Win32/Rovnix

The Win32/Rovnix family of Trojans is a relative newcomer to the malware world. The original Win32/Rovnix malware infection was first detected in 2011, with new variants popping up every few weeks since the first appearance of this severe threat. Trojans in the Win32/Rovnix family are Trojan droppers, designed to infiltrate a computer system and place certain files on the victim's computer. This characteristic makes Win32/Rovnix highly versatile. ESG security researchers have detected the use of Win32/Rovnix Trojans in association with various malware attacks, including the Carberp family of malware which is the most widely disseminated banking Trojan in the Russian Federation. Any malware infection involving Win32/Rovnix will usually pose a severe threat to the infected computer due to the high degree of control that Win32/Rovnix allows criminals to gain over the infected computer system, as well as the advanced nature of security vulnerabilities that Win32/Rovnix exploits. In order to remove Win32/Rovnix, it is important to ensure that the security programs you have are fully up to date.

A Basic Description of a Win32/Rovnix Trojan Attack

The Win32/Rovnix family of Trojans makes changes to the NFTS boot sector of the infected hard drive (NFTS stands for New Technology File System). These changes force the modified sector of the infected hard drive to execute other malware and, much like a rootkit or bootkit, it makes malware associated with the Win32/Rovnix very difficult to detect with traditional anti-malware techniques. Win32/Rovnix will usually include a component that forces the infected computer system to reboot in order to ensure that the malware on the infected NFTS boot sector is executed. Since Win32/Rovnix Trojans are usually associated with banking Trojans or other kinds of spy Trojans, they will usually display no symptoms other than a notification from the victim's security software if it is updated to include Win32/Rovnix in its malware database. As soon as Win32/Rovnix runs, Win32/Rovnix will install various malicious files on the infected hard drive, which is executed due to the modifications made to the NTFS boot sector. This malware threat has the capacity to infect both 32-bit and 64-bit operating systems running Windows. The effects of a Win32/Rovnix infection vary greatly depending on the malware associated with Win32/Rovnix. Since Win32/Rovnix is a Trojan dropper, it is very rare to find a stand-alone Win32/Rovnix infection. Instead, Win32/Rovnix will be accompanied by a subsequent malware threat designed to carry out tasks that allow criminals to profit, such as installing a Remote Access Trojan or installing malware designed to steal banking information.

SpyHunter Detects & Remove Win32/Rovnix