Trojan:win64/sirefef.b
Trojan:win64/sirefef.b is a damaging Trojan that can access an infected computer system without the PC user's knowledge. Trojan:win64/sirefef.b can use a large amount of your system resources to trace your computer's activities or deliver pop-up ads that may notably slow down the PC performance or even make it crash randomly. Trojan:win64/sirefef.b opens up firewalls and gathers personal information and then transmits it to remote attackers. It is strongly recommended to remove Trojan:win64/sirefef.b immediately once you detect it.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Documents and Settings%\[UserName]\Start Menu\ Settings.lnk
File name: %Documents and Settings%\[UserName]\Start Menu\ Settings.lnkFile type: Shortcut
Mime Type: unknown/lnk
%AllUsersProfile%\Application Data\<random>.exe
File name: %AllUsersProfile%\Application Data\<random>.exeFile type: Executable File
Mime Type: unknown/exe
%AllUsersProfile%\Application Data\<random>.dll
File name: %AllUsersProfile%\Application Data\<random>.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\SYSTEM32\4DW4R3.dll
File name: C:\WINDOWS\SYSTEM32\4DW4R3.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\SYSTEM32\4DW4R3sv.dat
File name: C:\WINDOWS\SYSTEM32\4DW4R3sv.datFile type: Data file
Mime Type: unknown/dat
C:\WINDOWS\SYSTEM32\4DW4R3c.dll
File name: C:\WINDOWS\SYSTEM32\4DW4R3c.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\_VOID.dat
File name: C:\WINDOWS\system32\_VOID.datFile type: Data file
Mime Type: unknown/dat
C:\WINDOWS\system32\_VOID.dll
File name: C:\WINDOWS\system32\_VOID.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\uactmp.db
File name: C:\WINDOWS\system32\uactmp.dbMime Type: unknown/db
C:\WINDOWS\system32\UAC.dat
File name: C:\WINDOWS\system32\UAC.datFile type: Data file
Mime Type: unknown/dat
C:\WINDOWS\system32\UAC.db
File name: C:\WINDOWS\system32\UAC.dbMime Type: unknown/db
C:\WINDOWS\system32\uacinit.dll
File name: C:\WINDOWS\system32\uacinit.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\system32\UAC.dll
File name: C:\WINDOWS\system32\UAC.dllFile type: Dynamic link library
Mime Type: unknown/dll
C:\WINDOWS\_VOID\_VOIDd.sys
File name: C:\WINDOWS\_VOID\_VOIDd.sysFile type: System file
Mime Type: unknown/sys
C:\Documents and Settings\<username>\Application Data\_VOIDmainqt.dll %Temp%\_VOID.tmp
File name: C:\Documents and Settings\<username>\Application Data\_VOIDmainqt.dll %Temp%\_VOID.tmpFile type: Temporary File
Mime Type: unknown/tmp
%Temp%\UAC.tmp
File name: %Temp%\UAC.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\WINDOWS\Temp\UAC.tmp
File name: C:\WINDOWS\Temp\UAC.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\WINDOWS\Temp\_VOIDtmp
File name: C:\WINDOWS\Temp\_VOIDtmpC:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sys
File name: C:\WINDOWS\SYSTEM32\DRIVERS\4DW4R3.sysFile type: System file
Mime Type: unknown/sys
C:\WINDOWS\system32\drivers\UAC.sys
File name: C:\WINDOWS\system32\drivers\UAC.sysFile type: System file
Mime Type: unknown/sys
C:\WINDOWS\system32\drivers\_VOID.sys
File name: C:\WINDOWS\system32\drivers\_VOID.sysFile type: System file
Mime Type: unknown/sys
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtHKEY_CLASSES_ROOT\secfileHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4DW4R3HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sysHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\_VOIDd.sysHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download 'RunInvalidSignatures' ='1'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.