Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rovnix.D - False Positive with MSE?

  • Please log in to reply
1 reply to this topic

#1 mnwatson1


  • Members
  • 27 posts
  • Local time:01:29 AM

Posted 20 June 2013 - 09:21 PM

I had a run-in several weeks ago with Rovnix.D on my machine that I ended up not even knowing about until it was already blue screening my x64 Win7 machine.  I ended up having to reformat my machine and reinstall after a blue screen trashed my boot sector completely (as well as my registry) when I attempted to do a roll-back/restore, and even ended up losing access to my PC's restore partition.  Long story short, I ended up doing things the old-fashioned way, getting a copy of Win7 x64, inputting my key from the sticker on my machine, and then hunting down drivers (I kept putting off making those restore DVDs for my machine, so I still don't have access).  It was a pain in the rear.  I had been running AVG antivirus at the time, and it never detected it.


Since the reinstall, things have worked wonderfully of course, but suddenly, about two weeks ago, MSE detected a Rovnix.D infection in my boot sector again.  >.<;;;  I've tried everything I can think of, short of reformatting again (please God, NO!) to remove it.  Nothing else detects it except their Security suite, which states that it partially removes the infection.  MSE tries to remove it, says it cannot due to security issues, and suggests quarantining, however the button to do so is grayed out and unclickable, and my only option is to close the window.  RIGHT NOW, everything runs properly, though there have been a few recent issues with slowdown that I can't account for with my running programs.


I used to do computer repair as a profession, but software issues like this were never my forte.  I've tried everything I can think of to get rid of this problem, assuming it's there, but have had absolutely no luck.  Like I said before, either nothing sees it, or it can't be removed (Microsoft's tools).  I've tried MBAM, their rootkit, ComboFix, etc and NOTHING has found it.


Any help, ideas, general finger-pointed-in-the-right-direction, etc, would be greatly appreciated!


Thanks so much!


Incidentally, to introduce myself, my name is Molly, I've been working with/on computers for about 18 years now (wow...) and this is the first virus/trojan/slimy piece of software that I haven't been able to remove myself.  >.<;  I feel so defeated by this thing.


EDIT:  Incidentally, I have also looked for any 'unusual' or 'strange' processes running that might be the trojan, but there is nothing that isn't launched legitimately running.  Even in safe mode with minimal processes running, MSE still gives the error about removing it. 

Edited by mnwatson1, 20 June 2013 - 09:24 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,490 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 21 June 2013 - 12:18 PM

Hello, having run ComboFix please post that log with a DDS log if possible in a new topic.
.Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users