“Microsoft Security Essentials keeps picking up a Virus:DOS/Rovnix.D, telling me to restart the computer to complete clean, as soon as I reboot the computer the same virus appears as soon as I scan again. It either says the virus cannot be found or there is an error encountered while taking an action with it (e.g quarantine, remove, clean). Often now and again I also pick up a PWS:Win32/Zbot.gen!AP as well which seems to be removed, but after another scan it appears quite frequently.” – Quote
What Are The Dangers Behind Trojan:DOS/Rovnix.D Reappearance?
“For the past couple of weeks my computer has been completely crashing randomly, showing a blue screen. Not only does my computer crash, but my google chrome crashes constantly. Some times its so bad i can't even get on because it'll crash three seconds after opening a tab. I have microsoft security essentials on my computer. After running a quick scan (I'm unable to run a full scan because the computer always crashes before it has time to be completed), it told me that it detected " Trojan:DOS/Rovnix.D and that the alert level is severe. I don't know how to get rid of this virus, and though it says I should "quarantine" it, I don’t know what that means, and the option is unavailable. “ - Quote
Trojan:DOS/Rovnix.D belongs to Rovnix Trojan family that features the capability of using VBR (Volume Boot Record) infection (NTFS bootstrap code) for loading unsigned kernel-mode drivers. In other word, Trojan:DOS/Rovnix.D attacks hard disk drive other than software exclusively just like any other average Trojan horse, which indicates that disk format will not help remove Virus:DOS/Rovnix.D thoroughly as boot record does not belong to any disk.
Payloads that Prevent Automatic Removal
- Trojan:DOS/Rovnix.D writes its own data to the end of a physical drive for the settlement and execution of its copies in pivotal sections within a target system, such as startup configuration, and security service;
- Trojan:DOS/Rovnix.D adds self-made values and keys into Database to make further insurance.
- Trojan:DOS/Rovnix.D manages to generate files with System (S) and Hidden (H) attributes.
- Trojan:DOS/Rovnix.D deletes original executable file when the entire installation is finished.
From the above payloads, we are told that the Trojan horse is capable of disabling security defense. As a consequence, other infections could take advantage of vulnerability or loophole to fulfill infiltration. It is worthy of the mention that backdoor program is attached to Trojan:DOS/Rovnix.D, unsolicited access from cyber criminal can be made to collect personal information, including:
- System configuration: by selling such information to other spammers, the author behind Trojan:DOS/Rovnix.D can make easy money as spammers hunger for finding out vulnerability and realize broader and faster spread.
- Log-in credential: utilizing such information could help Trojan:DOS/Rovnix.D to spread vicious code through emails accounts and other social accounts without authorization.
- Online whereabouts: by reselling such information to spammers, the author behind Trojan:DOS/Rovnix.D could get profitable income as spammers want the information so as to target the mostly visited sites for wider and more effective spread.
Steps to Help Remove Trojan:DOS/Rovnix.D
Step1. Access Safe Mode to remove Trojan:DOS/Rovnix.D.
Restart the affected computer > keep tapping on “F8 key” when the computer is booting > select ‘Safe Mode’ on “Windows Advanced Options Menu” screen > press Enter key.
Restart the affected computer > hold the Shift button and keep tapping on the F8 key as the computer is booting > ‘See advanced repair options’ > ‘Troubleshoot’ > ‘Advanced Options’ > ‘Windows Startup Settings’ > ‘Restart’ button.
Step2. Change the partitions to remove Trojan:DOS/Rovnix.D.
- Spread Start menu and access Control Panel (for Windows8 users, Control Panel can be reached from “Unpin” menu) for System and Security.
- Select Administrative Tools to double-click Computer Management.
- Locate Storage in the left pane to access Disk Management.
- Right-click the volume you want to shrink to select Shrink Volume.
- Follow on-screen instructions to finish the re-partition.
Step3. Execute hard disk low level format to remove Trojan:DOS/Rovnix.D.
- Take the old disk and connect it to your machine.
- Wait for the system to identify the disk.
- Execute the dd command against the device that has Trojan:DOS/Rovnix.D.
- It would take a long while to finish the low-level formatting due to churning CPU (5-6 hours is required to low-level format a disk as large as 500GB).
One should pay extreme caution when carrying out the above recommended removal method. Mistake in choosing which storage device to zero could lead to total, absolute, irrecoverable destruction of your critical data. Low-level formatting is not always recommended in dealing with virus unless there aren’t any other better ways.
Other Notorious Rovnix Variants: