Trojan:DOS/Sinowal.A might try to find a cryptographic certificate on your PC and install a certificate to mislead you in Secure Sockets Layer (SSL) web transactions. The trojan can also capture user data such as banking credentials from various user accounts and send the data to websites specified by the attacker.
components may also open a backdoor on a TCP port and might try to perform certain operations from the context of a trusted process such as explorer.exe
in order to bypass local software-based firewalls.
is a detection for a malformed Master Boot Record (MBR) generated by VirTool:WinNT/Sinowal
. It loads the driver loader code of Sinowal your PC starts.
We have seen VirTool:WinNT/Sinowal overwrite the existing Master Boot Record (MBR) with Trojan:DOS/Sinowal.A.
Trojan:DOS/Sinowal.A looks for and loads Sinowal's driver loader code from hard drive sectors. Once found, it transfers execution to the loader.
Analysis by Scott Molenkamp
Alerts from your security software may be the only symptom.