Malware

What is “Ursu.266216”?

Malware Removal

The Ursu.266216 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ursu.266216 virus can do?

  • Network activity detected but not expressed in API logs

How to determine Ursu.266216?


File Info:

crc32: FFE15990
md5: 0e9bbf130c496a3ab72cd769e8cd539a
name: 0E9BBF130C496A3AB72CD769E8CD539A.mlw
sha1: a403efd98438432f1beaab845f45b6aa0f1e4d98
sha256: 4e7678bfa4bd0656d406b6452f501cb54fcc6ddc7c9debde66fda39415c2222f
sha512: 5fa6d5ffe5b22104e522041e31d006b78313b9534512030b30698c87ef3bfbe898339bdd7c3a5c02111a7fa919f678c0bb2e87991ff684f5c50633ab08128cce
ssdeep: 3072:TCVUBhIbE0W02CECXtpaqGwlkZfIVvHw8+tMa1WXUDdg+KJJJAHHaS:GtbEvVC/eKmIQicm
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:
Assembly Version: 1.0.0.0
InternalName: Runtime Broker.exe
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
FileDescription:
OriginalFilename: Runtime Broker.exe

Ursu.266216 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoader18.21266
ClamAVWin.Malware.Ursu-7458687-0
ALYacGen:Variant.Ursu.266216
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Ursu.266216
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.NIT
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.MSIL.Generic
MicroWorld-eScanGen:Variant.Ursu.266216
Ad-AwareGen:Variant.Ursu.266216
SophosML/PE-A + Troj/MSIL-GEB
BitDefenderThetaAI:Packer.80076D281F
FireEyeGeneric.mg.0e9bbf130c496a3a
EmsisoftGen:Variant.Ursu.266216 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1108921
eGambitUnsafe.AI_Score_99%
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ArcabitTrojan.Ursu.D40FE8
ZoneAlarmHEUR:Trojan.MSIL.Generic
GDataGen:Variant.Ursu.266216
MAXmalware (ai score=84)
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.FPS!tr

How to remove Ursu.266216?

Ursu.266216 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment