Win32/Tinfes [Threat Name] go to Threat

Win32/Tinfes.A [Threat Variant Name]

Category trojan
Size 160768 B
Detection created Oct 29, 2013
Detection database version 8980
Aliases Trojan:Win32/Sefnit.AS (Microsoft)
  Trojan.FakeAV (Symantec)
  Win32:Sefnit-HV (Avast)
Short description

Win32/Tinfes.A is a trojan which tries to download other malware from the Internet.


When executed the trojan copies itself in the following locations:

  • %systemx86%\­Macromed\­Flash\­FlashPlayerUpdateService.exe
  • %systemx86%\­FlashPlayerUpdateService.exe

The trojan registers itself as a system service using the following name:

  • AdobeFlashPlayerUpdateSvc

The trojan schedules a task that causes the following file to be executed repeatedly:

  • %systemx86%\­FlashPlayerUpdateService.exe

This causes the trojan to be executed on every system start.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (9) URLs. The HTTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • update itself to a newer version

The trojan keeps various information in the following Registry key:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­AdobeFlashPlayerUpdate]

Please enable Javascript to ensure correct displaying of this content and refresh this page.