How to remove "Ursu.344462"?

The Ursu.344462 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.344462 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Code injection with CreateRemoteThread in a remote process
Sniffs keystrokes
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Creates known SpyNet mutexes and/or registry changes.

Related domains:

z.whorecord.xyz

a.tomx.xyz

koko35.ddns.net

How to determine Ursu.344462?


File Info:
crc32: C151EAED
md5: 4946d61aa35613e05e42e4efef9d0ff6
name: 4946D61AA35613E05E42E4EFEF9D0FF6.mlw
sha1: 9a9f1ce7eaa69862bb4f0184e6f47d5bd0c6d7bf
sha256: 03343202df885cea05f80dcebfd5f34500e8f297fa6a7a128a0b3ebd8a6f508b
sha512: becd995704a409fe5f2cfc53327e70c4f4d2857d7c8a0843d7738a22ab7546037cbfb0aa2834458ab53ec59777af7ed2eeb79280f15736165b98125557cfb599
ssdeep: 12288:3CTGHjDsQvhirRwG7A1ByoiN2CSDNdciaX:Hj4QvhyRbMXJdci
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2004
Assembly Version: 94.57.35.58
InternalName: 333.EXE
FileVersion: 17.54.73.89
Comments: WindowsApplication30
ProductName: WindowsApplication30
ProductVersion: 17.54.73.89
FileDescription: WindowsApplication30
OriginalFilename: 333.EXE

Ursu.344462 also known as:

K7AntiVirus	Trojan ( 0054115a1 )
Lionic	Trojan.MSIL.Llac.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.15250
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ursu.344462
Cylance	Unsafe
Zillya	Trojan.Llac.Win32.59998
Sangfor	Trojan.Win32.GenericKD.40773920
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:MSIL/Kryptik.14d4456b
K7GW	Trojan ( 0054115a1 )
Cybereason	malicious.aa3561
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.QDX
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.MSIL.Llac.gen
BitDefender	Gen:Variant.Ursu.344462
NANO-Antivirus	Trojan.Win32.Llac.fkwpfv
MicroWorld-eScan	Gen:Variant.Ursu.344462
Tencent	Win32.Backdoor.Cybergate.Uijs
Ad-Aware	Gen:Variant.Ursu.344462
Sophos	Mal/Generic-S
Comodo	Malware@#2i9pytxdf1xs6
BitDefenderTheta	Gen:NN.ZemsilF.34294.Nq0@aaLLsd
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
FireEye	Generic.mg.4946d61aa35613e0
Emsisoft	Gen:Variant.Ursu.344462 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Dropper.MSIL.Gen
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.2983190
Microsoft	Worm:Win32/Rebhip
GData	Gen:Variant.Ursu.344462
AhnLab-V3	Trojan/Win32.Bladabindi.C2892755
McAfee	Artemis!4946D61AA356
MAX	malware (ai score=100)
VBA32	CIL.StupidPInvoker-2.Heur
Malwarebytes	MachineLearning/Anomalous.95%
Panda	Trj/GdSda.A
Yandex	Trojan.Llac!Nl5KCPBWfLU
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.QDX!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ursu.344462?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Ursu.344462”?