Adware

Adware.Ursu.459 (B) removal guide

Malware Removal

The Adware.Ursu.459 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Ursu.459 (B) virus can do?

  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Adware.Ursu.459 (B)?


File Info:

crc32: 9AA17960
md5: 7587364f84df0e95ffb3cf9c8d82555c
name: qz.exe
sha1: 7e947224dcff13712a54fc90a4e07a47a83d6495
sha256: 88ff62fee5953a19fa3fcad80c5b4044c3aa86ab20f88c1dbf6aea21f81d6439
sha512: 94ebde9df0317cce7a5707329a939daebbc09c87a11f9ec0cca946d10d4889f670e2fe95e3258e47e5f82ec0504fff5656d4aa5948f67c0237ba1dc3e8e7525b
ssdeep: 24576:Y8Qm2fmyChKtuDk5uS+MgLhELrKvRhC85LQ3HsekCn77rqUys:3QVwhKMDquSSlELuRf3cTqUys
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: 51x6e38x620fx4e2dx5fc3
FileVersion: 3.0.0.0
CompanyName: 51x6e38x620fx4e2dx5fc3
ProductName: 51x4e03x6218
ProductVersion: 3.0.0.0
FileDescription: 51x4e03x6218 install
Translation: 0x0804 0x03a8

Adware.Ursu.459 (B) also known as:

MicroWorld-eScanGen:Variant.Adware.Ursu.459
CAT-QuickHealPUA.AgentRI.S8916463
McAfeeArtemis!7587364F84DF
CylanceUnsafe
K7AntiVirusAdware ( 004fef751 )
BitDefenderGen:Variant.Adware.Ursu.459
K7GWAdware ( 004fef751 )
SymantecML.Attribute.HighConfidence
APEXMalicious
GDataWin32.Application.Agent.6I9K3I
Kasperskynot-a-virus:HEUR:AdWare.Win32.Wews87.vho
AlibabaAdWare:Win32/Wews87.528e6c70
NANO-AntivirusRiskware.Win32.Wews87.hddzum
ViRobotAdware.Wews87.1358848
TencentWin32.Adware.Wews87.Ahop
EmsisoftGen:Variant.Adware.Ursu.459 (B)
ComodoMalware@#3u0f0bdgp43av
F-SecureHeuristic.HEUR/AGEN.1103073
DrWebWin32.HLLW.Autoruner2.33013
McAfee-GW-EditionArtemis!PUP
FireEyeGen:Variant.Adware.Ursu.459
SophosGeneric PUA NL (PUA)
IkarusPUA.Wews87
JiangminAdWare.Generic.ntwk
AviraProgramFilesDir/qizhan.exe
Antiy-AVLGrayWare[AdWare]/Win32.AGeneric
Endgamemalicious (high confidence)
ArcabitTrojan.Adware.Ursu.459
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Wews87.vho
MicrosoftPUA:Win32/CoinMiner
AhnLab-V3PUP/Win32.Agent.R329200
MAXmalware (ai score=84)
VBA32BScope.Adware.FileFinder
MalwarebytesPUP.Optional.Wews87
ESET-NOD32a variant of Win32/Wews87.B potentially unwanted
RisingTrojan.Generic@ML.94 (RDML:n8x6ky+xlfpqiatB5B98Iw)
FortinetRiskware/Generic_PUA_NL
AVGWin32:Adware-gen [Adw]
AvastWin32:Adware-gen [Adw]

How to remove Adware.Ursu.459 (B)?

Adware.Ursu.459 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment