Trojan.Sefnit
Trojan.Sefnit is a Trojan horse that was created to redirect Internet search results of the affected computer. Trojan.Sefnit will load itself during Windows start-up process by creating its own registry entries on the compromised system. This Trojan attempts to exploit flaws in web browser to gain an access on target computer.
Alias: Trojan.Sefnit.DB , Bck/Harebot.M, TROJ_FRAUD.GG
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Trojan.Sefnit will inject itself into Mozilla FireFox or Internet Explorer to redirect its search result for various search engine. It continuously run in the background to perform other activities that may slow down system performance. Internet traffic can also be affected by its actions that may result to intermittent connection.
Distribution
Spam email messages, file-sharing networks and instant messaging application are the top distribution channel for this Trojan. It may come bundled with shareware that are hosted on file-sharing networks. Trojan.Sefnit also attaches self to spam email messages that spreads via mass-mailing method. Links included in a messages send by unknown instant messenger user may cause Trojan infection.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"cleansweep.exe" = "rundll32.exe "%AppData%\audiop2psound\audiop2psound.dll"Associated Files and Folders:
%AppData%\audiop2psound\audiop2psound.dll
How to Remove Trojan.Sefnit
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus program and update the virus definition file.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry if there are any. Please refer to 'Added Registry Entries.'[how to edit registry]
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan.Sefnit. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.