Malware

Sefnit.2 removal

Malware Removal

The Sefnit.2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Sefnit.2 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Explorer.exe process established HTTP connections
  • Collects information about installed applications
  • Creates a copy of itself
  • Collects information to fingerprint the system

How to determine Sefnit.2?



File Info:

name: 036630EEF33CFCCD1301.mlw
path: /opt/CAPEv2/storage/binaries/0aeef3c2ca96786d4e691a3775bd4f160036b39418097cf6ee6e16ec96147b89
crc32: 9395C6E0
md5: 036630eef33cfccd1301b7cb0ff63e35
sha1: 552e7b4eab5c35f39b0b67ff8f04a48b7ad1f3bf
sha256: 0aeef3c2ca96786d4e691a3775bd4f160036b39418097cf6ee6e16ec96147b89
sha512: 817f3e14337bf4b9022b0106d7a8007c2678fc4a9ce6bdcbbcf5acf94cbeb7798e0365aec2c85eb59670676fa2b9e104677f07afaa1ebffa776371d112379730
ssdeep: 24576:0tmN+Bx8+cvw2wPfYo3f2MDArPthJVerPPEe1XPSI0W1DZ372RzSRq6H/GwtYC3S:0toFi7JDZ3725SB/GP7kOH5IPq1l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12B5507677F95256EF4658C7432091B929290A93C213590BBFB8FFB267998EC1F171C03
sha3_384: 51967d0f813c52eef5d9b86c1f210655cdb763cab565bb796d9e6000771cd46180e05b18388dedd0156cf08a2d9dce63
ep_bytes: e8b8670000e979feffffcccccccc558b
timestamp: 2011-10-10 08:33:49


Version Info:

0: [No Data]

Sefnit.2 also known as:

LionicTrojan.Win32.Swisyn.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen3.18163
MicroWorld-eScanGen:Variant.Sefnit.2
FireEyeGeneric.mg.036630eef33cfccd
McAfeeSefnit.f
ZillyaTrojan.Swisyn.Win32.21867
AlibabaTrojan:Win32/Obfuscated.651ec183
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaF.34084.urZ@aO13Zhgi
CyrenW32/Zbot.BU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Obfuscated.NEV
Paloaltogeneric.ml
ClamAVWin.Trojan.Sefnit-2251
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Sefnit.2
NANO-AntivirusTrojan.Win32.TrjGen.efeoms
TencentMalware.Win32.Gencirc.1149669a
Ad-AwareGen:Variant.Sefnit.2
EmsisoftGen:Variant.Sefnit.2 (B)
ComodoMalware@#2f2slmxtll1rz
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SophosML/PE-A + Troj/Sefnit-N
IkarusTrojan.Win32.Sefnit
JiangminTrojan/Swisyn.rxm
eGambitUnsafe.AI_Score_79%
AviraTR/Sefnit.val
Antiy-AVLTrojan/Generic.ASMalwS.85D45
KingsoftWin32.Troj.Generic.(kcloud)
MicrosoftTrojan:Win32/Sefnit.V
GDataGen:Variant.Sefnit.2
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Muwid.C106109
ALYacGen:Variant.Sefnit.2
MAXmalware (ai score=100)
VBA32BScope.Adware.WhiteSmoke
APEXMalicious
RisingTrojan.Generic@ML.100 (RDML:hC/uhn8oocQ88/XD+wrMOQ)
YandexTrojan.Kryptik!rPJakMSFzbc
SentinelOneStatic AI – Malicious PE
FortinetW32/Buzus.AABB!tr
WebrootW32.Trojan.Gen
Cybereasonmalicious.ef33cf
PandaTrj/Genetic.gen

How to remove Sefnit.2?

Sefnit.2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment