DOS/Rovnix.W

DOS/Rovnix.W is a component of a boot sector rootkit, or bootkit, that compromises the security of your PC to allow third parties to exploit it via remote Command & Control servers. Like other Rovnix rootkits, DOS/Rovnix.W may be installed with related threats and may cause substantial harm to the basic performance or privacy of the infected machine. Although circumstantial symptoms may lead to a DOS/Rovnix.W's easy detection, malware experts warn that removing DOS/Rovnix.W must use qualified anti-malware tools and protocols, particularly whenever assistance from a PC security professional is unavailable.

DOS/Rovnix.W: a Start of Threats Taking Over Your OS

The Rovnix family of rootkits includes numerous variants, of which DOS/Rovnix.W is a typical example, with its attacks occurring throughout both 2013 and 2014. Although distribution exploits for DOS/Rovnix.W are not clear yet, it is known that DOS/Rovnix.W most likely circulates through methods that don't need your permission and disguise the true nature of the threatening software being installed. Like other members of Rovnix, DOS/Rovnix.W almost always is installed with other threats, such as Trojan.Siredef.C, which try to disable crucial security features of Windows.

Although DOS/Rovnix.W subverts components of your PC that load prior to Windows, DOS/Rovnix.W also is associated with in-Windows symptoms that include:

• The presence of multiple instances of Explorer.exe memory processes. These processes may use excessive resources, causing Windows to perform slowly.
• DOS/Rovnix.W may be used to create additional Windows profiles.
• Unusual loss of hard drive space caused by hidden files associated with DOS/Rovnix.W or related threats. These files may not be visible via the Windows Explorer, but still should be detectable by competent PC security tools.
• Web browser symptoms, such as pop-up advertisements, redirects to hostile sites or promotional content for fake security programs.

However, none of these symptoms is necessarily guaranteed to appear with any individual DOS/Rovnix.W infection, which may reconfigure itself for different attacks. Symptoms also should be expected to vary based on the presence or lack of other threats that could install via DOS/Rovnix.W's backdoor security exploits.

Getting Your System Start-Up Purged of DOS/Rovnix.W

Because of anticipated modifications to your NTFS file system to install and launch DOS/Rovnix.W, advanced methods may be required for deleting DOS/Rovnix.W. Anti-malware scans from a normal environment may detect but fail to delete DOS/Rovnix.W. For the safe removal of high-level threats, including DOS/Rovnix.W rootkits, you should use a recovery USB device and conduct all anti-malware scans via Safe Mode (or even a separate OS). Malware researchers also encourage the full use of thorough system-scanning options that can detect related threats; DOS/Rovnix.W's family does have a strong history of being installed with multiple components, including other high-level threats.

Past versions of Rovnix often used Java-based browser exploits to install themselves. While there is no hard evidence of such methods being exclusively favored for distributing DOS/Rovnix.W, the use of Java and JavaScript continues to be a significant lynchpin in the distribution of rootkits and other threats. You can disable these features in most browsers and use script-blocking defenses to prevent DOS/Rovnix.W's installation, although malware experts also would advise you to avoid websites prone to hosting such content at all.