We recently discovered another evolution in Rovnix – a variant that introduces a new Virtual File System (VFS).
With our latest signature update we detect this Rovnix dropper as TrojanDropper:Win32/Rovnix.L and the infected VBR (Volume Boot Record) as Virus:DOS/Rovnix.gen!A.
Unlike older Rovnix variants that store their components as raw disk sectors at the end of the disk, TrojanDropper:Win32/Rovnix.L stores its components in a binary file: %system32%\<hex>.bin.
more here........http://blogs.technet.com/b/mmpc/archive/2014/05/05/the-evolution-of-rovnix-new-virtual-file-system-vfs.aspx
With our latest signature update we detect this Rovnix dropper as TrojanDropper:Win32/Rovnix.L and the infected VBR (Volume Boot Record) as Virus:DOS/Rovnix.gen!A.
Unlike older Rovnix variants that store their components as raw disk sectors at the end of the disk, TrojanDropper:Win32/Rovnix.L stores its components in a binary file: %system32%\<hex>.bin.
more here........http://blogs.technet.com/b/mmpc/archive/2014/05/05/the-evolution-of-rovnix-new-virtual-file-system-vfs.aspx