Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: J.Stalin on June 30, 2012, 11:21:33 PM

Title: Cryptic names
Post by: J.Stalin on June 30, 2012, 11:21:33 PM

Does anyone know where I can read what the cryptic names of the malware means?
Example: Win32:Sirefef-AAP [Rtk]
Thank you in advance.

Title: Re: Cryptic names
Post by: essexboy on June 30, 2012, 11:34:14 PM

Rtk stands for Rootkit
Sirfef is a nasty pieces of malware that changes on an almost daily basis

Quote

Win32/Sirefef is a multi-component family of malware that uses stealth to hide its presence on an affected computer. Due to the nature of this threat, the payload may vary greatly from one infection to another, although common behavior includes:

Downloading and executing of arbitrary files
Contacting remote hosts
Disabling of security features

Quote

Sirefef utilizes a peer-to-peer (P2P) protocol to download or update additional malware components from remote peers. The downloaded components are saved to the U\ directory in a hidden folder that it creates for this purpose. The downloaded components may:

Moderate an affected user's Internet experience by modifying search results
Generate pay-per-click advertising revenue for its controllers
Run Bitcoin (digital currency) mining on the affected computer

Title: Re: Cryptic names
Post by: J.Stalin on June 30, 2012, 11:59:18 PM

Thanks, but it was more a question if Avast have the explanations written somewhere.
This particular rootkit positive is probably false. It has been on my pc since february 2008, and now suddently Avast detects it as a rootkit:
C:\Program files\BartPebuilder3110a\BartPE\iso\I386\SYSTEM32\DRIVERS\CERCSR6.SYS is infected by Win32:Sirefef-AAP [Rtk]
 

Title: Re: Cryptic names
Post by: DavidR on July 01, 2012, 12:42:35 AM

If you do a forum search for the CERCSR6.SYS file name you will see a number of them, it is a confirmed FP and the virus definitions have already been update to correct it.

Is the file still in the original location or in the chest ?

Title: Re: Cryptic names
Post by: J.Stalin on July 01, 2012, 12:54:13 AM

I ran a boot time scan app. 15 hours ago with updated virus defs, and the file was detected.
I always choose "ignore" in the boot scan settings, so the old file is still there  :)

Title: Re: Cryptic names
Post by: DavidR on July 01, 2012, 12:58:22 AM

It should be fine then file in location and virus signatures updated.