TrojanDropper:Win32/Rovnix.I
Posted: July 26, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | July 26, 2013 |
|---|---|
| Last Seen: | March 18, 2020 |
| OS(es) Affected: | Windows |
TrojanDropper:Win32/Rovnix.I is an installer for recent versions of Win32/Rovnix, a general-purpose Trojan that, by default, enables backdoor and spyware attacks, as well as supporting reconfigurations for other unreliable functions. Although this family has been in circulation for quite a while, recent attacks involving compromised e-mail attachments have pushed TrojanDropper:Win32/Rovnix.I's distribution upwards, and with TrojanDropper:Win32/Rovnix.I, the distribution of other Rovnix-based PC threats, as well as a variant of the Trojan Zeus banking Trojan. All of the above are high-level PC threats, and malware researchers strongly warn against attempting to find or remove TrojanDropper:Win32/Rovnix.I – or anything installed by TrojanDropper:Win32/Rovnix.I – without appropriate anti-malware tools at your disposal.
The Invisible Problems that TrojanDropper:Win32/Rovnix.I Drops on Your Hard Drive
TrojanDropper:Win32/Rovnix.I is one of several PC threats in a coordinated, sophisticated campaign of spyware attacks. The most prominent campaign so far uses targeted e-mails that fake package delivery notifications, invoices, taxation-related alerts and similar semi-believable 'official' correspondence. However, unlike real messages from such sources, all of them direct you to open a harmful file attachment, which installs the first member of the Trojan attack party: Win32/Upatre. Upatre is a Trojan downloader that's widely distributed throughout the United States, but, in contrast to Zeus, hasn't been seen in many other countries.
Win32/Upatre also may be distributed through corrupted or hacked sites that host drive-by-download attacks. These attacks use software exploits (such as vulnerabilities in Java) to install Upatre automatically, and loading such a site in an unprotected browser is all that's necessary to allow this to happen.
Although Upatre's main payload is a variant of Zeus, a Trojan that's notorious for its regular evolution and subtle attempts to compromise bank accounts, the newest Upatre attacks also install TrojanDropper:Win32/Rovnix.I. TrojanDropper:Win32/Rovnix.I doesn't have many independent functions and mostly is intended for installing other components of a standard Rovnix infection, which uses boot-sector rootkit attacks. Like Zeus, Rovnix is most well-known for its information stealing spyware attacks, but malware experts emphasize that both of these PC threats also include backdoor functions that let criminals have general access to your system.
The result is that making the mistake of opening a corrupted file attachment or visiting a corrupted site may give criminals essentially total access to your PC and all the personal information stored on it.
Nixing a TrojanDropper:Win32/Rovnix.I Infection Before It Gets out of Hand
Even though TrojanDropper:Win32/Rovnix.I's independent functions are limited in their scope, payloads installed by TrojanDropper:Win32/Rovnix.I and payloads related to affiliated PC threats make any TrojanDropper:Win32/Rovnix.I infection a security breach of the greatest possible degree. Despite the risks involved, TrojanDropper:Win32/Rovnix.I, other components of Rovnix, Zeus and Upatre don't display any symptoms of an easily visible nature, and malware experts warn that all of them use advanced techniques to hide themselves on your computer.
With such high stakes and such limited ability to find TrojanDropper:Win32/Rovnix.I easily, it shouldn't come as a surprise that malware researchers heavily recommend using anti-malware products for deleting TrojanDropper:Win32/Rovnix.I or related malware. Until that time, your personal information is highly at risk of being stolen by criminals – especially when it comes to your bank account.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.