Win32.Klest
Once executed, the virus tries to download an executable file to C:net.exe from one of the following locations:
- http://dd5.tesekl.info/[removed].exe
- http://w1.avpkav.com/[removed].exe
- http://dd.testkl.cn/[removed].exe
- http://dd2.tesekl.info/[removed].exe
and executes it. The downloaded file is a fileinfector which infects other files with this type of virus.
Most of installer packages become corrupted because the virus modifies the overlay data in an irredeemable way.
But the rest of files and all code data from executables can be restored.
Find out more about this security threat .
About The Author
![[Malware Review] Backdoor.R2D2.A a.k.a](http://www.hotforsecurity.com/wp-content/themes/goodnews/framework/scripts/timthumb.php?src=http://www.hotforsecurity.com/wp-content/themes/goodnews/images/default.png&h=91&w=126&zc=1 "[Malware Review] Backdoor.R2D2.A a.k.a")
