Short bio

Trojan.Sefnit is Malwarebytes’ detection name for a family of Trojans that operate as a backdoor, allowing remote access to Windows systems.

Type and source of infection

Trojan.Sefnit is also capable of using your computer for Bitcoin mining, click fraud, and to hijack the victim’s search results.

There are several ways this Trojan can land on a system, including via P2P file sharing, bundlers, or being dropped by other malware.


Malwarebytes protects users from Trojan.Sefnit by using real-time protection.

block Trojan.Sefnit

Malwarebytes blocks Trojan.Sefnit

Home remediation

Malwarebytes can detect and remove Trojan.Sefnit without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get startedbutton.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Business remediation

How to remove Trojan.Sefnit with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine

Select your language