Win32.Klest

( Virus.Win32.Downloader.ax; W32.Mumawow.Y!inf; W32/Mypis.gen1; W32/Downloader.E )
Propagation : low
Dégât : medium
Size: ~600
Détecté : 2008 Apr 15

SYMPTOMS:

- Presence of file net.exe in C:\ directory.
- Growing in size of some executable file by ~600 byte or less.
- Some insallers become currupted.
- Inceased internet traffic




TECHNICAL DESCRIPTION:

Once executed, the virus tries to download an executable file to C:\net.exe  from one of the following locations:
- http://dd5.tesekl.info/[removed].exe
- http://w1.avpkav.com/[removed].exe
- http://dd.testkl.cn/[removed].exe
- http://dd2.tesekl.info/[removed].exe
and executes it. The downloaded file is a fileinfector which infects other files with this type of virus.
Most of installer packages become corrupted because the virus modifies the overlay data in an irredeemable way.
But the rest of files and all code data from executables can be restored by BitDefender.

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Suiu Andrei, virus researcher