It is not a replacement for a full antivirus solution that provides ongoing protection. It is meant to be used in situations where you cannot start or scan your computer because it is infected with malware that prevents antivirus products from working normally.
Before you begin you will need:
A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of Windows Defender Offline
A blank CD, DVD or USB drive (also known as a USB key or thumb drive). You will use this CD, DVD or USB drive to run the tool on your infected computer
Follow these steps to use Windows Defender Offline:
In order for the recovery tool to be effective, make sure you download the version that matches the your infected computer. For example, your desktop computer has been infected with malware. The computer is running a 64-bit version of Windows. Your friend's laptop, however, is not infected, and so you use that to download Windows Defender Offline. Your friend's laptop is running a 32-bit version of Windows, so when you download the tool, you choose the 64-bit version, because that is the version that matches your computer.
Install the tool on a blank CD, DVD, or USB drive
Insert the CD, DVD, or USB drive into your infected computer and run the tool
Let the tool clean your computer and remove any infections it finds
After running the tool, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions. You can use the Microsoft Safety Scanner if you suspect you are infected but are unable to confirm this with your existing antivirus software.
Trojan:DOS/Rovnix.F is a detection for a malicious volume boot record (VBR). It tries to tamper with some Windows kernel data to load its own malicious driver. This trick may bypass the diver signature enforcement on a 64-bit system.
To hide itself, the trojan intercepts the hard disk I/O (input / output) operation. It restores the original clean copy of the VBR if it is accessed during the operation.
Installs other malware
The malicious driver injects other malware components into explorer.exe.
These components contact the domain youtubeflashserver.com to download other malware.