Malware

Ursu.335689 removal

Malware Removal

The Ursu.335689 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.335689 virus can do?

  • Executable code extraction
  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs

How to determine Ursu.335689?



File Info:

crc32: 641C5EA8
md5: 48ef190e917a315c152787dc2d0caa52
name: kspos.base.exe
sha1: a351e1b33226e30e3c8f5828a8a9fd4cecd03ff5
sha256: a0e37346189717bae1bde9466b42198ae6cbf93683e978373bc9328de4662127
sha512: e1936f2e04b9c41b38ff83591becdfccd33c0d776f126a2ef43420f298bcc389ba82ee255027f1e3f0fbc5a77b069abe2db7414b75bd9e181c0a937f014b2540
ssdeep: 6144:i/Cd1wh7PIj5E71xIgFQV7uMLTJOrjgy9Fjp6HolGFo7/bh2NN8DEf:i/Cd1wqe71SgK9uMnEIAZAHofDIQIf
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

Translation: 0x0412 0x04b0
LegalCopyright: KSNET Inc.
InternalName: kspos.base
FileVersion: 1.40.0022
CompanyName: KSNET Inc.
LegalTrademarks: KSPOS
Comments: xae30xcd08xc790xb8cc
ProductName: KSPOS.BASE
ProductVersion: 1.40.0022
FileDescription: build '10.1.25
OriginalFilename: kspos.base.exe

Ursu.335689 also known as:

MicroWorld-eScanGen:Variant.Ursu.335689
CAT-QuickHealTrojan.IGENERIC
BitDefenderGen:Variant.Ursu.335689
TrendMicroTROJ_GEN.R03BC0OKF18
CyrenW32/Trojan.QKOJ-9251
SymantecBackdoor.Trojan
TrendMicro-HouseCallTROJ_GEN.R03BC0OKF18
Paloaltogeneric.ml
GDataGen:Variant.Ursu.335689
RisingPUA.Presenoker!8.F608 (CLOUD)
Ad-AwareGen:Variant.Ursu.335689
SophosMal/Generic-S
ComodoMalware@#rkzrqprcddkt
F-SecureBackdoor.BDS/Agent.ihego
DrWebBACKDOOR.Trojan
McAfee-GW-EditionBehavesLike.Win32.Trojan.fc
EmsisoftGen:Variant.Ursu.335689 (B)
IkarusBackdoor.Agent
AviraBDS/Agent.ihego
MicrosoftPUA:Win32/Presenoker
McAfeeRDN/Generic BackDoor
CylanceUnsafe
PandaTrj/GdSda.A
ArcabitTrojan.Ursu.D51F49
YandexBackdoor.Agent!kVqiQMihf4Q
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
AvastWin32:Malware-gen
Qihoo-360Win32/Trojan.0f1

How to remove Ursu.335689?

Ursu.335689 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment