We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
PWS:Win32/Sinowal.H
Detected by Microsoft Defender Antivirus
Aliases: TR/Spy.ZBot.asx.14 (Avira) Trojan-Spy.Zbot (Ikarus) Troj/Torpig-CB (Sophos) Trojan.Mebroot!gen1 (Symantec)
Summary
PWS:Win32/Sinowal.H is a component of Win32/Sinowal - a family of password-stealing and backdoor trojans.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for this threat
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Using the system's recovery options:
- For Windows XP: Installing and using the Recovery Console in Windows XP
- For Windows Vista: System Recovery Options in Windows Vista
- For Windows 7: System Recovery Options in Windows 7
- For other support and help related articles, go to:
- Windows 7: http://support.microsoft.com/gp/windows7
- Windows Vista: http://support.microsoft.com/ph/11732
- Windows XP: http://support.microsoft.com/ph/1173
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx
Follow us
