Win32/Rovnix is a family of boot sector rootkits (AKA bootkits) that consist of multiple components and variants, all of which are dangerous to your computer's security and privacy to a degree that can range from moderately high to immensely so. Updated variants of Win32/Rovnix rootkits can be considered even more difficult to detect than standard rootkits due to their inclusion of unorthodox infection methods and self-preserving anti-security functions. Some components in a Win32/Rovnix infection, such as Win32/Rovnix.B, are used primarily to download, install and run other malicious files, while other members of Win32/Rovnix can contain more specialized functions than the above. In all scenarios, however, Win32/Rovnix will never consist of a single infection and can allow remote criminals to attack your computer from their own server. SpywareRemove.com malware experts recommend that you use only the best anti-malware software available to find and remove Win32/Rovnix, which should be assumed to active until you've taken specific steps to disable Win32/Rovnix and all related PC threats.
The Evolving Nature of Win32/Rovnix Attacks
Unlike the majority of rootkits, even early Win32/Rovnix rootkits such as Win32/Rovnix.A (also known by the aliases BackDoor-CEP and Trojan:Win32/Sisproc eschew usage of Master Boot Record-based attacks which, while effective, are also easily detected by appropriate anti-malware programs. Instead, rootkits from the Win32/Rovnix family use an infection startup method that involves attacks against your computer's NTFS bootstrap code. New variants from Win32/Rovnix (such as Win32/Rovnix.B) have taken this several steps further by adding anti-detection encryption and a basic level of polymorphism, amongst other improvements. At the end of the day, these upgrades all serve to make new versions of Win32/Rovnix rootkits extremely difficult to detect and remove even in cases of normally-qualified anti-malware applications.
Win32/Rovnix rootkits also function in multiple components, and may even be included partially in infections that are linked to other types of PC threats, such as Win32/Carberp-based Trojan droppers. They're capable of attacking both 32-bit and 64-bit versions of Windows, and, after installation, should be assumed to be constantly operational unless you've used specific anti-rootkit measures to disable them. However, like most rootkits, Win32/Rovnix rootkits will not show significant symptoms of their presence, although SpywareRemove.com malware researchers add the caveat that you may notice symptoms from other PC threats that Win32/Rovnix has downloaded onto your PC. Unlike normal programs, Win32/Rovnix even includes its own file system to conceal related files, which can make Win32/Rovnix very close to effectively invisible.
What Win32/Rovnix's New Features Mean for Your Privacy
Although Win32/Rovnix does use innovative features to avoid detection and removal, SpywareRemove.com malware experts have judged Win32/Rovnix's payload to be as standard as they come. Examples of issues that may linger until Win32/Rovnix is completely deleted by appropriate software can include:
- Win32/Rovnix can allow criminal access to your PC from a remote C&C server. This server can be used to steal files, download malicious files onto your PC, install unwanted programs or control your computer's actions.
- Win32/Rovnix can also harvest personal information, such as account passwords, to send to its aforementioned criminal partners. Win32/Rovnix has been noted to focus on web browsers (such as Internet Explorer and Chrome) for these attacks, but may also steal information from other sources or directly record your keyboard input.
- Instructions from its C&C server may reconfigure Win32/Rovnix to make other attacks, such as blocking security programs, redirecting your web browser to hostile sites or installing additional PC threats.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Win32/Rovnix may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
file.exeFile name: file.exe
Size: 194.04 KB (194048 bytes)
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 20, 2012
%APPDATA%\Microsoft\Crypto\RSA\RSA748565165.dllFile name: RSA748565165.dll
Size: 81.4 KB (81408 bytes)
Detection count: 91
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: January 27, 2016