Home / malware Trojan:Win32/Sirefef.AL
First posted on 23 June 2012.
Source: MicrosoftAliases :
Trojan:Win32/Sirefef.AL is also known as Rootkit.ZeroAccess.Gen.4 (VirusBuster), Trojan.Sirefef.FZ (BitDefender), Trojan.Win32.Sirefef (Ikarus), Trojan.Win32.Zapchast.acao (Kaspersky), ZeroAccess.eh (McAfee), Troj/Sirefef-AZ (Sophos), TROJ_SIREFEF.EM (Trend Micro).
Explanation :
Trojan:Win32/Sirefef.AL is a component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results, and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.
Installation
Trojan:Win32/Sirefef.AL is installed and run by other variants of Win32/Sirefef and may have the file name "800000cb.@".
Payload
Trojan:Win32/Sirefef.AL provides two function calls for Win32/Sirefef:
- 800000cb_2
This function is used to monitor and inject Win32/Sirefef into the system process "£svchost.exe$".
For more information, please see the Win32/Sirefef family entry elsewhere in our encyclopedia.
Analysis by Shali Hsieh
Last update 23 June 2012
