Litter Korean rogue lurking IV

Korean rogue fourth part of the "litter" that haunts the past few days looking for potential victims caught in Korea. At times the rogue that spread can have an option to change the language, so that coverage is much wider infection, however, in this case, it's directed at specific populations rogue.

PrivacyCorp
privacycop.co.kr - 114.108.168.8 - DACOM-NET LG DACOM

The IP is also the following domains:
ad-clear.com
info-dr.com

privacycop_setup.exe (8362c089bc4f7932dc885e23044cb2f6)
privacy_mediccop.exe (46f2a84d7217a5ca56208ea0b13c6f52)

The circuit is part rogue criminal systems led by members who pay a percentage of money for each installation of the threat spread. This case is no exception. The rogue reports successful installation immediately after infection.

privacycop.co.kr/app_linkage/app_install.php?addr=000C29CA888C&ptn=home
log.adsence.co.kr/logexp.php?aid=privacycop&pid=home&kind=inst
privacycop.co.kr/app_linkage/app_setting.php?mac=00-0C-29-CA-88-8C
3e
payed=0
pw_usr=
pw_sup=1470
hp1=
hp2=
hp3=
small=300
big=3660

file.privacycop.co.kr/update.php
6d
privacycop.exe=0.328
pvcupdater.exe=0.112
pvchk.dll=0.1
pvcuninst.exe=0.1
pvcwcher.exe=0.112
pvcpopd.dll=0.1

privacycop.co.kr/app_linkage/app_boot.php?ver=.0.4.5.3
privacycop.co.kr/popup_settle.html?addr=00-0C-29-CA-88-8C

Countermeasures
Terminate the processes called privacycop.exe and pvcwcher.exe. You can use the ProcessExplorer to view and terminate processes.

Uninstall from Program Files
Running updated antivirus

Related information

Litter Korean rogue lurking III
Litter Korean rogue lurking II
Litter Korean rogue lurking I
PC Defender Antivirus rogue update system registry
Phoenix Exploit's Kit and Pay-per-Install via PC Defender Antivirus
Dangerous trojans, keyloggers and Spyware detected in you computer!!!
Desktop Hijack by Internet Security 2010. Your System Is Infected!