We received the file KOREAMESSENGER_CP.EXE and detected that KOREAMESSENGER_CP.EXE is not good.
KOREAMESSENGER_CP.EXE is Adware. You should remove the file KOREAMESSENGER_CP.EXE.
Kill the process KOREAMESSENGER_CP.EXE and remove KOREAMESSENGER_CP.EXE from Windows.
Malware Analysis of KOREAMESSENGER_CP.EXE
Full path on a computer: %Program Files%\KoreaMessenger CP\koreamessenger_CP.exe
Detected by UnHackMe:
KOREAMESSENGER_CP.EXE
Default location: %Program Files%\KoreaMessenger CP\koreamessenger_CP.exe
Removal Results: Success
Number of reboot: 1
KOREAMESSENGER_CP.EXE is known as:
Adware.KorAd, TR.Agent.bta, PUP.CloverPlus, a variant of Win32.Adware.CloverPlus.AD, Backdoor.Runagry
KOREAMESSENGER_CP.EXE hash:
- MD5: 697f84111b56f9ca36a65fe2a1ccbfa4
The file tries to download information from some web sites.
How to quickly detect KOREAMESSENGER_CP.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\clover_u: “%Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\clover: “%Program Files%\KoreaMessenger CP\koreamessenger_CP.exe”
Folders:- %Program Files%\KoreaMessenger CP
Files:- %Program Files%\KoreaMessenger CP\koreamessenger_CP.exe
- %Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe
- %WinDir%\CloverPlus.cot