DOS/Rovnix.W is a malicious Volume Boot Record (VBR), which is loaded at boot time. It tries to tamper with some Windows kernel data to load its own malicious driver. This might bypass the Driver Signature Enforcement on a 64-bit system.
The malicious driver injects other malware components, for example Trojan:Win32/Claretore.L, into the explorer.exe process.
To hide its presence on your PC, the loaded driver intercepts the hard disk I/O (input/output) operation, and returns the original clean copy if the VBR is accessed.
Many of the scanning tools we use in this forum are not capable of detecting (repairing/removing) all malware variants. Disinfection will probably require the use of more powerful tools than we can recommend in this forum
. Before that can be done you will need to create and post a DDS log for further investigation.
Please follow the instructions in the Malware Removal and Log Section Preparation Guide
starting at Step 6.
- If you cannot complete a step, then skip it and continue with the next.
- In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team.
Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
After doing this, please reply back in this thread with a link to the new topic so we can closed this one.