The dropper is detected by at least half of AV engines, but post infection detection is another story. I tried Kaspersky TDSS Killer, Avast Rootkit utility and RootRepeal without any success. I used Gmer and LordPE to carve out the hidden file from the memory. You can download 5 files below together with pcaps from one of the files and the file dumped from memory. It appears that free videos and apps names are used as the lure in this case.”]
Source: http://contagiodump.blogspot.com/2012/12/zeroaccess-sirefef-rootkit-5-fresh.html