Home Malware Programs Trojans Trojan:win64/sirefef.b

Trojan:win64/sirefef.b

Posted: August 16, 2011

Trojan:win64/sirefef.b is a damaging Trojan that can access an infected computer system without the PC user's knowledge. Trojan:win64/sirefef.b can use a large amount of your system resources to trace your computer's activities or deliver pop-up ads that may notably slow down the PC performance or even make it crash randomly. Trojan:win64/sirefef.b opens up firewalls and gathers personal information and then transmits it to remote attackers. It is strongly recommended to remove Trojan:win64/sirefef.b immediately once you detect it.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\[UserName]\Start Menu\ Settings.lnk File name: %Documents and Settings%\[UserName]\Start Menu\ Settings.lnk
File type: Shortcut
Mime Type: unknown/lnk
%AllUsersProfile%\Application Data\<random>.exe File name: %AllUsersProfile%\Application Data\<random>.exe
File type: Executable File
Mime Type: unknown/exe
%AllUsersProfile%\Application Data\<random>.dll File name: %AllUsersProfile%\Application Data\<random>.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\SYSTEM32\4DW4R3.dll File name: C:\WINDOWS\SYSTEM32\4DW4R3.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\SYSTEM32\4DW4R3sv.dat File name: C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
File type: Data file
Mime Type: unknown/dat
C:\WINDOWS\SYSTEM32\4DW4R3c.dll File name: C:\WINDOWS\SYSTEM32\4DW4R3c.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\_VOID.dat File name: C:\WINDOWS\system32\_VOID.dat
File type: Data file
Mime Type: unknown/dat
C:\WINDOWS\system32\_VOID.dll File name: C:\WINDOWS\system32\_VOID.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\uactmp.db File name: C:\WINDOWS\system32\uactmp.db
Mime Type: unknown/db
C:\WINDOWS\system32\UAC.dat File name: C:\WINDOWS\system32\UAC.dat
File type: Data file
Mime Type: unknown/dat
C:\WINDOWS\system32\UAC.db File name: C:\WINDOWS\system32\UAC.db
Mime Type: unknown/db
C:\WINDOWS\system32\uacinit.dll File name: C:\WINDOWS\system32\uacinit.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\UAC.dll File name: C:\WINDOWS\system32\UAC.dll
File type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\_VOID\_VOIDd.sys File name: C:\WINDOWS\_VOID\_VOIDd.sys
File type: System file
Mime Type: unknown/sys
C:\Documents and Settings\<username>\Application Data\_VOIDmainqt.dll %Temp%\_VOID.tmp File name: C:\Documents and Settings\<username>\Application Data\_VOIDmainqt.dll %Temp%\_VOID.tmp
File type: Temporary File
Mime Type: unknown/tmp
%Temp%\UAC.tmp File name: %Temp%\UAC.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\WINDOWS\Temp\UAC.tmp File name: C:\WINDOWS\Temp\UAC.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\WINDOWS\Temp\_VOIDtmp File name: C:\WINDOWS\Temp\_VOIDtmp
C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys File name: C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
File type: System file
Mime Type: unknown/sys
C:\WINDOWS\system32\drivers\UAC.sys File name: C:\WINDOWS\system32\drivers\UAC.sys
File type: System file
Mime Type: unknown/sys
C:\WINDOWS\system32\drivers\_VOID.sys File name: C:\WINDOWS\system32\drivers\_VOID.sys
File type: System file
Mime Type: unknown/sys

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtHKEY_CLASSES_ROOT\secfileHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sysHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download 'RunInvalidSignatures' ='1'
Loading...