Home / malware Trojan:Win32/Sirefef.AC
First posted on 11 April 2012.
Source: MicrosoftAliases :
Trojan:Win32/Sirefef.AC is also known as W32/Troj_Generic.UUZF (Norman), Rootkit.ZeroAccess.Gen.4 (VirusBuster), Trojan horse Crypt.AQLW (AVG), TR/Sirefef.BV.2 (Avira), Trojan.Sirefef.BV (BitDefender), BackDoor.Maxplus.3710 (Dr.Web), Trojan.Sirefef (Ikarus), ZeroAccess (McAfee), Troj/ZAccess-AH (Sophos), Trojan.Zeroaccess!inf (Symantec), TROJ_ZACCESS.CQJ (Trend Micro).
Explanation :
Trojan:Win32/Sirefef.AC is a component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload.
Top
Trojan:Win32/Sirefef.AC is a component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the payload.
Trojan:Win32/Sirefef.AC is a service control program (a service that starts and controls services) used by Win32/Sirefef, responsible for starting or stopping a malicious service components, and communicating back to Microsoft Windows Service Control Manager the malicious service's current status. Trojan:Win32/Sirefef.AC also hides executable code stored in a cabinet file which is hidden in its extended file attributes data stream, which gets loaded and executed during runtime.
Analysis by Stefan Sellmer
Last update 11 April 2012