There is a pop up message saying “Security Center Alert”
To help protect your computer , Windows Firewall has blocked activity of harmful software.
Then there is a line seperation_______________
Then it says:Do You want to block this suspicious Software?
Risk Level: High
Description: Sinowal.Trojan is a Trojan program that records keystrokes and takes screen shots of the computer. Stealing personal financial Information.
Then it gives you three buttons to click on:
“Keep Blocking”(which is grayed out and you can’t click on it anyway)
“Unblock” (which is also grayed out and you can’t click on it)
“Enable Protection”(which is one you can click on and it takes you to a website called “Safe Soft Reviews” where they try to sell you some security software programs)
Now back to the pop up…underneath the “buttons” it says the following:
Windows Firewall has detected unauthorized activity, but unfortunately it can not help you remove viruses. Keyloggers and other spyware threats that steal your personal information from your computer.
Next is an underlined link, it says:
“Click to download and activate protection”
Whenever you open IE you should see security alert center popup with sinowal.trojan on it
Go to C:\documents and settings\username\application data\Google
there is a xxxxxx.exe file in there with a security icon. that is it. mine was named something like pfysw721318.exe.
Delete that exe file.
I wasn’t able to delete this file with the following error
You can downloaded killbox application from here and selected delete file upon reboot.
Download combofix from here and run