Full
Name: |
Secefa |
Type: |
Trojan |
Also Known As: |
W32.Secefa.D (Symantec) |
Danger Level: |
8 |
Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
Official Description: |
Secefa is a backdoor trojan. |
Comment: |
Secefa downloads another threat(Surila.aw) into infected computer and executes it.
This trojan blocks access to several security related sites.
Disables Windows Firewall and adds itself into Windows Firewall Authorized application list. |
|
|
Properties: |
|
Manual Removal: |
After scanning with X-Cleaner, follow the below given steps to correct the altered registry keys:
1. Click on Start Menu, select run.
2. Type "regedit" and press enter.
3. Navigate to each of the following keys and
in the right pane, delete the value(by right clicking over it):
"DisableRegistryTools" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
4. Navigate to each of the following keys and
in the right pane, delete the value(by right clicking over it):
"EnableFirewall" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
5. Navigate to each of the following keys and
in the right pane, delete the value(by right clicking over it):
"C:\WINDOWS\services.exe" = "C:\WINDOWS\services.exe:*:Enabled:services.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
6. Close Registry Editor.
7. Restart your computer.
|