Steals sensitive information
Trojan:Win32/Retefe.A can steal sensitive information from your PC, such as your online user names and passwords. It does this by installing a fake self-signed certificate and intercepting traffic through your Internet browser.
It installs a fake self-signed certificate with the thumbprint 3DDF56A7004D90034D77E2D97F68C56FAA3C93AD:
It then installs the self-signed certificate to be used by the Firefox browser.
It also changes the DNS server to an IP address of a server controlled by the attacker. We have seen the following IP addresses being used:
Trojan:Win32/Retefe.A terminates the following processes if they are running: