[KB3471] How do I remove Rovnix (Rovnix.A) trojan?

Issue

  • Your ESET product detects the threat Win32/Rovnix or Win32/Rovnix.A

Details

Win32/Rovnix is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine. It uses techniques common among rootkits.

Solution

I. Download the ESET Rovnix Cleaner tool

  1. Download the ESET Rovnix Cleaner tool.
     
  2. Save the file to your Desktop and continue to part II (in some cases, the tool will be automatically saved to your Downloads folder).
     

II. Run the ESET Rovnix Cleaner tool

  1. Navigate to your Desktop and double-click ESETRovnixCleaner.exe.

 
Figure 2-1

  1. Click Yes when prompted by User Account Control.
     
  2. After you Accept the license, the tool will scan your system and close automatically with the "You don't have Win32/Rovnix in your system." message if no threats are present. If a threat is found, press Y and follow the on-screen prompts to clean your system (see Figure 2-2).

 
Figure 2-2

  1. A computer restart will be performed when the tool finishes running. It is required to remove all remaining files related to the Win32/Rovnix threat. When you are finished, proceed to part III.

 
Figure 2-3

III. Perform an In-depth Computer scan

  1. Open ESET Smart Security or ESET NOD32 Antivirus. How do I open my ESET product?
     
  2. Click Computer Scan → Custom scan  and select In-depth scan from the Scan profile drop-down menu.


Figure 3-1

  1. Select the check box next to Computer and click Scan (Windows XP users: Select the check box next to My Computer and then click Scan). The scan will remove any remnants of the malware still left on your system.


Figure 3-2

Need Assistance in North America?

If you are a North American ESET customer and need assistance, view product documentation or visit helpus.eset.com to chat with a live technician.