Win32/Rovnix Description

Type: Trojan

The Win32/Rovnix family of Trojans is a relative newcomer to the malware world. The original Win32/Rovnix malware infection was first detected in 2011, with new variants popping up every few weeks since the first appearance of this severe threat. Trojans in the Win32/Rovnix family are Trojan droppers, designed to infiltrate a computer system and place certain files on the victim's computer. This characteristic makes Win32/Rovnix highly versatile. ESG security researchers have detected the use of Win32/Rovnix Trojans in association with various malware attacks, including the Carberp family of malware which is the most widely disseminated banking Trojan in the Russian Federation. Any malware infection involving Win32/Rovnix will usually pose a severe threat to the infected computer due to the high degree of control that Win32/Rovnix allows criminals to gain over the infected computer system, as well as the advanced nature of security vulnerabilities that Win32/Rovnix exploits. In order to remove Win32/Rovnix, it is important to ensure that the security programs you have are fully up to date.

A Basic Description of a Win32/Rovnix Trojan Attack

The Win32/Rovnix family of Trojans makes changes to the NFTS boot sector of the infected hard drive (NFTS stands for New Technology File System). These changes force the modified sector of the infected hard drive to execute other malware and, much like a rootkit or bootkit, it makes malware associated with the Win32/Rovnix very difficult to detect with traditional anti-malware techniques. Win32/Rovnix will usually include a component that forces the infected computer system to reboot in order to ensure that the malware on the infected NFTS boot sector is executed. Since Win32/Rovnix Trojans are usually associated with banking Trojans or other kinds of spy Trojans, they will usually display no symptoms other than a notification from the victim's security software if it is updated to include Win32/Rovnix in its malware database. As soon as Win32/Rovnix runs, Win32/Rovnix will install various malicious files on the infected hard drive, which is executed due to the modifications made to the NTFS boot sector. This malware threat has the capacity to infect both 32-bit and 64-bit operating systems running Windows. The effects of a Win32/Rovnix infection vary greatly depending on the malware associated with Win32/Rovnix. Since Win32/Rovnix is a Trojan dropper, it is very rare to find a stand-alone Win32/Rovnix infection. Instead, Win32/Rovnix will be accompanied by a subsequent malware threat designed to carry out tasks that allow criminals to profit, such as installing a Remote Access Trojan or installing malware designed to steal banking information.

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Win32/Rovnix

File System Details

Win32/Rovnix creates the following file(s):
# File Name MD5 Detection Count
1 RSA748565165.dll 85e66af1c36c21d1cec76d8dce28ae7e 1
2 file.exe 4b50035e5a84214a84dcadc61d1e75af 0
More files

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.