Troj/Dloader-LI is a downloader Trojan.
When first run Troj/Dloader-LI copies itself to the Windows system folder with a random filename and runs itself on startup by adding its pathname to a new registry entry under:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The new registry entry will have a random name different from the filename, for example:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ksrlnhm
<Windows system folder>\zxatgso.exe
Troj/Dloader-LI tries to download and install files from a remote location.
Troj/Dloader-LI injects code into new hidden instances of explorer.exe and packager.exe.
These processes prevent each other from being terminated and refresh the registry startup key mentioned above, in order to prevent its deletion.