Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside of the partition. Yesterday Microsoft posted an update explaining a new "evolution" to rovnix that had been found.
more here........http://www.malwaretech.com/2014/05/rovnix-new-evolution.html
more here........http://www.malwaretech.com/2014/05/rovnix-new-evolution.html