Sirefef Malware Overview

Sirefef malware (also known as ZeroAccess) can take many forms. It is considered a multi-component malware family, which means that it can be deployed in different ways, such as a rootkit, a virus, or a Trojan horse.


As a rootkit, Sirefef gives attackers full access to your system while using stealth techniques to hide their presence from the affected device. Sirefef hides itself by altering the internal processes of an operating system so that your antivirus and antispyware cannot detect it. It includes a sophisticated self-defense mechanism that kills any security-related process that attempts to access it.


Like a virus, Sirefef attaches itself to an application. When the infected application is run, Sirefef is run. Consequently, it will trigger and deliver its payload, such as capturing your sensitive information, deleting critical system files, and enabling backdoors for attackers to use and access your system over the Internet.

Troy Horse

You can also get infected with Sirefef in the form of a Trojan horse. Sirefef can be disguised as a legitimate application, such as a utility, a game, or even a free antivirus program. The attackers use this technique to trick you into downloading the fake app, and once you allow the app to run on your computer, the hidden Sirefef malware is executed.

pirate software

There are many ways your system can get infected with this malware. Sirefef is often distributed using exploits that promote software piracy. Pirated software often requires key generators (keygens) and password crackers (cracks) to bypass software licensing. When pirated software is run, the malware replaces critical system drivers with its own malicious copy in an attempt to trick the operating system. Subsequently, the malicious driver will be loaded every time the operating system is started.

infected websites

Another way that Sirefef can install on your computer is by visiting infected websites. An attacker can compromise a legitimate website with Sirefef malware that will infect your computer when you visit the site. An attacker can also trick you into visiting a bad site through phishing. Phishing is the practice of sending spam email to users with the intent of tricking them into revealing sensitive information or clicking on a link. In this case, you will receive an email inviting you to click on a link that will take you to an infected website.

Useful load

Sirefef communicates with remote hosts through a peer-to-peer (P2) protocol. It uses this channel to download other malware components and hides them in Windows directories. Once installed, the components are capable of performing the following tasks:

  • Stops Windows Firewall — Sirefef attempts to disable Windows Firewall to ensure that its own traffic is not interrupted.
  • Stops Windows Defender service — By stopping Windows Defender, Sirefef can run its malicious code undetected.
  • Changes your Internet browser settings — You may experience changes with your Internet browser, such as changes to your home page and changes to your search engine results.
  • Remote host contacts — Sirefef can send information about your infected computer and can create a network of other infected computers to coordinate a much larger attack, such as a botnet (zombie) attack.
  • Create a folder to store other malware — Sirefef will download other malware and store it in hidden files.

Sirefef is serious malware that can harm your computer in various ways. Once installed, Sirefef can make lasting changes to your computer’s security settings and can be difficult to remove. By taking mitigation steps, you can help prevent this malicious attack from infecting your computer.