Posted: May 28, 2012
Threat Metric
Threat Level: 10/10
Infected PCs 72

Win32:Sirefef-PL Description

Win32:Sirefef-PL is a rootkit from the multicomponent family of Sirefef, and like most of its relatives, Win32:Sirefef-PL infects sensitive system locations to avoid detection. Other than warnings from anti-malware products, there may be no symptoms of Win32:Sirefef-PL attacks at all, although malware researchers have found some cases of Win32:Sirefef-PL being linked to search engine hijacks and fake Windows warning messages. True to form, any one Win32:Sirefef-PL infection is highly likely to include various other types of PC threats, and you should always scan your entire PC once you are able to connect anti-malware programs that can find and remove Win32:Sirefef-PL. Allowing Win32:Sirefef-PL to remain on your computer is strongly discouraged, since Win32:Sirefef-PL's presence can coincide with massive security holes that violate the safety and basic privacy of your operating system.

Win32:Sirefef-PL: the Fake Windows Component That You Definitely Don't Need

Win32:Sirefef-PL typically installs itself into the Global Assembly Cache or GAC folder for Windows 32-bit systems. Since this location is often ignored in anti-virus and anti-malware scans, your security programs may be unable to find Win32:Sirefef-PL if you use outdated threat databases, less-thorough-than-possible scanning options or brands of anti-malware scanners that aren't designed to handle rootkits. Win32:Sirefef-PL is also likely to be installed alongside other Sirefef-based PC threats in other locations, which may, in turn, install such PC threats as browser hijackers or rogue security applications. Two PC threats that malware researchers have, so far, confirmed as being associated with Win32:Sirefef-PL infections include Win32:DNSChanger-VJ (a browser hijacker that alters your browser's ability to parse URL names into friendly IP addresses) and Win32 malware.gen (a heuristic label for generally malicious software).

Win32:Sirefef-PL is still in active distribution as of May 2012 and can attack most versions of Windows – including Windows 7. Some known file names that malware experts have found Win32:Sirefef-PL distributed under include, cdrom.sys, afd.sys and mrxsmb.sys. On the happy end of things, Win32:Sirefef-PL hasn't been found to have any capability of infecting non-Windows operating systems.

Seeing the Signs of Win32:Sirefef-PL Before Win32:Sirefef-PL Sees to the End of Your Hard Drive

Although you shouldn't expect to see obvious symptoms of Win32:Sirefef-PL attacks with every potential Win32:Sirefef-PL infection, malware research team has found some notable symptoms related to occasional Win32:Sirefef-PL attacks. As noted below, these symptoms include:

  • The appearance of a fake Windows warning message during system startup. This warning message will block your desktop temporarily: 'Windows 7 build 7.... This copy is not genuine.'
  • Search engine redirects to spam and advertisement-based search engine sites, especially when you use a popular site (such as Google or Bing).

However, anti-malware software that disinfects Win32:Sirefef-PL and all related PC threats can also remove the causes of these attacks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Win32:Sirefef-PL may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe File name: file.exe
Size: 273.4 KB (273408 bytes)
MD5: 28b78767ef0a9ea7c49df3b368b59065
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
folooon9.htm File name: folooon9.htm
Size: 98.87 KB (98871 bytes)
MD5: 9eb1fb3125c48ce1f3a4a2bb00266349
Detection count: 45
Mime Type: unknown/htm
Group: Malware file
Last Updated: June 20, 2012

More files

Home Malware Programs Rootkits Win32:Sirefef-PL

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.