Home / malware VirTool:WinNT/Rovnix.A
First posted on 14 February 2014.
Source: MicrosoftAliases :
There are no other names known for VirTool:WinNT/Rovnix.A.
Explanation :
Threat behavior
VirTool:WinNT/Rovnix.A is malicious code that is stored as disk sectors on the local drive of an affected computer on a 32-bit version of Windows. It attempts to inject other malware into running processes.
Installation
This malware is installed by TrojanDropper:Win32/Rovnix.A and is stored as disk sectors on the local drive of an affected computer. TrojanDropper:Win32/Rovnix.A modifies the NTFS (New Technology File System) boot sector to execute this malware at boot time.
Payload
Injects code into running processes
VirTool:WinNT/Rovnix.A injects malicious code into the following processes:
- svchost.exe
- iexplore.exe
- firefox.exe
- opera.exe
- chrome.exe
VirTool:WinNT/Rovnix.A can be configured to inject different malware components into processes including PWS:Win32/Lageliz.A or TrojanDownloader:Win32/Vundo.J.
Analysis by Chun Feng
Symptoms
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.
Last update 14 February 2014
