Win32:Sirefef-PL
Posted: May 28, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 72 |
First Seen: | May 28, 2012 |
---|---|
OS(es) Affected: | Windows |
Win32:Sirefef-PL is a rootkit from the multicomponent family of Sirefef, and like most of its relatives, Win32:Sirefef-PL infects sensitive system locations to avoid detection. Other than warnings from anti-malware products, there may be no symptoms of Win32:Sirefef-PL attacks at all, although SpywareRemove.com malware researchers have found some cases of Win32:Sirefef-PL being linked to search engine hijacks and fake Windows warning messages. True to form, any one Win32:Sirefef-PL infection is highly likely to include various other types of PC threats, and you should always scan your entire PC once you are able to connect anti-malware programs that can find and remove Win32:Sirefef-PL. Allowing Win32:Sirefef-PL to remain on your computer is strongly discouraged, since Win32:Sirefef-PL's presence can coincide with massive security holes that violate the safety and basic privacy of your operating system.
Win32:Sirefef-PL: the Fake Windows Component That You Definitely Don't Need
Win32:Sirefef-PL typically installs itself into the Global Assembly Cache or GAC folder for Windows 32-bit systems. Since this location is often ignored in anti-virus and anti-malware scans, your security programs may be unable to find Win32:Sirefef-PL if you use outdated threat databases, less-thorough-than-possible scanning options or brands of anti-malware scanners that aren't designed to handle rootkits. Win32:Sirefef-PL is also likely to be installed alongside other Sirefef-based PC threats in other locations, which may, in turn, install such PC threats as browser hijackers or rogue security applications. Two PC threats that SpywareRemove.com malware researchers have, so far, confirmed as being associated with Win32:Sirefef-PL infections include Win32:DNSChanger-VJ (a browser hijacker that alters your browser's ability to parse URL names into friendly IP addresses) and Win32 malware.gen (a heuristic label for generally malicious software).
Win32:Sirefef-PL is still in active distribution as of May 2012 and can attack most versions of Windows – including Windows 7. Some known file names that SpywareRemove.com malware experts have found Win32:Sirefef-PL distributed under include Quarantine.zip, cdrom.sys, afd.sys and mrxsmb.sys. On the happy end of things, Win32:Sirefef-PL hasn't been found to have any capability of infecting non-Windows operating systems.
Seeing the Signs of Win32:Sirefef-PL Before Win32:Sirefef-PL Sees to the End of Your Hard Drive
Although you shouldn't expect to see obvious symptoms of Win32:Sirefef-PL attacks with every potential Win32:Sirefef-PL infection, SpywareRemove.com malware research team has found some notable symptoms related to occasional Win32:Sirefef-PL attacks. As noted below, these symptoms include:
- The appearance of a fake Windows warning message during system startup. This warning message will block your desktop temporarily: 'Windows 7 build 7.... This copy is not genuine.'
- Search engine redirects to spam and advertisement-based search engine sites, especially when you use a popular site (such as Google or Bing).
However, anti-malware software that disinfects Win32:Sirefef-PL and all related PC threats can also remove the causes of these attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 117.24 KB (117248 bytes)
MD5: 90ec3159ea62fc4ad432ff277edf877b
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 162.81 KB (162816 bytes)
MD5: 16fae67ec1339e7558f201f720b95c64
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 200.7 KB (200704 bytes)
MD5: 35826874b700da804e17ca297773bf4f
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 273.4 KB (273408 bytes)
MD5: 28b78767ef0a9ea7c49df3b368b59065
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
folooon9.htm
File name: folooon9.htmSize: 98.87 KB (98871 bytes)
MD5: 9eb1fb3125c48ce1f3a4a2bb00266349
Detection count: 45
Mime Type: unknown/htm
Group: Malware file
Last Updated: June 20, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.