Win32:Sirefef-PL

Win32:Sirefef-PL is a rootkit from the multicomponent family of Sirefef, and like most of its relatives, Win32:Sirefef-PL infects sensitive system locations to avoid detection. Other than warnings from anti-malware products, there may be no symptoms of Win32:Sirefef-PL attacks at all, although SpywareRemove.com malware researchers have found some cases of Win32:Sirefef-PL being linked to search engine hijacks and fake Windows warning messages. True to form, any one Win32:Sirefef-PL infection is highly likely to include various other types of PC threats, and you should always scan your entire PC once you are able to connect anti-malware programs that can find and remove Win32:Sirefef-PL. Allowing Win32:Sirefef-PL to remain on your computer is strongly discouraged, since Win32:Sirefef-PL's presence can coincide with massive security holes that violate the safety and basic privacy of your operating system.

Win32:Sirefef-PL: the Fake Windows Component That You Definitely Don't Need

Win32:Sirefef-PL typically installs itself into the Global Assembly Cache or GAC folder for Windows 32-bit systems. Since this location is often ignored in anti-virus and anti-malware scans, your security programs may be unable to find Win32:Sirefef-PL if you use outdated threat databases, less-thorough-than-possible scanning options or brands of anti-malware scanners that aren't designed to handle rootkits. Win32:Sirefef-PL is also likely to be installed alongside other Sirefef-based PC threats in other locations, which may, in turn, install such PC threats as browser hijackers or rogue security applications. Two PC threats that SpywareRemove.com malware researchers have, so far, confirmed as being associated with Win32:Sirefef-PL infections include Win32:DNSChanger-VJ (a browser hijacker that alters your browser's ability to parse URL names into friendly IP addresses) and Win32 malware.gen (a heuristic label for generally malicious software).

Win32:Sirefef-PL is still in active distribution as of May 2012 and can attack most versions of Windows – including Windows 7. Some known file names that SpywareRemove.com malware experts have found Win32:Sirefef-PL distributed under include Quarantine.zip, cdrom.sys, afd.sys and mrxsmb.sys. On the happy end of things, Win32:Sirefef-PL hasn't been found to have any capability of infecting non-Windows operating systems.

Seeing the Signs of Win32:Sirefef-PL Before Win32:Sirefef-PL Sees to the End of Your Hard Drive

Although you shouldn't expect to see obvious symptoms of Win32:Sirefef-PL attacks with every potential Win32:Sirefef-PL infection, SpywareRemove.com malware research team has found some notable symptoms related to occasional Win32:Sirefef-PL attacks. As noted below, these symptoms include:

• The appearance of a fake Windows warning message during system startup. This warning message will block your desktop temporarily: 'Windows 7 build 7.... This copy is not genuine.'
• Search engine redirects to spam and advertisement-based search engine sites, especially when you use a popular site (such as Google or Bing).

However, anti-malware software that disinfects Win32:Sirefef-PL and all related PC threats can also remove the causes of these attacks.

Technical Details