Ursu.125369 removal tips

The Ursu.125369 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.125369 virus can do?

Unconventionial language used in binary resources: Vietnamese
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Ursu.125369?


File Info:
name: C34646F3BF6E556C16F6.mlw
path: /opt/CAPEv2/storage/binaries/c297dd19734952e821e39dcdbb681a295d5be6db0d7497983beef54565e1adff
crc32: 47912CA9
md5: c34646f3bf6e556c16f6d0b979ee236f
sha1: dad183760f9b8c4286cb77a3845ec6dca8744ffd
sha256: c297dd19734952e821e39dcdbb681a295d5be6db0d7497983beef54565e1adff
sha512: 2b380534969bfaa9f15e7f76d9bd416a2a7f869c183858b2397b222c5815619a76d6d7d7412a63e6b5afcf7d91d6516f152cc72bfe9fdd8e5f75dae5c4db2b34
ssdeep: 6144:sbB4hdVVRg7kUaeVqMh87yIhZ1GP56bVa+2ibjA/82/Cu1h/:suhVRg7kUnVq37yIhZ1GPgpa1i3A/lCq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17B741288E54EE221F2A80BF2A866ED3F1C786FF718A528DDED811D3B4F51E540874674
sha3_384: 701b14c9620ba7cb2f576200f93be898f4cc82bed0f574685e1db2fa1a15f1c06f0d723e1b9aba7b1c3dad1c64c50806
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-07-28 09:42:33

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: SQL Writter JSS
FileVersion: 1.0.0.0
InternalName: stub2.exe
LegalCopyright: Copyright ©  2018
LegalTrademarks: 
OriginalFilename: stub2.exe
ProductName: SQL Writter JSS
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.125369 also known as:

Bkav	W32.AIDetectMalware.CS
AVG	Win32:Malware-gen
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ursu.125369
FireEye	Generic.mg.c34646f3bf6e556c
Skyhigh	BehavesLike.Win32.Trojan.fc
McAfee	Artemis!C34646F3BF6E
Malwarebytes	MachineLearning/Anomalous.100%
VIPRE	Gen:Variant.Ursu.125369
Sangfor	Trojan.MSIL.Agent.gen
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanSpy:MSIL/GenKryptik.af452e89
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_90% (D)
VirIT	Trojan.Win32.Dnldr22.BHJG
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/GenKryptik.CGQE
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.Agent.gen
BitDefender	Gen:Variant.Ursu.125369
NANO-Antivirus	Trojan.Win32.GenKryptik.figxrj
Avast	Win32:Malware-gen
Tencent	Msil.Trojan-Spy.Agent.Wylw
Emsisoft	Gen:Variant.Ursu.125369 (B)
F-Secure	Trojan.TR/Spy.Agent.uumsf
DrWeb	Trojan.DownLoader22.22548
Zillya	Trojan.Agent.Win32.918015
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanSpy.MSIL.xxh
Avira	TR/Spy.Agent.uumsf
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Spy]/MSIL.Agent
Microsoft	Backdoor:Win32/Xiclog.A
Xcitium	Malware@#3lb3yb60fqxpd
Arcabit	Trojan.Ursu.D1E9B9
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Agent.gen
GData	Gen:Variant.Ursu.125369
Google	Detected
AhnLab-V3	Backdoor/Win32.Xiclog.C2676548
BitDefenderTheta	Gen:NN.ZemsilF.36802.wm0@aW@Qt1eG
ALYac	Gen:Variant.Ursu.125369
Cylance	unsafe
Panda	Trj/CI.A
Rising	Backdoor.Xiclog!8.E79B (CLOUD)
Yandex	Trojan.GenKryptik!+sia9E9s6ds
Ikarus	Trojan.MSIL.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent!tr
DeepInstinct	MALICIOUS

How to remove Ursu.125369?

Ursu.125369 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X