My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Klest

LOW
MEDIUM
~600
(Virus.Win32.Downloader.ax; W32.Mumawow.Y!inf; W32/Mypis.gen1; W32/Downloader.E)

Symptoms

- Presence of file net.exe in C:\ directory.
- Growing in size of some executable file by ~600 byte or less.
- Some insallers become currupted.
- Inceased internet traffic




Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Suiu Andrei, virus researcher

Technical Description:

Once executed, the virus tries to download an executable file to C:\net.exe  from one of the following locations:
- http://dd5.tesekl.info/[removed].exe
- http://w1.avpkav.com/[removed].exe
- http://dd.testkl.cn/[removed].exe
- http://dd2.tesekl.info/[removed].exe
and executes it. The downloaded file is a fileinfector which infects other files with this type of virus.
Most of installer packages become corrupted because the virus modifies the overlay data in an irredeemable way.
But the rest of files and all code data from executables can be restored by BitDefender.