Malware

Ursu.193740 removal tips

Malware Removal

The Ursu.193740 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.193740 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine Ursu.193740?



File Info:

name: BD61213035046B7C2780.mlw
path: /opt/CAPEv2/storage/binaries/4f17442c0e88ea4cf80312094f9f0ed8e3bb6e448309a8afd57acd4be3f03cc9
crc32: 00EC6B45
md5: bd61213035046b7c2780b9077d5432eb
sha1: 206c713f6ee10db88228de90e720a4e4c6058426
sha256: 4f17442c0e88ea4cf80312094f9f0ed8e3bb6e448309a8afd57acd4be3f03cc9
sha512: b1ea879c635b491478d157425ce0b269bdb0207c2097c651daee4d0a82aa4a29be1774c9e1edb4866aba2ddb497cbbcb414628f5880953e796a351f27d79c311
ssdeep: 6144:EcqD2PX7OHSdLsZJzV3PBrj1naYTDZeOpoJPz+rIWIsUTvHfBhPSWAAN0E6dxLW5:lu2jOHSdLsZJzV3PBrj1naYTDZegoJP0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14D34E617BB21A02AF14388B07964E6AA292D7C331158ED0BB7426F6D25316E39DF171F
sha3_384: 2a1aea5947b5df96c98a1aac302d1830fe28fe0dad85d93ccfae919353b78e97cc4c7e7ce3be31d1583aa2435172b40b
ep_bytes: 689c2e4000e8f0ffffff000040000000
timestamp: 2018-04-25 09:24:16


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 番茄花园
ProductName: SQLJC
FileVersion: 4.04.0006
ProductVersion: 4.04.0006
InternalName: Ck
OriginalFilename: Ck.exe

Ursu.193740 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Ursu.193740
McAfeeArtemis!BD6121303504
CylanceUnsafe
SangforTrojan.Win32.Occamy.C4F
K7AntiVirusP2PWorm ( 004692d11 )
AlibabaTrojan:Win32/Generic.11224fc7
K7GWP2PWorm ( 004692d11 )
Cybereasonmalicious.035046
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/VB.QPN
APEXMalicious
Paloaltogeneric.ml
BitDefenderGen:Variant.Ursu.193740
NANO-AntivirusTrojan.Win32.VB.fbbyxh
AvastWin32:Malware-gen
TencentWin32.Trojan.Spy.Phpx
Ad-AwareGen:Variant.Ursu.193740
SophosMal/Generic-S
ComodoMalware@#1p5hf0zfwp887
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Rontokbro.dm
FireEyeGen:Variant.Ursu.193740
EmsisoftGen:Variant.Ursu.193740 (B)
GDataGen:Variant.Ursu.193740
AviraTR/Spy.Gen
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Occamy.C4F
ALYacGen:Variant.Ursu.193740
TrendMicro-HouseCallTROJ_GEN.R002H0CJ421
YandexTrojan.VB!fFH7X5ufi6U
IkarusTrojan.Win32.VB
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.QPN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A

How to remove Ursu.193740?

Ursu.193740 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment