Trojan SEFNIT

By Domesticus in Trojans

Threat Scorecard

Threat Level:	80 % (High)
Infected Computers:	24,917

First Seen:	November 22, 2011
Last Seen:	August 26, 2025
OS(es) Affected:	Windows

Trojan SEFNIT is a browser hijacker Trojan that affects Mozilla and Internet Explorer. Trojan SEFNIT spreads via spam email messages, file-sharing networks and instant messaging applications. Trojan SEFNIT may also come bundled with shareware programs that are hosted on file-sharing networks. Trojan SEFNIT blocks your activity on search engines or redirects your search results to malicious websites. Trojan SEFNIT creates a .dll file and adds it into processes of Mozilla and Internet Explorer. Trojan SEFNIT also creates mutex and startup registry entries. Trojan SEFNIT runs every time you start up Windows. Remove Trojan SEFNIT immediately after detection.

Table of Contents

SpyHunter Detects & Remove Trojan SEFNIT

File System Details

Trojan SEFNIT may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	81D0.tmp	bf6054d16bbce96159f8cbbde8ea80b3	2,186
Name: 81D0.tmp MD5: bf6054d16bbce96159f8cbbde8ea80b3 Size: 335.87 KB (335872 bytes) Detections: 2,186 Type: Temporary File Path: C:\Windows\Temp\81D0.tmp Group: Malware file Last Updated: May 13, 2023
2.	wnns.exe	2c3a9f60a6a097ba7bc769a51479fe41	251
Name: wnns.exe MD5: 2c3a9f60a6a097ba7bc769a51479fe41 Size: 405.5 KB (405504 bytes) Detections: 251 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Windows Network Name Service Group: Malware file Last Updated: August 17, 2016
3.	BleServicesCtrl.exe	283bc11ed03732ba1055aaced9f7ced8	206
Name: BleServicesCtrl.exe MD5: 283bc11ed03732ba1055aaced9f7ced8 Size: 317.95 KB (317952 bytes) Detections: 206 Type: Executable File Path: %WINDIR%\system32\Drivers Group: Malware file Last Updated: September 8, 2016
4.	TrustedInstaller.exe	a472021e21a13dc3081f99f53a5461a6	78
Name: TrustedInstaller.exe MD5: a472021e21a13dc3081f99f53a5461a6 Size: 402.94 KB (402944 bytes) Detections: 78 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: July 28, 2016
5.	updater.dll	b99fe4761f454b4e25e86152b4b51784	41
Name: updater.dll MD5: b99fe4761f454b4e25e86152b4b51784 Size: 1.56 MB (1564672 bytes) Detections: 41 Type: Dynamic link library Path: %APPDATA%\Updater Group: Malware file Last Updated: March 23, 2016
6.	wins.exe	7d60bc72c525b377068706c235f9cdc5	35
Name: wins.exe MD5: 7d60bc72c525b377068706c235f9cdc5 Size: 2.78 MB (2785792 bytes) Detections: 35 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service Group: Malware file Last Updated: August 20, 2016
7.	stub.exe	24c2573af8b38dc88fb933ae12c9e40b	2
Name: stub.exe MD5: 24c2573af8b38dc88fb933ae12c9e40b Size: 214.52 KB (214528 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\Microsoft\ApplicationManager Group: Malware file Last Updated: March 25, 2016
8.	%AppData%\audiop2psound\audiop2psound.dll
Name: %AppData%\audiop2psound\audiop2psound.dll Type: Dynamic link library Group: Malware file
9.	%UserProfile%\Application Data\acxmapdb\AgerePadClock.dll
Name: %UserProfile%\Application Data\acxmapdb\AgerePadClock.dll Type: Dynamic link library Group: Malware file

More files

Registry Details

Trojan SEFNIT may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\Microsoft\ApplicationManager\stub.exe

%APPDATA%\Updater\updater.dll

%WINDIR%\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe

%WINDIR%\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"cleansweep.exe" = "rundll32.exe "%AppData%\audiop2psound\audiop2psound.dll"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AgerePadClock" = "rundll32.exe "%USERAPPDATA%\acxmapdb\AgerePadClock.dll",isaAuthenticationInit SyncWISupport"

HKEY_CLASSES_ROOT\CLSID\{4fc3d0c1-7d9a-4c56-aa94-d5eb3997e46e}

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan SEFNIT

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Trojan SEFNIT

File System Details

Registry Details

Submit Comment

Related Posts

Trojan.Sefnit.AO

Trojan.Sefnit.AJ

Trojan.Sefnit.AL

Trojan.Sefnit.AA

Trojan.Sefnit.AE

Trojan.Sefnit.M

Trending

AdwareCops

PUM.Hijack.StartMenu

BKDR_PLUGX.SME

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen