Danger level 7
Type: Malware
Common infection symptoms:
  • Cant change my homepage
  • Connects to the internet without permission
  • Installs itself without permissions
  • Slow Computer
  • Slow internet connection


Even though judging by its name Trojan:Win64/Sirefef.D is supposed to be a Trojan, it is actually a component of the Win32/Sirefef rootkit. Trojan:Win64/Sirefef.D is used for the 64-bit version of Windows in order to generate fake traffic. It is directly related to the liveinternet.ru website that provides the aforementioned site visitor-counting service. In general Win32/Sirefef is a type of malware with many components and so it is hard to attribute it to one particular category. In general this malware (and, consequently, Trojan:Win64/Sirefef.D) modify the internet search results in order to redirect users to malware-related websites.

Since Trojan:Win64/Sirefef.D is a part of Win32/Sirefef, it does not enter your system on its own. This malicious component is usually created by other rootkit installers, for example Trojan:Win32/Sirefef.J or Backdoor:Win32/Smadow. It is clear that with Trojan:Win64/Sirefef.D your are also bound to found a bunch of other malware in your system as well. So if you decide to remove Trojan:Win64/Sirefef.D it would be for the best to use a legitimate computer security program, because that you way you would ensure a total malware removal.

If you try removing Trojan:Win64/Sirefef.D on your own, you might miss out a few malware-related folders that are hidden by default upon the installation of the component. And even if you were smart enough to figure out that Trojan:Win64/Sirefef.D is hiding as counter.dll in these randomly named file folders, the rootkit may terminate your accessing process were you to try opening the said folders. Thus Trojan:Win64/Sirefef.D remains in your system and generates a fake traffic for liveinternet.ru. It does that by sending a GET request every 900 seconds to counter.yadro.ru. The request carries the name of the website that is being promoted and so your IP address becomes part of the registered liverinternet.ru traffic whether you like it or not.

Needless to say, that there are more serious reasons as to why you should remove Trojan:Win64/Sirefef.D from your system, aside from the generating fake website traffic, but the obvious truth is that the sooner you remove Trojan:Win64/Sirefef.D and all of the related malware from your computer, the better. Make sure you erase with a good antimalware program, because rootkits are prone to regenerating themselves.

Download Spyware Removal Tool to Remove* Trojan:Win64/Sirefef.D
  • Quick & tested solution for Trojan:Win64/Sirefef.D removal.
  • 100% Free Scan for Windows

How to manually remove Trojan:Win64/Sirefef.D

Files associated with Trojan:Win64/Sirefef.D infection:


Trojan:Win64/Sirefef.D DLL's to remove:


Trojan:Win64/Sirefef.D processes to kill:


Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.