Win64/Sirefef.W

Win64/Sirefef.W is a component of a Sirefef (or ZeroAccess) rootkit infection, a PC threat that uses multiple components like Win64/Sirefef.W to accomplish browser redirects, install other PC threats and disable Windows security features. Because Win64/Sirefef.W can use random .dll file names to conceal itself and may be present in multiple iterations, detecting Win64/Sirefef.W can be particularly difficult without anti-malware software, and Win64/Sirefef.W's attacks aren't guaranteed to leave behind obvious symptoms. SpywareRemove.com malware research team also notes that the presence of individual Sirefef components like Win64/Sirefef.W usually occurs alongside other Sirefef rootkits and Trojans, all of which should be considered hostile to your PC. Like all Sirefef-related PC threats, Win64/Sirefef.W should be detected and deleted with appropriate security software, preferably via complete system scans that can also detect any other malicious software that may have been installed.

Win64/Sirefef.W: the Tip of an Iceberg Lumbering Towards Your Computer

Win64/Sirefef.W is a member of the same family as Sirefef-based PC threats like Trojan:Win32/Sirefef.S, Trojan:Win32/Sirefef.AA, TrojanDropper:Win32/Sirefef.A!dll, Trojan:Win32/Sirefef.AC and Trojan:Win32/Sirefef.AH, any of which may be included in a single instance of a ZeroAccess rootkit or Sirefef-based infection. Although Win64/Sirefef.W is designed to infect 64-bit Windows computers, other Trojans and rootkits from this family have been noted to attack 32-bit systems or even feature cross-compatibility between the two. SpywareRemove.com malware researchers also raise the important point that Win64/Sirefef.W and related PC threats are often distributed from within installation packages for criminal programs, such as key generators and cracks for illegally-downloaded software – accordingly, avoiding illegal file downloads is one of many viable strategies for minimizing contact with Win64/Sirefef.W.

Win64/Sirefef.W was first identified in March of 2012, and, like most of its family, lacks obvious symptoms of its attacks. Although complete analysis of Win64/Sirefef.W's capabilities remains forthcoming, common attacks by Win64/Sirefef.W-related infections often include:

• Exposure to pay-per-click advertisements.
• Disabled Windows applications, such as Windows Firewall, Security Center and Windows Defender.
• Hijacked search results that redirect you to unrelated or malicious sites.

Why Catching Win64/Sirefef.W Isn't as Easy as It Would Seem

Win64/Sirefef.W uses standard Sirefef-based tactics to avoid detection by installing itself as a copy of a normal system driver, albeit a copy that includes Win64/Sirefef.W's code. Win64/Sirefef.W may also attempt to conceal itself from anti-malware programs by redirecting system scans to the original system driver if Win64/Sirefef.W detects an attempt to scan its copy. These advanced obfuscation techniques lead SpywareRemove.com malware researchers to encourage you to use only the best and most updated anti-malware programs available to remove Win64/Sirefef.W. Manual deletion of Win64/Sirefef.W can damage your operating system if done improperly, and should be discouraged if other options are available for that very reason.

Win64/Sirefef.W infections will almost always include other components of a Sirefef or ZeroAccess infection that can cause other attacks and use other methods to avoid detection, which SpywareRemove.com malware analysts stress is a good reason to scan your entire PC during a Win64/Sirefef.W infection. Win64/Sirefef.W will load with Windows and should be assumed, like the rest of its kin, to be operational until removed by a suitable security program.

Technical Details