Home Malware Programs Trojans Win64:Sirefef-A

Win64:Sirefef-A

Posted: August 1, 2012

Threat Metric

Ranking: 10,891
Threat Level: 9/10
Infected PCs: 752
First Seen: August 1, 2012
Last Seen: September 27, 2023
OS(es) Affected: Windows

Win64:Sirefef-A is a Trojan variant from the Sirefef family, a group of PC threats that are dedicated to creating backdoor vulnerabilities, downloading other forms of hostile software and disabling default security features. Win64:Sirefef-A, like many members of Sirefef, bears some traits of a rootkit and may often (but not always) be installed along with other Trojans and Sirefef-related malware. Side effects from Win64:Sirefef-A's attacks can include system freezes and critical system errors that force your computer to reboot, and SpywareRemove.com malware analysts suggest that you treat Win64:Sirefef-A as a high-level threat until you can delete Win64:Sirefef-A with suitably-sophisticated anti-malware utilities.

Why That Premium Theme May Cost More Than You Can Handle

Recent infections involving Win64:Sirefef-A (as of July 2012) have been found to use fake Tumblr sites that claim to be selling 'premium' themes. Just visiting these sites is enough to infect your PC, since they use drive-by-download exploits to install Win64:Sirefef-A without your consent. Related PC threats that may also be installed with Win64:Sirefef-A include a variant of DNS Changer (Win32:DNSChanger-VJ), a Trojan downloader (Win32:Downloader-PKU) and heuristically-detected malware (win32:malware-gen).

The immediate and most prominent symptom of a Win64:Sirefef-A infection is a total system freeze that forces a hard reboot of your PC. This doesn't stop with just Win64:Sirefef-A's installation and can continue throughout your attempts at computer usage while Win64:Sirefef-A is active, along with critical system errors that require soft reboots. SpywareRemove.com malware researchers note that using Safe Mode (a standard Windows feature) will prevent Win64:Sirefef-A from causing these side effects and can be used to help remove Win64:Sirefef-A with anti-malware software.

Other issues that are symptomatic of attacks by Win64:Sirefef-A and related PC threats include search engine redirects, a slowdown of your operating system, random device functionality errors and security-related program malfunctions. However, these symptoms may not appear in all Win64:Sirefef-A infections, unlike the issues noted earlier.

The Trouble with Breaking Through Win64:Sirefef-A's OS-Chilling Attacks

Win64:Sirefef-A, like most Sirefef-based PC threats, uses rootkit techniques to contaminate natural system components of Windows. These whitelisted files will be ignored by some anti-malware programs and should never be deleted manually due to damage the act would cause to your operating system. Although Win64:Sirefef-A is designed for 64-bit versions of Windows, other members of the Sirefef family have also been seen attacking 32-bit Windows platforms.

Besides using Safe Mode, SpywareRemove.com malware researchers have also found use in booting from a removable media drive to verify that no other PC threats are operating during the time of a system scan. Anti-malware products that have a good track record for removing rootkits and other high-level threats should be able to remove Win64:Sirefef-A without any long term damage.

Loading...