We received the file MOPOPWS.EXE and detected that MOPOPWS.EXE is not good.
MOPOPWS.EXE is Adware. You should remove the file MOPOPWS.EXE.
Kill the process MOPOPWS.EXE and remove MOPOPWS.EXE from Windows.
Malware Analysis of MOPOPWS.EXE
Full path on a computer: %Appdata%\MOpop\mopopws.exe
Detected by UnHackMe:
MOPOPWS.EXE
Default location: %Appdata%\MOpop\mopopws.exe
Removal Results: Success
Number of reboot: 1
MOPOPWS.EXE is known as:
Adware.KorAd
MOPOPWS.EXE hash:
- MD5: 404a304d086ff19b059344cf61f345e2
The file tries to download information from some web sites.
How to quickly detect MOPOPWS.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Micro OpenPop\DisplayName: “Micro OpenPop”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Micro OpenPop\UninstallString: “%Appdata%\MOpop\uninst.exe”
- HKLM\System\CurrentControlSet\Services\srvmopop\ImagePath: “%Appdata%\MOpop\srvmopop.exe”
- HKLM\System\CurrentControlSet\Services\srvmopop\DisplayName: “MOPOP Service”
Folders:- %Appdata%\MOpop
Files:- %Appdata%\MOpop\mopop.bat
- %Appdata%\MOpop\mopop.exe
- %Appdata%\MOpop\mopopm.exe
- %Appdata%\MOpop\mopopset.exe
- %Appdata%\MOpop\mopopunset.exe
- %Appdata%\MOpop\mopopup.exe
- %Appdata%\MOpop\mopopws.exe
- %Appdata%\MOpop\srvmopop.exe
- %Appdata%\MOpop\Sys1.bat
- %Appdata%\MOpop\Sys2.bat
- %Appdata%\MOpop\uninst.exe