tcexperts77
asked on
Potential Threat: Rovnix.W and Rovnix.gen!C
Microsoft Security Essentials keeps finding 2 potential threats:
1) Virus:DOS/Rovnix.W
Details: boot\\.\PHYSICALDRIVE0\PAR
2) Virus:Win64/Rovnix.gen!C
Details: rootkit:Rovnix->Vbr::Rovni
I have tried to "clean" these, later tried to "Remove" these threats with Microsoft Security Essentials. I've scanned with Malwarebytes, I've also tried Roguekiller, MBAR, and Combofix.
Nothing has been successful.
Help!
1) Virus:DOS/Rovnix.W
Details: boot\\.\PHYSICALDRIVE0\PAR
2) Virus:Win64/Rovnix.gen!C
Details: rootkit:Rovnix->Vbr::Rovni
I have tried to "clean" these, later tried to "Remove" these threats with Microsoft Security Essentials. I've scanned with Malwarebytes, I've also tried Roguekiller, MBAR, and Combofix.
Nothing has been successful.
Help!
aadih
If possible, restore your computer to an earlier time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I always thought these things infect System Restore, so that probably wouldn't help?
I have not run TDSS Killer - should I?
I've already tried the website from jcimarron.
There is no Registry entry with Trojan DOS/Rovnix.W. or any of those words (except DOS).
There is no task in Task Manager with Trojan DOS/Rovnix.W. or any of those words (except DOS).
There are no folders with Trojan DOS/Rovnix.W. or any of those words (except DOS).
My concern is about the location of Virus:DOS/Rovnix.W : boot\\.\PHYSICALDRIVE0\PAR
Doesn't that mean it is in a location on the hard drive before (or right at) where it loads Windows? Will any virus removal programs even be able to remove it?
I have not run TDSS Killer - should I?
I've already tried the website from jcimarron.
There is no Registry entry with Trojan DOS/Rovnix.W. or any of those words (except DOS).
There is no task in Task Manager with Trojan DOS/Rovnix.W. or any of those words (except DOS).
There are no folders with Trojan DOS/Rovnix.W. or any of those words (except DOS).
My concern is about the location of Virus:DOS/Rovnix.W : boot\\.\PHYSICALDRIVE0\PAR
Doesn't that mean it is in a location on the hard drive before (or right at) where it loads Windows? Will any virus removal programs even be able to remove it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I removed the hard drive, scanned it with TDSS Killer on another PC.
The rootkit was found and removed.
Only problem now is Windows doesn't load in the normal or safe mode.
Normal mode goes to desktop, mouse moves, but there is nothing to click on.
Safe mode doesn't go beyond the list of commands ("Loading Windows files").
The rootkit was found and removed.
Only problem now is Windows doesn't load in the normal or safe mode.
Normal mode goes to desktop, mouse moves, but there is nothing to click on.
Safe mode doesn't go beyond the list of commands ("Loading Windows files").
tcexperts77--
Some rogue programs hide the desktop icons. The unhide program should fix that
http://www.bleepingcomputer.com/download/unhide/
Some rogue programs hide the desktop icons. The unhide program should fix that
http://www.bleepingcomputer.com/download/unhide/
ASKER
OK - check this out:
I ran the Dell pre-boot diagnostics (this is an Optiplex 7010) and the hard drive failed!
Dell is going to send a replacement drive, as this PC is less than 1 year old.
Could this Rootkit - or any virus - actually cause a hard drive to fail?
I ran the Dell pre-boot diagnostics (this is an Optiplex 7010) and the hard drive failed!
Dell is going to send a replacement drive, as this PC is less than 1 year old.
Could this Rootkit - or any virus - actually cause a hard drive to fail?
ASKER
What is:
Blind links deleted.
Blind links deleted.
here they say MS security essentials detects and removes it : http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Virus%3ADOS%2FRovnix.W
tcexperts77--
Did you try the unhide program to restore Desktop icons? http:#a39800308
Did you try the unhide program to restore Desktop icons? http:#a39800308
ASKER
I tried everything imaginable. I realized something else may be wrong because the PC wasn't even responding to my mouse & keyboard actions. I couldn't even start it in the safe mode. That is when I decided to shut down the computer, wait, then restart it and run the Dell diagnostics program BEFORE it booted into Windows. When the diagnostics program showed the hard drive was bad, I called Dell to get a replacement drive. I don't plan to do anything more with the bad drive (that was infected previously and cleaned with TDSSKiller) when I get the good hard drive.
My final question was if the original rootkit infection could have caused the hard drive to go bad. I think this is a very important question because I have never heard of a virus physically damaging a hard drive. I think this rootkit may have stressed out (overworked?) this drive and actually wore it out. Does anybody else have any knowledge on this -- or should I start a new topic?
My final question was if the original rootkit infection could have caused the hard drive to go bad. I think this is a very important question because I have never heard of a virus physically damaging a hard drive. I think this rootkit may have stressed out (overworked?) this drive and actually wore it out. Does anybody else have any knowledge on this -- or should I start a new topic?
>> My final question was if the original rootkit infection could have caused the hard drive to go bad << i've not yet seen one virus that caused the drive to die
No, it is highly improbable that a root-kit infection will cause a hard drive to fail; but stranger things have happened.
ASKER
Since the drive failed at the same time, I won't know for sure.
TDSSKiller did find and remove the rootkit when nothing else was successful.
Thanks for all the info.
TDSSKiller did find and remove the rootkit when nothing else was successful.
Thanks for all the info.
>> Since the drive failed at the same time, I won't know for sure. << why not runa long diag on it, from i'ts manufacturer? seagate for seagates, WD for WD..
i use UBCD for it all teh time :
Hardware diagnostic CD UBCD
go to the download page, scroll down to the mirror section, and click on a mirror to start the download
Download the UBCD and make the cd <<==on a WORKING PC, and boot the problem PC from it
Here 2 links, one to the general site, and a direct link to the download
since the downloaded file is an ISO file, eg ubcd527.iso - so you need to use an ISO burning tool
if you don't have that software, install cdburnerXP : http://cdburnerxp.se/
If you want also the Ram tested - run memtest86+ at least 1 full pass, - you should have NO errors!
For disk Diagnostics run the disk diag for your disk brand (eg seagate diag for seagate drive) from the HDD section - long or advanced diag ! (runs at least for30 minutes)
http://www.ultimatebootcd.com/ ultimate boot cd
http://www.ultimatebootcd.com/download.html download page
you may even be able to repair it with HDDRegenerator (not free), but run the trial, and see if it fixes the first sector http://www.dposoft.net/hdd.html
i use UBCD for it all teh time :
Hardware diagnostic CD UBCD
go to the download page, scroll down to the mirror section, and click on a mirror to start the download
Download the UBCD and make the cd <<==on a WORKING PC, and boot the problem PC from it
Here 2 links, one to the general site, and a direct link to the download
since the downloaded file is an ISO file, eg ubcd527.iso - so you need to use an ISO burning tool
if you don't have that software, install cdburnerXP : http://cdburnerxp.se/
If you want also the Ram tested - run memtest86+ at least 1 full pass, - you should have NO errors!
For disk Diagnostics run the disk diag for your disk brand (eg seagate diag for seagate drive) from the HDD section - long or advanced diag ! (runs at least for30 minutes)
http://www.ultimatebootcd.com/ ultimate boot cd
http://www.ultimatebootcd.com/download.html download page
you may even be able to repair it with HDDRegenerator (not free), but run the trial, and see if it fixes the first sector http://www.dposoft.net/hdd.html
tcexperts77--Glad to have helped.