Home / malware Trojan:Win32/Sefnit.A
First posted on 16 June 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Sefnit.A is also known as Trojan.Sefnit.DB (VirusBuster), Bck/Harebot.M (Panda), TROJ_FRAUD.GG (Trend Micro).
Explanation :
Trojan:Win32/Sefnit.A is a trojan that may inject itself into Internet Explorer or Mozilla Firefox to hijack the search results for various search engines.
Top
Trojan:Win32/Sefnit.A is a trojan that may inject itself into Internet Explorer or Mozilla Firefox to hijack the search results for various search engines. Installation Trojan:Win32/Sefnit.A drops the following file, which is also detected as Trojan:Win32/Sefnit.A:%AppData%\audiop2psound\audiop2psound.dll It creates the following registry so that it automatically runs every time Windows starts: Adds value: "audiop2psound" With data: "rundll32.exe "%AppData%\audiop2psound\audiop2psound.dll", dllinit" In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run It may also inject its dropped DLL file into the "explorer.exe" process. Trojan:Win32/Sefnit.A may also create two mutexes, one with a random name and another named "MX-{fe88ab54-f98e-4bbd-95e8-a14df3d27305}". Payload Hijacks search engine resultsOnce loaded, it may inject itself into Internet Explorer or Mozilla to hijack the search results for various search engines.
Analysis by Andrei Florin SaygoLast update 16 June 2010
