Ursu.119196 removal instruction

The Ursu.119196 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.119196 virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Ursu.119196?


File Info:
name: 95D3A63729814986654B.mlw
path: /opt/CAPEv2/storage/binaries/b1f8097482905f733aeabff9e1fa0f676a39c9690937274bdbb087f8d4639322
crc32: 36144CFB
md5: 95d3a63729814986654b79e66b29a262
sha1: 5fb4bec2c5d8e77db96ab9bf620057f2f04b6c2a
sha256: b1f8097482905f733aeabff9e1fa0f676a39c9690937274bdbb087f8d4639322
sha512: f8ca5c17707d5f1b48bc68b8c5a60a71724605886914c3331113f6876570bd53b265bc88ede8d69c509f063d45038b053ac28c7aa340788364bc9aea632b3eb5
ssdeep: 3072:IkIDwMzRGyisgXPDhE2rKKtAQKYPapuJCkIAHuYTs8U+Nwy8bhpgENIf5eOTx:xVM8wgXPD6YK1gf/s8tNwZhpgEKfEO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12D24D00136C3C390D8692172C5EF155903E1AB8F12F3F35A3D4AB6ED46177D26D2AB8A
sha3_384: 09c2580406129ecfaf180720c603c4b74296f36825e5d8b3b136dedbca2aefbc29b8575dfbbf76069cbb7bb3ba90b778
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-03-27 09:18:30

Version Info:
Translation: 0x0000 0x04b0
FileDescription: Windows Defender
FileVersion: 1.0.0.0
InternalName: Windows Defender.exe
LegalCopyright: Copyright ©  2020
OriginalFilename: Windows Defender.exe
ProductName: Windows Defender
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.119196 also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Generic.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader33.27670
MicroWorld-eScan	Gen:Variant.Ursu.119196
FireEye	Generic.mg.95d3a63729814986
Skyhigh	Artemis!Trojan
McAfee	Artemis!95D3A6372981
Malwarebytes	Trojan.Agent
VIPRE	Gen:Variant.Ursu.119196
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005013a51 )
Alibaba	Backdoor:MSIL/Kryptik.f8bd484b
K7GW	Trojan ( 005013a51 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Ursu.D1D19C
BitDefenderTheta	Gen:NN.ZemsilF.36744.nq0@aSOjafm
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.HZJ
APEX	Malicious
Kaspersky	HEUR:Backdoor.MSIL.Generic
BitDefender	Gen:Variant.Ursu.119196
NANO-Antivirus	Trojan.Win32.Kryptik.icbkwo
Avast	Win32:Trojan-gen
Rising	Malware.Obfus/MSIL@AI.96 (RDM.MSIL2:aLQkoDkEdNG8AM/ZL4RJvg)
Emsisoft	Gen:Variant.Ursu.119196 (B)
F-Secure	Heuristic.HEUR/AGEN.1326965
Zillya	Trojan.Kryptik.Win32.1972187
TrendMicro	TROJ_GEN.R002C0GBI24
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	HEUR/AGEN.1326965
MAX	malware (ai score=81)
Antiy-AVL	Trojan[Backdoor]/MSIL.Bladabindi
Kingsoft	malware.kb.c.997
Gridinsoft	Ransom.Win32.Bladabindi.sa
Microsoft	Backdoor:MSIL/Bladabindi
ZoneAlarm	HEUR:Backdoor.MSIL.Generic
GData	Gen:Variant.Ursu.119196
AhnLab-V3	Malware/Win32.Generic.C977085
ALYac	Gen:Variant.Ursu.119196
Cylance	unsafe
Panda	Trj/GdSda.A
Tencent	Msil.Backdoor.Generic.Zolw
Ikarus	Trojan.Injector
Fortinet	MSIL/Generic.HZJ!tr.bdr
AVG	Win32:Trojan-gen
Cybereason	malicious.2c5d8e
DeepInstinct	MALICIOUS

How to remove Ursu.119196?

Ursu.119196 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X