Fochi.Ursu.10 removal tips

The Fochi.Ursu.10 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Fochi.Ursu.10 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Fochi.Ursu.10?


File Info:
name: 1117C426ACABF6668A97.mlw
path: /opt/CAPEv2/storage/binaries/6808a00a15fa35b63a77021fde0a38fbc78e8642cf9e01af5a505327d20eecc9
crc32: 12A8F32F
md5: 1117c426acabf6668a970d3931d15c6d
sha1: d38533508e256ee68e710f195ccdf31c66f7965c
sha256: 6808a00a15fa35b63a77021fde0a38fbc78e8642cf9e01af5a505327d20eecc9
sha512: 1813ef33ade162f27924d8a35d5c78c2811dfda195d8612cb55d28ba2b2d8fa2a7fc3dfeab3823e82232683b66e7de01a2468e4445926c08528619b3d0c337c5
ssdeep: 6144:IYK3ScM0CcZmYa7vXwK0bARCDvwZufWqf0dvY3r:lK33QPf5mDvw0+qcW3r
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T103547B66B30D963BEEFFE63B0897FFA6D593630C30D670D4651846287A10170E66BE09
sha3_384: 84be025a34fc558152c4456fcec7809a7b87b2a681245638a5ee3edd295b4fb96261c9fb16af4db17f22845daace910b
ep_bytes: 4883ec28c705b28b040001000000e85d
timestamp: 2018-04-07 02:15:04

Version Info:
0: [No Data]

Fochi.Ursu.10 also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Fochi.Ursu.10
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Symantec	Backdoor.Cobalt
ESET-NOD32	a variant of Win64/CobaltStrike.Artifact.J
APEX	Malicious
ClamAV	Win.Countermeasure.LoaderWinGeneric-9804846-1
Kaspersky	HEUR:Trojan.Win64.Agent.gen
BitDefender	Gen:Variant.Fochi.Ursu.10
MicroWorld-eScan	Gen:Variant.Fochi.Ursu.10
Avast	Win64:Malware-gen
Ad-Aware	Gen:Variant.Fochi.Ursu.10
Emsisoft	Gen:Variant.Fochi.Ursu.10 (B)
McAfee-GW-Edition	BehavesLike.Win64.Generic.dc
FireEye	Generic.mg.1117c426acabf666
Sophos	ML/PE-A
Ikarus	Trojan.Win64.Cobaltstrike
GData	Gen:Variant.Fochi.Ursu.10
Jiangmin	Trojan.Agent.clnl
Avira	HEUR/AGEN.1137815
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Generic.ASMalwS.2D16F1C
Arcabit	Trojan.Fochi.Ursu.10
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Malware/Win64.RL_Generic.R263745
Rising	Backdoor.CobaltStrike/x64!1.D067 (CLASSIC)
Yandex	Trojan.GenAsa!iFICT4LrtTQ
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_82%
Fortinet	W64/Kryptik.BVR!tr
AVG	Win64:Malware-gen
Cybereason	malicious.6acabf
MaxSecure	Trojan.Malware.300983.susgen

How to remove Fochi.Ursu.10?

Fochi.Ursu.10 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X