Win32/Rovnix

Win32/Rovnix is a family of boot sector rootkits (AKA bootkits) that consist of multiple components and variants, all of which are dangerous to your computer's security and privacy to a degree that can range from moderately high to immensely so. Updated variants of Win32/Rovnix rootkits can be considered even more difficult to detect than standard rootkits due to their inclusion of unorthodox infection methods and self-preserving anti-security functions. Some components in a Win32/Rovnix infection, such as Win32/Rovnix.B, are used primarily to download, install and run other malicious files, while other members of Win32/Rovnix can contain more specialized functions than the above. In all scenarios, however, Win32/Rovnix will never consist of a single infection and can allow remote criminals to attack your computer from their own server. SpywareRemove.com malware experts recommend that you use only the best anti-malware software available to find and remove Win32/Rovnix, which should be assumed to active until you've taken specific steps to disable Win32/Rovnix and all related PC threats.

The Evolving Nature of Win32/Rovnix Attacks

Unlike the majority of rootkits, even early Win32/Rovnix rootkits such as Win32/Rovnix.A (also known by the aliases BackDoor-CEP and Trojan:Win32/Sisproc eschew usage of Master Boot Record-based attacks which, while effective, are also easily detected by appropriate anti-malware programs. Instead, rootkits from the Win32/Rovnix family use an infection startup method that involves attacks against your computer's NTFS bootstrap code. New variants from Win32/Rovnix (such as Win32/Rovnix.B) have taken this several steps further by adding anti-detection encryption and a basic level of polymorphism, amongst other improvements. At the end of the day, these upgrades all serve to make new versions of Win32/Rovnix rootkits extremely difficult to detect and remove even in cases of normally-qualified anti-malware applications.

Win32/Rovnix rootkits also function in multiple components, and may even be included partially in infections that are linked to other types of PC threats, such as Win32/Carberp-based Trojan droppers. They're capable of attacking both 32-bit and 64-bit versions of Windows, and, after installation, should be assumed to be constantly operational unless you've used specific anti-rootkit measures to disable them. However, like most rootkits, Win32/Rovnix rootkits will not show significant symptoms of their presence, although SpywareRemove.com malware researchers add the caveat that you may notice symptoms from other PC threats that Win32/Rovnix has downloaded onto your PC. Unlike normal programs, Win32/Rovnix even includes its own file system to conceal related files, which can make Win32/Rovnix very close to effectively invisible.

What Win32/Rovnix's New Features Mean for Your Privacy

Although Win32/Rovnix does use innovative features to avoid detection and removal, SpywareRemove.com malware experts have judged Win32/Rovnix's payload to be as standard as they come. Examples of issues that may linger until Win32/Rovnix is completely deleted by appropriate software can include:

• Win32/Rovnix can allow criminal access to your PC from a remote C&C server. This server can be used to steal files, download malicious files onto your PC, install unwanted programs or control your computer's actions.
• Win32/Rovnix can also harvest personal information, such as account passwords, to send to its aforementioned criminal partners. Win32/Rovnix has been noted to focus on web browsers (such as Internet Explorer and Chrome) for these attacks, but may also steal information from other sources or directly record your keyboard input.
• Instructions from its C&C server may reconfigure Win32/Rovnix to make other attacks, such as blocking security programs, redirecting your web browser to hostile sites or installing additional PC threats.

Technical Details