SecurityHome.eu Virus:DOS/Rovnix.F

Home / malware PDF

Virus:DOS/Rovnix.F

First posted on 14 February 2014.
Source: Microsoft
Aliases :
There are no other names known for Virus:DOS/Rovnix.F.
Explanation :
Threat behavior

Installation

Trojan:DOS/Rovnix.F may be installed by TrojanDropper:Win32/Rovnix.I.

Trojan:DOS/Rovnix.F is a detection for a malicious volume boot record (VBR). It tries to tamper with some Windows kernel data to load its own malicious driver. This trick may bypass the diver signature enforcement on a 64-bit system.

To hide itself, the trojan intercepts the hard disk I/O (input / output) operation. It restores the original clean copy of the VBR if it is accessed during the operation.

Payload

Installs other malware

The malicious driver injects other malware components into explorer.exe.

These components contact the domain youtubeflashserver.com to download other malware.

Analysis by Chun Feng

SymptomsThere are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Last update 14 February 2014

TOP

Malware :

Last 20

Virus:DOS/Rovnix.F

Aliases :

Explanation :

Malware :

Family: