Home / malware Trojan:DOS/Sinowal.Q
First posted on 15 March 2012.
Source: MicrosoftAliases :
Trojan:DOS/Sinowal.Q is also known as MBROOT.C (Command), Backdoor.Win32.Sinowal.knf (Kaspersky), Sinowalmbr.C (Norman), Boot.Sinowal.Gen.21 (VirusBuster), PSW.Sinowal.C.boot (AVG), BOO/TDss.M (Avira), Rootkit.MBR.Mebroot.B (BitDefender), BackDoor.MaosBoot.118 (Dr.Web), Trojan.DOS.Sinowal (Ikarus), BackDoor-DWL!mbr (McAfee), Troj/MBRoot-D (Sophos), TROJ_MBROOT.H (Trend Micro).
Explanation :
Trojan:DOS/Sinowal.Q is the detection for a malformed MBR (Master Boot Record) generated by VirTool:WinNT/Sinowal.
Top
Trojan:DOS/Sinowal is a component of Win32/Sinowal - a family of password-stealing and backdoor trojans. The trojan may try to find a cryptographic certificate on the infected computer and install a certificate on the computer to mislead users in Secure Sockets Layer (SSL) web transactions. The trojan may also capture user data such as banking credentials from various user accounts and send the data to websites specified by the attacker. Some Win32/Sinowal components may also open a backdoor on a TCP port. Win32/Sinowal may try to perform certain operations from the context of a trusted process such as explorer.exe in order to bypass local software-based firewalls.
Trojan:DOS/Sinowal.Q is the detection for a malformed MBR (Master Boot Record) generated by VirTool:WinNT/Sinowal. It loads the driver loader code of Sinowal when the affected computer boots.
Trojan:DOS/Sinowal.Q looks for and loads the Sinowal driver loader code from hard drive sectors. Once found, it transfers execution to the loader.
Analysis by Wei Li
Last update 15 March 2012