We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:DOS/Sinowal.O
Detected by Microsoft Defender Antivirus
Aliases: Backdoor.Win32.Sinowal.knf (Kaspersky)
Summary
Trojan:DOS/Sinowal.O is a component of Win32/Sinowal - a family of password-stealing and backdoor trojans. The trojan may try to find a cryptographic certificate on the infected computer and install a certificate on the computer to mislead users in Secure Sockets Layer (SSL) web transactions. The trojan may also capture user data such as banking credentials from various user accounts and send the data to websites specified by the attacker.
Trojan:DOS/Sinowal.O is a detection for a malformed MBR (Master Boot Record) generated by VirTool:WinNT/Sinowal. It loads the driver loader code of Sinowal when the affected computer boots.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products will detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Win32/Sinowal attempts to steal sensitive and confidential information from affecters users in order to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:
Follow us
