Symptoms
- Presence of file net.exe in C:\ directory.
- Growing in size of some executable file by ~600 byte or less.
- Some insallers become currupted.
- Inceased internet traffic
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Suiu Andrei, virus researcher
Technical Description:
Once executed, the virus tries to download an executable file to
C:\net.exe from one of the following locations:
- http://dd5.tesekl.info/[removed].exe
- http://w1.avpkav.com/[removed].exe
- http://dd.testkl.cn/[removed].exe
- http://dd2.tesekl.info/[removed].exe
and executes it. The downloaded file is a fileinfector which infects other files with this type of virus.
Most of installer packages become corrupted because the virus modifies the overlay data in an irredeemable way.
But the rest of files and all code data from executables can be restored by BitDefender.
SHARE
THIS ON