Malware

Ursu.152098 (B) removal guide

Malware Removal

The Ursu.152098 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.152098 (B) virus can do?

  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • ‘Google Drive’ in HTML Title but connection is not HTTPS. Possibly indicative of phishing.
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
xred.mooo.com
freedns.afraid.org
ocsp.pki.goog

How to determine Ursu.152098 (B)?



File Info:

crc32: 96F16873
md5: fe788f5565c4b0afbff28073f7b5ff12
name: vs_community__2141795133.1574218114.exe
sha1: 89b8da84193eb007f171496bae2b8068a47b3ba6
sha256: dff9c048ef9de9c3fa8a148e8cc4d848f1ab58fbb7b6319598f24946f84dc247
sha512: 43af28e777d33cb97f72db6ca582e98a98bec07444597d75473afef90f37c777b1c0a97945c9dae1655e793438bfa8dfe9fda77958b8a78e26d3654baf6f7dbb
ssdeep: 49152:VnsHyjtk2MYC5GDj22xfVHZq+SvKA1ox4oXRAfdGDa4LHbV35WJ:Vnsmtk2as22xfVHo+IzCx9imvVsJ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: 
InternalName: 
FileVersion: 1.0.0.4
CompanyName: Synaptics
LegalTrademarks: 
Comments: 
ProductName: Synaptics Pointing Device Driver
ProductVersion: 1.0.0.0
FileDescription: Synaptics Pointing Device Driver
OriginalFilename: 
Translation: 0x041f 0x04e6

Ursu.152098 (B) also known as:

MicroWorld-eScanGen:Variant.Ursu.152098
FireEyeGeneric.mg.fe788f5565c4b0af
McAfeeGenericRXCB-VC!FE788F5565C4
CylanceUnsafe
VIPREBehavesLike.Win32.Malware.eah (mx-v)
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Ursu.152098
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.565c4b
Invinceaheuristic
CyrenPP97M/Script.gen
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Malware.Delf-6899401-0
GDataGen:Variant.Ursu.152098
KasperskyBackdoor.Win32.DarkKomet.hqxy
NANO-AntivirusTrojan.Win32.DarkKomet.fazbwq
AvastWin32:Zorex-E [Wrm]
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Ursu.152098 (B)
ComodoVirus.Win32.Agent.DE@74b38h
F-SecureTrojan:W97M/MaliciousMacro.GEN
DrWebTrojan.DownLoader22.9658
ZillyaTrojan.Delf.Win32.76144
TrendMicroTROJ_SYMMI_GA250982.UVPM
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SophosElReceptor Keyboard Hook (PUA)
IkarusVirus.Win32.Delf
F-ProtPP97M/Script.gen
JiangminTrojan.Generic.bhoqf
WebrootW32.Malware.gen
AviraJS/Dldr.Agent.gqrxn
ArcabitHEUR.VBA.Trojan.d
ZoneAlarmBackdoor.Win32.DarkKomet.hqxy
MicrosoftWorm:Win32/AutoRun.XXY!bit
AhnLab-V3Win32/Zorex
Acronissuspicious
BitDefenderThetaAI:Packer.F5AF03D517
ALYacGen:Variant.Ursu.152098
MAXmalware (ai score=82)
VBA32BScope.Backdoor.DarkKomet
MalwarebytesTrojan.Agent
ESET-NOD32Win32/Delf.NBX
TrendMicro-HouseCallTROJ_SYMMI_GA250982.UVPM
RisingBackdoor.Agent!1.BF3D (CLASSIC)
YandexBackDoor.Optix!
SentinelOneDFI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Delf.NBX!tr
Ad-AwareGen:Variant.Ursu.152098
AVGWin32:Zorex-E [Wrm]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM41.1.9003.Malware.Gen

How to remove Ursu.152098 (B)?

Ursu.152098 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment