almost all cases, rootkits require a specific anti-rootkit tool or very strong anti-malware software. This is why it is preferable to protect your computer system from malware such as Trojan:Win64/Sirefef.D, before this kind of infection leads to a much more dangerous rootkit infection. Trojan:Win64/Sirefef.D has been closely linked to the ZeroAccess rootkit, a malware threat that, while still extremely dangerous, is relatively tame when compared to other rootkits. The ZeroAccess rootkit is usually associated with browser redirects and several online scams involving fake search engines, rogue security programs, and browser hijackers such as the Google Redirect Virus.

Dealing With Variants of Trojan:Win64/Sirefef.D

According to ESG PC security researchers, there are various versions of Trojan:Win64/Sirefef.D. Each variant of this malware infection is identified with a letter; for instance, Trojan:Win64/Sirefef.D is the “D” variant. As of November of 2011, variants “A” through “E” of Trojan:Win64/Sirefef.D have been identified in the wild. However, it is very likely that new variants of Trojan:Win64/Sirefef.D will continue to appear regularly. These variants are created to increase the difficulty of identifying and removing Trojan:Win64/Sirefef.D, giving Trojan:Win64/Sirefef.D leeway to deliver its payload and cause the victim’s computer to become infected with a dangerous rootkit. Trojan:Win64/Sirefef.D is designed to attack 64-bit versions of the Windows operating system. There are variants of Trojan:Win64/Sirefef.D, such as the “B” variant, which are expressly designed to attack computers with a 32-bit operating system.

Type: Trojans

How Can You Detect Trojan:Win64/Sirefef.D?

Trojan:Win64/Sirefef.D Removal Details

Trojan:Win64/Sirefef.D has typically the following processes in memory:

• %AllUsersProfile%\Application Data\.dll

Trojan:Win64/Sirefef.D creates the following files in the system:

• %AllUsersProfile%\Application Data\.exe(looks like Trojan:win64/sirefef.D)

Trojan:Win64/Sirefef.D creates the following registry entries:

• HKEY_CURRENT_USER\Software\Wow6432Node
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Trojan:win64/sirefef.D”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run “Trojan:win64/sirefef.D”

Important Article Disclaimer