Home / malware Trojan:Win32/Sirefef.O
First posted on 29 November 2011.
Source: SecurityHomeAliases :
Trojan:Win32/Sirefef.O is also known as Zero Access rootkit (other), Win-Trojan/Zaccess.816 (AhnLab), BackDoor.Maxplus.24 (Dr.Web), Win32/Sirefef.CT (ESET), Backdoor.Win32.ZAccess.ob (Kaspersky), ZeroAccess.a (McAfee), Troj/ZAccess-I (other), Trojan.Zeroaccess (Symantec), TROJ_FAKEAL.K (Trend Micro).
Explanation :
Trojan:Win32/Sirefef.O is a trojan component of the Win32/Sirefef family, and is installed by variants of TrojanDropper:Win32/Sirefef. The trojan provides functionality for other installed Win32/Sirefef rootkit components.
Top
Trojan:Win32/Sirefef.O is a trojan component of the Win32/Sirefef family and provides functionality for other installed Win32/Sirefef rootkit components.
Installation
Trojan:Win32/Sirefef.O is installed by variants of TrojanDropper:Win32/Sirefef and is commonly less than 1Kb in size. The trojan is capable of controlling access to a device object created by the main rootkit as the following:
- \??\ACPI#PNP0303#2&da1a3ff&0
The above object is used as storage by the rootkit to hide other component files.
Additional information
The presence of Trojan:Win32/Sirefef.O is an indication that the computer may be infected with other Sirefef rootkit components, such as Virus:Win32/Sirefef.M.
Analysis by Zarestel Ferrer
Last update 29 November 2011