TROJ_SEFNIT.SME
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan may arrive bundled with malware packages as a malware component. It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites.
It requires its main component to successfully perform its intended routine.
TECHNICAL DETAILS
Arrival Details
This Trojan may arrive bundled with malware packages as a malware component.
It may be dropped by other malware.
It may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This Trojan drops the following copies of itself into the affected system:
- %Program Files%\Common Files\Watson\Watsonsubscriber.dll
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), and 7 (64-bit).)
It creates the following folders:
- %Program Files%\Common Files\Watson
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), and 7 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), and 7 (64-bit).)
Autostart Technique
This Trojan adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{c0533d96-89de-45b9-b2a5-7ee5a10c51bb}\InprocServer32
Default = "%Program Files%\Common Files\Watson\Watsonsubscriber.dll"
Other Details
This Trojan requires its main component to successfully perform its intended routine.