PC infected with a specific virus? Get rid of it now, for free! Simply browse through our database of known viruses below and hit the download button to start the virus removal process!
Let one of Bitdefender's Microsoft Certified Tech-Pros eliminate all your PC annoyances!Find Out More
ZeroAccess/Sirefef is a sophisticated kernel-mode rootkit that gets installed when a ZeroAccess dropper gets executed. Initially, the dropper checks to see whether it is running on a 32- or a 64-bit machine by querrying the ZWQueryInformationProcess api. If it runs on a system that has UAC enabled, the malware manipulates the system to make a legit application look as if it requires escalation. This is achieved by loading a clean copy of the FlashPlayer installer that is dropped to a temporary directory. The Windows Firewall is turned off and the malware will try to disable a series of security sub-systems such as WinDefend (Windows Defender service), wscsvc (Windows Security Center service), WinHttpAutoProxySvc (Proxy Auto Discovery service). If the dropper runs on a 32-bit operating system, ZeroAccess installs a kernel-mode rootkit. If it runs on a 64-bit machine, it executes its code directly from the memory. [...]