It encrypts files with certain extensions, so that affected users will not be able to open them until they are decrypted.

Windows 2003/XP/2000/NT/ME/98/95

Sinowal.FY is a Trojan that encrypts all the files with any of the following extensions, among others: ARH, ARJ (files compressed with ARJ), C, CDR, CGI, CNT, CPP, CSS, CSV, DB, DB1, DB2, DBF, DBT, DBX, DOC (Word documents), FLB, FRM, FRT, FRX, GTD, GZ, GZIP, H, HTM, HTML, JPG, JPEG (pictures), KEY, KWM, LST, MAN, MDB (Access databases), MO, OLD, P12, PAK, PDF, PEM, PFX, PGP, PL, PPS, PPT (Power Point files), PRF, PRX, PST, PWA, PWL, PWM, RAR (files compressed with WinRAR), RMR, RND, RTF, SAFE, SAR, TAR, TBB, TXT (text files), XLS (Excel spreadsheets), XML and ZIP (files compressed with WinZip).

The user will not be able to open those files until they are decrypted. Sinowal.FY instructs users to send a message to an email address so that they can buy the decrypter.

Sinowal.FY does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Sinowal.FY is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, if you cannot access files with the extensions mentioned above, your computer is likely to have been affected by Sinowal.FY.