Hi,
I'm looking for a dropper of Trojan:DOS/Rovnix.D.
According to MS, Trojan:DOS/Rovnix.D is a detection for the malicious Volume Boot Record (VBR); the malicious VBR is loaded at boot time.
Source: http://www.microsoft.com/security/porta ... ix.D#tab=2
MBR.dat (renamed as MBR.txt) attached. Is from this thread: http://www.bleepingcomputer.com/forums/ ... -with-mse/
I'm thinking MSE detects this partition as malicious:
Log from MSE attached as well
Thanks!
I'm looking for a dropper of Trojan:DOS/Rovnix.D.
According to MS, Trojan:DOS/Rovnix.D is a detection for the malicious Volume Boot Record (VBR); the malicious VBR is loaded at boot time.
Source: http://www.microsoft.com/security/porta ... ix.D#tab=2
MBR.dat (renamed as MBR.txt) attached. Is from this thread: http://www.bleepingcomputer.com/forums/ ... -with-mse/
I'm thinking MSE detects this partition as malicious:
Code: Select all
Please note the two 100MB partitions on disk 0.-----------------------[ PARTITION 2 ]------------------------
BOOTABLE : NO
PARTITION_TYPE : 0x07 ( NTFS / HPFS)
PARTITION_SIZE : 100 Mo
STARTING_SECTOR : 36866048
ENDING_SECTOR : 37070848
TOTAL_SECTORS : 204800
Log from MSE attached as well
Thanks!
Attachments
MSE log
(28.29 KiB) Downloaded 45 times
(28.29 KiB) Downloaded 45 times
copy of MBR from BC thread
(512 Bytes) Downloaded 34 times
(512 Bytes) Downloaded 34 times