Adware

What is “Adware.Ursu.459”?

Malware Removal

The Adware.Ursu.459 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Adware.Ursu.459 virus can do?

  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Adware.Ursu.459?


File Info:

crc32: E77209A7
md5: 2a7c5379075247ca403a1dbf3138b245
name: youxiaahdts.exe
sha1: d36bca64ab54ec0c64923cacbeb980eb7009e415
sha256: 8140fbc009ff590f28887722af3b37919b233fdefa667b13caea7623973be5df
sha512: 3eba6f93aa70c3fa29dbef5741cb2782aa567cc1d8d68aebf409d588dcc12ea337afa953ebbc0849982f3e81cf3e66052974087448e1364fd1d23e4d6bdf77c4
ssdeep: 24576:hv+3npwTxbdUnkPphD89vUEOBINIwBd4g6AcwK/N4:t+5wT9DwvUjSNN3cI
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x6e38x4fa0x7f51x6e38x620fx4e2dx5fc3
FileVersion: 3.0.0.0
CompanyName: x6e38x4fa0x7f51x6e38x620fx4e2dx5fc3
ProductName: x6e38x4fa0x6697x9ed1x5927x5929x4f7f
ProductVersion: 3.0.0.0
FileDescription: x6e38x4fa0x6697x9ed1x5927x5929x4f7f install
Translation: 0x0804 0x03a8

Adware.Ursu.459 also known as:

DrWebWin32.HLLW.Autoruner2.33013
MicroWorld-eScanGen:Variant.Adware.Ursu.459
FireEyeGeneric.mg.2a7c5379075247ca
CAT-QuickHealPUA.AgentRI.S8916463
McAfeeArtemis!2A7C53790752
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusAdware ( 004fef751 )
BitDefenderGen:Variant.Adware.Ursu.459
K7GWAdware ( 004fef751 )
SymantecTrojan.Gen.MBT
APEXMalicious
GDataGen:Variant.Adware.Ursu.459
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
AlibabaAdWare:Win32/Wews87.64672f26
NANO-AntivirusRiskware.Win32.Autoruner2.hlaanl
SUPERAntiSpywareAdware.Wews87/Variant
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Adware.Ursu.459 (B)
ComodoApplicUnwnt@#2602ry4g1p26
F-SecureHeuristic.HEUR/AGEN.1103073
ZillyaAdware.Generic.Win32.132550
Invinceaheuristic
McAfee-GW-EditionArtemis!PUP
SophosGeneric PUA EL (PUA)
IkarusPUA.Wews87
JiangminAdWare.Generic.ntwk
AviraProgramFilesDir/ahdts.exe
Antiy-AVLGrayWare/Win32.Wews87
MicrosoftPUA:Win32/CoinMiner
ArcabitTrojan.Adware.Ursu.459
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.Generic
CynetMalicious (score: 85)
AhnLab-V3PUP/Win32.RL_Generic.R295452
MAXmalware (ai score=85)
VBA32BScope.Adware.FileFinder
MalwarebytesPUP.Optional.Wews87
ESET-NOD32a variant of Win32/Wews87.B potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002H0CF920
RisingPUA.Wews87!8.642 (RDMK:cmRtazqXC+yfStFOHSPmmYf49uFs)
FortinetAdware/Generic
AVGWin32:Adware-gen [Adw]
AvastWin32:Adware-gen [Adw]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Adware.Ursu.459?

Adware.Ursu.459 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment