Win32/Rovnix is a family of boot sector rootkits (AKA bootkits) that consist of multiple components and variants, all of which are dangerous to your computer’s security and privacy to a degree that can range from moderately high to immensely so. Updated variants of Win32/Rovnix rootkits can be considered even more difficult to detect than standard rootkits due to their inclusion of unorthodox infection methods and self-preserving anti-security functions. Some components in a Win32/Rovnix infection, such as Win32/Rovnix.B, are used primarily to download, install and run other malicious files, while other members of Win32/Rovnix can contain more specialized functions than the above. In all scenarios, however, Win32/Rovnix will never consist of a single infection and can allow remote criminals to attack your computer from their own server. SpywareRemove.com malware experts recommend that you use only the best anti-malware software available to find and remove Win32/Rovnix, which should be assumed to active until you’ve taken specific steps to disable Win32/Rovnix and all related PC threats.
The Evolving Nature of Win32/Rovnix Attacks
Unlike the majority of rootkits, even early Win32/Rovnix rootkits such as Win32/Rovnix.A (also known by the aliases BackDoor-CEP and Trojan:Win32/Sisproc eschew usage of Master Boot Record-based attacks which, while effective, are also easily detected by appropriate anti-malware programs. Instead, rootkits from the Win32/Rovnix family use an infection startup method that involves attacks against your computer’s NTFS bootstrap code. New variants from Win32/Rovnix (such as Win32/Rovnix.B) have taken this several steps further by adding anti-detection encryption and a basic level of polymorphism, amongst other improvements.
Win32/Rovnix rootkits also function in multiple components, and may even be included partially in infections that are linked to other types of PC threats, such as Win32/Carberp-based Trojan droppers. They’re capable of attacking both 32-bit and 64-bit versions of Windows, and, after installation, should be assumed to be constantly operational unless you’ve used specific anti-rootkit measures to disable them. However, like most rootkits, Win32/Rovnix rootkits will not show significant symptoms of their presence, although SpywareRemove.com malware researchers add the caveat that you may notice symptoms from other PC threats that Win32/Rovnix has downloaded onto your PC. Unlike normal programs, Win32/Rovnix even includes its own file system to conceal related files, which can make Win32/Rovnix very close to effectively invisible.
What Win32/Rovnix’s New Features Mean for Your Privacy
Although Win32/Rovnix does use innovative features to avoid detection and removal, SpywareRemove.com malware experts have judged Win32/Rovnix’s payload to be as standard as they come. Examples of issues that may linger until Win32/Rovnix is completely deleted by appropriate software can include:
- Win32/Rovnix can allow criminal access to your PC from a remote C&C server. This server can be used to steal files, download malicious files onto your PC, install unwanted programs or control your computer’s actions.
- Win32/Rovnix can also harvest personal information, such as account passwords, to send to its aforementioned criminal partners. Win32/Rovnix has been noted to focus on web browsers (such as Internet Explorer and Chrome) for these attacks, but may also steal information from other sources or directly record your keyboard input.
- Instructions from its C&C server may reconfigure Win32/Rovnix to make other attacks, such as blocking security programs, redirecting your web browser to hostile sites or installing additional PC threats.
Win32/Rovnix Automatic Detection Tool (Recommended)
Is your PC infected with Win32/Rovnix? To safely & quickly detect Win32/Rovnix we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Win32/Rovnix What happens if Win32/Rovnix does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %APPDATA%\ Microsoft\ Crypto\ RSA\ RSA748565165.dll 284 2 file.exe 284
Posted: February 27, 2012 | By SpywareRemove
Rate this article: