We received the file KOREAMESSENGER_CP_UPDATER.EXE and detected that KOREAMESSENGER_CP_UPDATER.EXE is not good.
KOREAMESSENGER_CP_UPDATER.EXE is Adware. You should remove the file KOREAMESSENGER_CP_UPDATER.EXE.
Kill the process KOREAMESSENGER_CP_UPDATER.EXE and remove KOREAMESSENGER_CP_UPDATER.EXE from Windows.
Malware Analysis of KOREAMESSENGER_CP_UPDATER.EXE
Full path on a computer: %Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe
Detected by UnHackMe:
KOREAMESSENGER_CP_UPDATER.EXE
Default location: %Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe
Removal Results: Success
Number of reboot: 1
KOREAMESSENGER_CP_UPDATER.EXE is known as:
Adware.CloverPlus, Trojan.A.Agent.114688.IA, PUP.CloverPlus, a variant of Win32.Adware.CloverPlus.AB, W32.Agentb.AALW.tr, Agent4.ASQN
KOREAMESSENGER_CP_UPDATER.EXE hash:
- MD5: dea20836cc6825ba3b39cd32226350b7
The file tries to download information from some web sites.
How to quickly detect KOREAMESSENGER_CP_UPDATER.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\clover_u: “%Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\clover: “%Program Files%\KoreaMessenger CP\koreamessenger_CP.exe”
Folders:- %Program Files%\KoreaMessenger CP
Files:- %Program Files%\KoreaMessenger CP\koreamessenger_CP.exe
- %Program Files%\KoreaMessenger CP\koreamessenger_CP_updater.exe
- %WinDir%\CloverPlus.cot