Trojan.Sefnit

If your computer is infected with Trojan.Sefnit, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.

Trojan.Sefnit is a Trojan horse that was created to redirect Internet search results of the affected computer to an assigned IP Address. This threat will load itself during Windows start-up process by creating its own registry entries on the compromised system. This Trojan attempts to exploit flaws in web browser to gain an access on target computer and performs a number of harmful tasks.

Alias: Trojan:Win32/Sefnit.A, Trojan.Sefnit.DB , Bck/Harebot.M, TROJ_FRAUD.GG

Damage Level: Low

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
If Trojan.Sefnit is executed on the computer, it will create a file under UserProfile folder. To support this file and run on every Windows start-up, the Trojan will add an entry to system registry. Please refer to Added Registry Entries and Files a

Next, Trojan.Sefnit will inject itself into Mozilla FireFox or Internet Explorer to hijack the result for various search engines. The threat may redirect victim’s search queries to specific address, which contains other malware. We noticed that the given address has been disabled as of this date.

The Trojan will constantly runs in the background to perform other activities that may slow down system performance. Internet traffic can also be affected by its actions that will result to intermittent connection.

Distribution
Spam email messages, file-sharing networks and instant messaging application are the top distribution channel for this Trojan. It may come bundled with shareware that are hosted on file-sharing networks. Trojan.Sefnit also attaches self to spam email messages that spreads via mass-mailing method. Links included in a messages send by unknown instant messenger user may cause Trojan infection.

Image below shows how antivirus auto-protect has acted on the threat.

Trojan.Sefnit Detection

How to Remove Trojan.Sefnit

NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

Step 1 : Run a scan with your antivirus program

1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid Trojan.Sefnit from loading at start-up.

Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode with Networking on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode with Networking.

Start computer in Safe Mode with Networking using Windows 8
a) Before Windows begins to load, press Shift and F8 on your keyboard.
b) On Recovery interface, click on 'See advanced repair options'.
c) Next, click on Troubleshoot option.
d) Then, select Advanced options from the list.
e) Lastly, please choose Windows Startup Settings and click on Restart. When Windows restarts, you will be send to a familiar Advanced Boot Options screen.
f) Select Safe Mode with Networking from the selections menu.

SafeMode

2. Once Windows is running under Safe Mode with Networking, open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of Trojan.Sefnit.

Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.

3. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.

Step 2: Run another test with Norton Power Eraser

1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove Trojan.Sefnit components without restarting the computer.

Advance Scan

7. On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

8. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Trojan.Sefnit. This may take some time, depending on the number of files currently stored on the computer.

9. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.

Alternative Removal Methods for Trojan.Sefnit

Option 1 : Use Windows System Restore to return Windows to previous state

During an infection, Trojan.Sefnit drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.

rstrui-win7

Open System Restore on Windows 8

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.

rstrui-win8

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.

Option 2 : Trojan.Sefnit manual uninstall guide

IMPORTANT! Manual removal of Trojan.Sefnit requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Trojan.Sefnit.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Trojan.Sefnit files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Trojan.Sefnit.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries:

Ways to Prevent Trojan.Sefnit Infection

Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.

Install an effective anti-malware program

Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.

Get Protection Software

Always update your installed software

Software vendors constantly releases updates for programs whenever a flaw is discovered. Getting the updates makes the computer more secured and help prevents Trojan, virus, malware, and Trojan.Sefnit similar attacks. If in case your program is not set for instant update, it usually offered from vendor's web site, which you can download anytime.

Maximize the security potential of your Internet browser

Each browser has their own feature where in you can adjust the security settings that fit your browsing habit. We highly encourage you to maximize the setup to tighten the security of your browser.

Apply full caution when using the Internet

Internet is full of fraud, malware, and many forms of computer threats including Trojan.Sefnit. Implement full caution with links that you may receive from emails, social networking sites, and instant messaging programs. It might lead you to malicious sites that can cause harm to your computer. Avoid strange web sites that offers free services and software downloads.