SecurityHome.eu Trojan:DOS/Rovnix.D

Home / malware PDF

Trojan:DOS/Rovnix.D

First posted on 17 April 2013.
Source: Microsoft
Aliases :
There are no other names known for Trojan:DOS/Rovnix.D.
Explanation :

Installation

Trojan:DOS/Rovnix.D may be distributed by malware exploiting Java vulnerabilities, or installed by other malware, for example TrojanDropper:Win32/Rovnix.H.

Additional information

Trojan:DOS/Rovnix.D is a detection for the malicious Volume Boot Record (VBR); the malicious VBR is loaded at boot time. It attempts to tamper with some Windows kernel data to load its own malicious driver. This trick may bypass the Driver Signature Enforcement on a 64-bit system.

The malicious driver injects other malware components, for example Trojan:Win32/Claretore.L, into the "explorer.exe" to process.

To hide its presence on the computer, the loaded driver intercepts the hard disk I/O (input / output) operation, and it returns the original clean copy if the VBR is accessed.

Analysis by Chun Feng

Last update 17 April 2013

TOP

Malware :

Last 20

Family:

Trojan:DOS/Rovnix.D