Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

You can download the removal tool here .
Short description
Win32/Sirefef.A is a trojan that redirects results of online search engines to web sites that contain adware.
Installation
The trojan creates copies of the following files (source, destination):
  • c:\windows\system32\eventlog.dll, c:\windows\system32\
    logevent.dll
  • c:\windows\system32\cngaudit.dll, c:\windows\system32\
    logevent.dll
The trojan then deletes source files.

The trojan drops one of the following files in the c:\windows\system32\ folder:
  • eventlog.dll (61952 B)
  • cngaudit.dll (61952 B)
The following files are dropped into the %systemdrive%\windows\ folder:
  • win32k.sys:1 (12288 B)
  • win32k.sys:2 (61952 B)
The trojan may create and run a new thread with its own program code within any running process.
Other information
The trojan can redirect results of online search engines to web sites that contain adware.

The trojan launches the following processes:
  • %windir%\PCHealth\HelpCtr\Binaries\HelpSvc.exe


The trojan creates the following files:
  • %commondocuments%\Thumbs.db
It uses techniques common for rootkits.