Trojan:Win32/C2Lop.D is a trojan that attempts to download other trojans or adware, which are usually members of the TrojanDownloader:Win32/Swizzor and Adware:Win32/Lop families.
When Trojan:Win32/C2Lop.D is run, it launches Internet Explorer from this file path:
%Program Files%\Internet Explorer\iexplore.exe
Next, this trojan injects its code into the running Internet Explorer process. Additionally, Trojan:Win32/C2Lop.D adds the following registry value with data:
Adds value: balltick
With data: <random characters>
To subkey: HKEY_CURRENT_USER\Software\1ActiveAmok
Trojan:Win32/C2Lop.D may add these files:
%Temporary Internet Folder%\IN9kgen_up.int
Downloads and Executes Arbitrary Files
This trojan may connect to a remote Web site to download and execute arbitrary files. The downloaded files are usually members of TrojanDownloader:Win32/Swizzor and Adware:Win32/Lop families. Once the downloaded files are successfully installed, unwanted pop-ups and advertisements may be displayed on the desktop of the affected machine.