Home Malware Programs Rootkits DOS/Rovnix.W


Posted: September 1, 2014

DOS/Rovnix.W is a component of a boot sector rootkit, or bootkit, that compromises the security of your PC to allow third parties to exploit it via remote Command & Control servers. Like other Rovnix rootkits, DOS/Rovnix.W may be installed with related threats and may cause substantial harm to the basic performance or privacy of the infected machine. Although circumstantial symptoms may lead to a DOS/Rovnix.W's easy detection, malware experts warn that removing DOS/Rovnix.W must use qualified anti-malware tools and protocols, particularly whenever assistance from a PC security professional is unavailable.

DOS/Rovnix.W: a Start of Threats Taking Over Your OS

The Rovnix family of rootkits includes numerous variants, of which DOS/Rovnix.W is a typical example, with its attacks occurring throughout both 2013 and 2014. Although distribution exploits for DOS/Rovnix.W are not clear yet, it is known that DOS/Rovnix.W most likely circulates through methods that don't need your permission and disguise the true nature of the threatening software being installed. Like other members of Rovnix, DOS/Rovnix.W almost always is installed with other threats, such as Trojan.Siredef.C, which try to disable crucial security features of Windows.

Although DOS/Rovnix.W subverts components of your PC that load prior to Windows, DOS/Rovnix.W also is associated with in-Windows symptoms that include:

  • The presence of multiple instances of Explorer.exe memory processes. These processes may use excessive resources, causing Windows to perform slowly.
  • DOS/Rovnix.W may be used to create additional Windows profiles.
  • Unusual loss of hard drive space caused by hidden files associated with DOS/Rovnix.W or related threats. These files may not be visible via the Windows Explorer, but still should be detectable by competent PC security tools.
  • Web browser symptoms, such as pop-up advertisements, redirects to hostile sites or promotional content for fake security programs.

However, none of these symptoms is necessarily guaranteed to appear with any individual DOS/Rovnix.W infection, which may reconfigure itself for different attacks. Symptoms also should be expected to vary based on the presence or lack of other threats that could install via DOS/Rovnix.W's backdoor security exploits.

Getting Your System Start-Up Purged of DOS/Rovnix.W

Because of anticipated modifications to your NTFS file system to install and launch DOS/Rovnix.W, advanced methods may be required for deleting DOS/Rovnix.W. Anti-malware scans from a normal environment may detect but fail to delete DOS/Rovnix.W. For the safe removal of high-level threats, including DOS/Rovnix.W rootkits, you should use a recovery USB device and conduct all anti-malware scans via Safe Mode (or even a separate OS). Malware researchers also encourage the full use of thorough system-scanning options that can detect related threats; DOS/Rovnix.W's family does have a strong history of being installed with multiple components, including other high-level threats.

Past versions of Rovnix often used Java-based browser exploits to install themselves. While there is no hard evidence of such methods being exclusively favored for distributing DOS/Rovnix.W, the use of Java and JavaScript continues to be a significant lynchpin in the distribution of rootkits and other threats. You can disable these features in most browsers and use script-blocking defenses to prevent DOS/Rovnix.W's installation, although malware experts also would advise you to avoid websites prone to hosting such content at all.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DOS/Rovnix.W may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.