Know Your Malware: Secefa Removal

Secefa is a dangerous and complex Internet worm, which spreads to vulnerable computers running Microsoft Windows operating system with unpatched security flaws. It exploits certain vulnerabilities and does not require any user interaction. Once executed, Secefa silently installs itself to the system and runs a spreading routine. The worm's payload is comprised of several harmful functions.

Secefa terminates running antiviruses, firewalls, security-related programs, some other applications and even few parasites. It alters the Windows registry in order to bypass and disable Windows Firewall, some system tools and components including the Registry Editor and System File Protection. Secefa also blocks access to popular security-related and online shopping web sites. The worm includes an integrated backdoor, which provides the attacker with unauthorized remote access to a compromised computer. The intruder can control the infected system and steal user sensitive information. Furthermore, Secefa can download from the Internet and install Gamqowi, which is a dangerous trojan with backdoor functionality. The worm automatically runs on every Windows startup.

Related files: dodrrr.exe, msdef.exe, mstempf.exe, services.exe, ws3lib.exe, qwe.bat, ftp.scr

Secefa properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background
Remove Secefa, removal instructions

Linked by shanmuga Sunday, 27th November 2005 12:30AM