We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win64/Sirefef.P
Aliases: Trojan.Sirefef.FS (BitDefender) Win64/Sirefef.W (ESET) HEUR:Backdoor.Win64.Generic (Kaspersky) ZeroAccess (McAfee) Troj/Sirefef-AP (Sophos) TROJ_SIREFEF.RB (Trend Micro)
Summary
Windows Defender detects and removes this threat.
It is a user-mode component of Win32/Sirefef - a multi-component family of malware that meddles with your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that do different functions, like downloading updates and additional components, hiding existing components, or doing a payload.
The following free Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Run the Microsoft Safety Scanner
If you're having trouble cleaning Win32/Sirefef, the Microsoft Safety Scanner may help you remove it:
After you've used the Microsoft Safety Scanner, you should make sure your security software is up to date and run a full scan:
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
Note that as part of the cleaning, our software might change some Windows services back to their default settings. If you had previously changed these settings, you might need to change them again.
The services that are reset include:
- BFE – Base Filtering Engine
- Iphlsvc – IP helper Service
- MSMpSvc – Microsoft Antimalware service – MSE/FEP/SCEP
- Sharedaccess – Internet Connection Sharing
- WinDefend – Microsoft Antimalware service
- Wscsvc - Windows Security Center
You can also visit the Microsoft virus and malware community for more help.