Malware

Ursu.208604 removal guide

Malware Removal

The Ursu.208604 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.208604 virus can do?

  • Dynamic (imported) function loading detected
  • Possible date expiration check, exits too soon after checking local time
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine Ursu.208604?



File Info:

name: DBF2A6ED9BE03F97E8FA.mlw
path: /opt/CAPEv2/storage/binaries/0ee599906f0d95cb18fbb8be824676707b2408e74e450a68175b47972f16615f
crc32: EF07DE29
md5: dbf2a6ed9be03f97e8fa70b56a29aad2
sha1: 8ac09cd032fbc42025326070a52aed2e41d09650
sha256: 0ee599906f0d95cb18fbb8be824676707b2408e74e450a68175b47972f16615f
sha512: 35f463257b47c6e079c0b82bbd8f522e7cdcf0e5f00493c2e7ec886d4b1ff322b7582e7009f922fff24e36e09f5a0a4af4e1ae8ff06848b1563dd9633b678769
ssdeep: 384:86y7r+QbckZi8RlHJBq9R8rvTaQwIS2HiUoc0vwtokwOwq6uN5jpwW3PVobbwADp:86yrRlHJBaQbi9Q3PVAhjr4At
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164D24A7271940167E6BE6F72516F16650332BE46A92AEB8D0DCA31CA5CB33408722F67
sha3_384: 5f520ebdc53bd7eccc12c6340ff267ced7142d3f8cf9dbdddfd6d66ca5e9f6b06266039637f19e96dc75b075025ecdc5
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-04-13 15:53:17


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: ChangeLanguage
FileVersion: 6.8.0.0
InternalName: ChangeLanguage.exe
LegalCopyright: Copyright ©  2009-2016
LegalTrademarks: 
OriginalFilename: ChangeLanguage.exe
ProductName: 
ProductVersion: 6.8.0.0
Assembly Version: 6.8.0.0

Ursu.208604 also known as:

MicroWorld-eScanGen:Variant.Ursu.208604
CAT-QuickHealPUA.AgentFC.S23210048
ALYacGen:Variant.Ursu.208604
CylanceUnsafe
CyrenW32/Trojan.DFR.gen!Eldorado
SymantecTrojan.Gen
APEXMalicious
BitDefenderGen:Variant.Ursu.208604
NANO-AntivirusTrojan.Win32.Mlw.fcygaj
AvastFileRepMalware
TencentWin32.Trojan.Generic.Wwec
Ad-AwareGen:Variant.Ursu.208604
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!Trojan
FireEyeGen:Variant.Ursu.208604
EmsisoftGen:Variant.Ursu.208604 (B)
GDataGen:Variant.Ursu.208604
JiangminTrojan.Generic.bguzi
MAXmalware (ai score=83)
MicrosoftTrojan:Win32/Occamy.C0E
McAfeeArtemis!DBF2A6ED9BE0
TrendMicro-HouseCallTROJ_GEN.R002H0CJL21
YandexTrojan.Agent!evPWC+SzbS4
FortinetW32/Generic!tr
AVGFileRepMalware
Cybereasonmalicious.d9be03
PandaTrj/GdSda.A

How to remove Ursu.208604?

Ursu.208604 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment