Home / malware TrojanDropper:Win32/Rovnix.A
First posted on 14 February 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDropper:Win32/Rovnix.A.
Explanation :
Threat behavior
TrojanDropper:Win32/Rovnix.A is a trojan that modifies the New Technology File System (NTFS) boot sector of the hard drive to execute other malware. The trojan also installs a component, detected as Trojan:Win32/Rovnix.A, to restart the computer so the modified NTFS boot sector will execute.
Installation
When run, TrojanDropper:Win32/Rovnix.A writes malicious code to certain disk sectors of the local hard drive. It also modifies the NTFS boot sector to execute the written code. On 32-bit Windows computers, the malicious code is detected as VirTool:WinNT/Rovnix.A while on 64-bit computers the code is detected as VirTool:Win64/Rovnix.A.
Payload
Installs other malware
TrojanDropper:Win32/Rovnix.A installs a component, detected as Trojan:Win32/Rovnix.A, that restarts the computer. During the boot process of the affected computer, the modified NTFS boot sector will attempt to load the malicious code written by TrojanDropper:Win32/Rovnix.A.
Analysis by Chun Feng
Symptoms
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.
Last update 14 February 2014
