Home Malware Programs Trojans Win32:Sirefef-ZT

Win32:Sirefef-ZT

Posted: October 15, 2012

Threat Metric

Threat Level: 9/10
Infected PCs: 24
First Seen: October 15, 2012
OS(es) Affected: Windows

Win32:Sirefef-ZT is a Trojan that's injected into the process Services.exe (a normal Windows file) by other components of the Sirefef or ZeroAccess infection. Win32:Sirefef-ZT also is responsible for exerting control over another component, the Trojan Trojan:Win64/Sirefef.Y, which disables your firewall and creates a backdoor vulnerability in your computer. SpywareRemove.com malware researchers recommend that you treat Win32:Sirefef-ZT as a high-level threat to your computer, since Win32:Sirefef-ZT always will be installed along with other Sirefef-based Trojans that can be responsible for attacks up to and including the theft of highly confidential information. Since Win32:Sirefef-ZT's code is utilized from within a Windows process, you should use appropriately advanced anti-malware programs to delete Win32:Sirefef-ZT and other Sirefef-based PC threats as soon as possible.

Win32:Sirefef-ZT and the Download that Douses Your Firewall

Sirefef Trojans like Win32:Sirefef-ZT (which, due to its code insertion into Services.exe, also may be labeled as a virus) usually are installed by a single dropper or downloader for the family, which infects PCs by various methods. Infection vectors for Sirefef-based PC threats like Win32:Sirefef-ZT Trojans include both spam e-mail links as well as media codecs, illegal game installers and piracy tools like key generators/software cracks. Once Win32:Sirefef-ZT is installed, Win32:Sirefef-ZT launches with Windows and doesn't display separate file or memory process – a malicious defense technique that SpywareRemove.com malware experts have found to be common to the Sirefef/ZeroAccess family.

Win32:Sirefef-ZT is designed to load a second Trojan, which is identified as Trojan:Win64/Sirefef.Y, Win64/Sirefef.W or Trojan.Sirefef.FR. Sirefef.Y deactivates the service associated with Windows Firewall and also opens a port that can be accessed by Command & Control servers. This state of affairs creates an overall vulnerability on your computer that can be used to attack it, with typical attacks including the installation of other malware or the transferal of private information (passwords, account names, and similar) from your PC to a remote server. SpywareRemove.com malware researchers also warn that Win32:Sirefef-ZT doesn't display symptoms of its activities.

Why Stopping Win32:Sirefef-ZT is a Far from Hopeless Struggle

While Win32:Sirefef-ZT doesn't have any symptoms that are linked to its attacks, overall Sirefef infections may be responsible for several side effects that can be observed as indications of the necessity of hasty anti-malware scans. Poor system performance, periodic loss of Internet connectivity, disabled security programs (particularly the aforementioned Windows Firewall) and unusual system resource usages all may be related to the presence of Win32:Sirefef-ZT and other Sirefef Trojans. Since Sirefef Trojans remain high on the list of heavily-distributed PC threats, SpywareRemove.com malware researchers recommend scanning your PC after any hint of the above problems appearing on a recurring basis.

Because of the advanced nature of Win32:Sirefef-ZT and its complicity with related PC threats, some anti-malware programs may be able to detect but unable to remove Win32:Sirefef-ZT. Guidelines that SpywareRemove.com malware analysts have offered to help mitigate these situations include:

  • Updating all databases for your anti-malware programs so that they can identify recent variants of Sirefef and Win32:Sirefef-ZT.
  • Using Safe Mode for all scans, which will disable relatively primitive PC threats that don't use boot loader-related exploits or other types of advanced coding tricks.
  • Installing a backup operating system onto a USB device, which can be used to boot your machine safely.
Loading...