Ulise.107524 (B) removal instruction

The Ulise.107524 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ulise.107524 (B) virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (12 unique times)
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Uses Windows utilities for basic functionality
Creates a hidden or system file
Attempts to modify proxy settings

Related domains:

share.weiyun.com

www.52xsu.com

www.bing.com

ocsp.dcocsp.cn

apps.identrust.com

crl3.digicert.com

crl4.digicert.com

crl.identrust.com

www.52su.net

apps.bdimg.com

ocsp.globalsign.com

ocsp2.globalsign.com

v1.cnzz.com

www.public-trust.com

How to determine Ulise.107524 (B)?


File Info:
crc32: B701F9AC
md5: e0e2ee53f00a7aab3978f2db4a902050
name: E0E2EE53F00A7AAB3978F2DB4A902050.mlw
sha1: bb8be3a17c43bd92ca5de0e650516eafc9d027d1
sha256: 6b9ba8c62f6141ee12d4b3e8bb65e7ba48b2bd0456f18c61975a5ceeed5e520a
sha512: 69c70ce1f1aba814ad73aeeb8d774efa1beff9723a7c7cf642397a085f046855eebb0ae03a5347c64f83cab059d4bc27595d6167280c2f63fbcab2360bbf5586
ssdeep: 12288:2nG7BnpAe9PiRXO/s3oFWZC+RqWWCezpZxLZlXpzme7+Sb/Xrpy4WhTLvfTFXpR:2G7Bye9PiRe/AoFWZtRvf3CbfEfFoHf
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
ProductVersion: 1.1.0.0
FileVersion: 1.1.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
FileDescription: x77edx4fe1x538bx529bx6d4bx8bd5
Translation: 0x0804 0x04b0

Ulise.107524 (B) also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ulise.107524
FireEye	Generic.mg.e0e2ee53f00a7aab
CAT-QuickHeal	Trojan.Wacatac
ALYac	Gen:Variant.Ulise.107524
Cylance	Unsafe
VIPRE	Trojan.Win32.OnlineGames
CrowdStrike	win/malicious_confidence_80% (W)
BitDefender	Gen:Variant.Ulise.107524
K7GW	Adware ( 005071f51 )
K7AntiVirus	Adware ( 005071f51 )
Cyren	W32/OnlineGames.HG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Alibaba	Trojan:Win32/Redcap.b9560a2c
Rising	Trojan.Generic@ML.99 (RDML:ZFLpDzyKkArez0pkmX+Pww)
Ad-Aware	Gen:Variant.Ulise.107524
Emsisoft	Gen:Variant.Ulise.107524 (B)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
F-Secure	Trojan.TR/Redcap.byiva
DrWeb	Trojan.DownLoader35.10430
Invincea	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
Avira	TR/Redcap.byiva
eGambit	Unsafe.AI_Score_99%
MAX	malware (ai score=80)
Antiy-AVL	GrayWare/Win32.FlyStudio.a
Microsoft	Trojan:Win32/Wacatac.A!ml
Arcabit	Trojan.Ulise.D1A404
GData	Win32.Application.PUPStudio.A
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!E0E2EE53F00A
VBA32	BScope.TrojanPSW.Fareit
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCall	TROJ_GEN.R002H09JV20
SentinelOne	DFI – Malicious PE
MaxSecure	Dropper.Dinwod.frindll
Fortinet	Riskware/Application
BitDefenderTheta	Gen:NN.ZexaF.34590.iv0@aWblFucb
AVG	Win32:Malware-gen
Cybereason	malicious.17c43b
Paloalto	generic.ml
Qihoo-360	Generic/Trojan.df0

How to remove Ulise.107524 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.