This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects traffic generated by Trojan.Sefnit which could lead to further infection of the affected system.
When the Trojan is executed, it creates the following file:
It then creates the following registry subkey:
The Trojan also creates the following registry entry, so that it starts when Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AgerePadClock" = "rundll32.exe "%USERAPPDATA%\acxmapdb\AgerePadClock.dll",isaAuthenticationInit SyncWISupport"
The Trojan monitors both Internet Explorer and Mozilla Firefox Web browsers and redirects searches made using the following URLs:
The threat may redirect these search queries to the following address: