Malware

Ursu.371893 removal instruction

Malware Removal

The Ursu.371893 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.371893 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ursu.371893?



File Info:

name: D058E06F540B21C619DF.mlw
path: /opt/CAPEv2/storage/binaries/96cb9f6f82bddbe1543407b142127d67cbb43b2ff59b98f7c3507d5dfae198e4
crc32: 018DC9C8
md5: d058e06f540b21c619dfefc30318d7bb
sha1: df3c2730ec47b055413b1b994f5e8671f9a5dec4
sha256: 96cb9f6f82bddbe1543407b142127d67cbb43b2ff59b98f7c3507d5dfae198e4
sha512: 86a1a4af94a301042e77d6b9e424c060021455250f029c7aa56b0ce6f4cfb58586508229ad50e1fceb37ed543d882f5792057fe01a0d6fdc15cd799b4111e418
ssdeep: 12288:iVjwKL7Sx40T+xME6mRGm5xwqXLiHomv7KkW:iVjXax5KxkmRGm5eq7iImv7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4E4F3245BD4E26EE26222B6598074B008581E3526DF01DAC3F3FDBE3E6B7E1E558473
sha3_384: 6739f82cceaf3c47845e5f65c8726b91094f3de343af32a63c72b55f5d569b5817cf6838540aaa6e25af914c20bbf047
ep_bytes: 558bec6aff6840cc410068a6f2400064
timestamp: 2016-12-06 11:19:57


Version Info:

FileDescription: flat assembler
LegalCopyright: Copyright © 1999-2019 Tomasz Grysztar.
FileVersion: 0.99.02
ProductVersion: 1.73.06
OriginalFilename: FASMW.EXE
Translation: 0x0409 0x0000

Ursu.371893 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Weelsof.4!c
AVGWin32:Trojan-gen
DrWebTrojan.Kronos.21
MicroWorld-eScanGen:Variant.Ursu.371893
FireEyeGeneric.mg.d058e06f540b21c6
McAfeeArtemis!D058E06F540B
Cylanceunsafe
SangforTrojan.Win32.Kryptik.GOVE
K7AntiVirusTrojan ( 005460ce1 )
AlibabaTrojan:Win32/Weelsof.c2e4f5c6
K7GWTrojan ( 005460ce1 )
Cybereasonmalicious.f540b2
BitDefenderThetaGen:NN.ZexaF.36318.Pu0@aib3yig
VirITTrojan.Win32.Kronos.V
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.GOVE
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ursu.371893
NANO-AntivirusTrojan.Win32.Kronos.fmjitm
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Gkjl
EmsisoftGen:Variant.Ursu.371893 (B)
F-SecureHeuristic.HEUR/AGEN.1341019
VIPREGen:Variant.Ursu.371893
TrendMicroTrojanSpy.Win32.AZDEN.SM
McAfee-GW-EditionBehavesLike.Win32.Lockbit.jc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Agent
GDataGen:Variant.Ursu.371893
JiangminTrojan.Weelsof.ax
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1341019
Antiy-AVLTrojan/Win32.Weelsof
XcitiumMalware@#uerk1sb4ocae
ArcabitTrojan.Ursu.D5ACB5
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Weelsof.RYM!MTB
GoogleDetected
AhnLab-V3Trojan/Win32.Generic.C2997596
Acronissuspicious
VBA32BScope.Trojan.Weelsof
ALYacGen:Variant.Ursu.371893
TACHYONTrojan/W32.Weelsof.675840
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.AZDEN.SM
RisingTrojan.Generic@AI.90 (RDML:P+TZAkJFXvavjCS2SupKqA)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GSFW!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ursu.371893?

Ursu.371893 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment