Ursu.384109 removal instruction

The Ursu.384109 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.384109 virus can do?

Unconventionial language used in binary resources: Turkish
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Ursu.384109?


File Info:
name: FFC13C80ED8BE0C00578.mlw
path: /opt/CAPEv2/storage/binaries/5e954496652c455ebf0bc6577a024c10d7952066118654886f0d031305d03d51
crc32: 6B652B93
md5: ffc13c80ed8be0c0057898b34aee85ef
sha1: 6beb416048a69c37b9ce632e61da0efa56ffedcb
sha256: 5e954496652c455ebf0bc6577a024c10d7952066118654886f0d031305d03d51
sha512: c85fca37e1ecdca2a382d4ab84f70e176439ad565897c57490cad99ab606ebe6dbbff2e59ed4c5623b5b55b092a4e4f7c475939657123362236a1a0872482eff
ssdeep: 192:nGh+jfCvqrlCZKmQDM4gVF1a+WefeVlHmTAZbebAtMGV18gghIljZ:nGh+jqvqhFP8F1a+B4lHmzTGf80l1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A330943772A8D17E066497D1E03022A2BCABD21DD15B866721C3BBB2F320C6EE45E71
sha3_384: 672a98ee9f11a23e2e6e59e1289fb77fcfd7fa286363aec449687375c2604f7bf03ed2308699754e8ae3b74fbf1f8bd8
ep_bytes: 60be00d043008dbe0040fcff5783cdff
timestamp: 2011-04-20 17:11:34

Version Info:
Comments: 
CompanyName: Sun Microsystems, Inc.
FileDescription: Java(TM) Platform SE binary
FileVersion: 6.0.150.3
InternalName: jusched
LegalCopyright: Copyright © 2011
LegalTrademarks: Sun Microsystems, Inc.
OriginalFilename: jusched
PrivateBuild: 
ProductName: Java(TM) Platform SE 6 U15
ProductVersion: 6.0.150.3
SpecialBuild: 
Translation: 0x0000 0x04b0

Ursu.384109 also known as:

Bkav	W32.AIDetectMalware
AVG	TrojanX-gen [Trj]
MicroWorld-eScan	Gen:Variant.Ursu.384109
Skyhigh	BehavesLike.Win32.Generic.qz
ALYac	Gen:Variant.Ursu.384109
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.0ed8be
BitDefenderTheta	Gen:NN.ZexaF.36802.dm0@aGzOphbO
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Avast	TrojanX-gen [Trj]
ClamAV	Legacy.Trojan.Agent-1388589
BitDefender	Gen:Variant.Ursu.384109
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1334820
VIPRE	Gen:Variant.Ursu.384109
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.ffc13c80ed8be0c0
Emsisoft	Gen:Variant.Ursu.384109 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1334820
MAX	malware (ai score=80)
Microsoft	Trojan:Win32/Phonzy.B!ml
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Trojan.Ursu.D5DC6D
GData	Gen:Variant.Ursu.384109
Google	Detected
McAfee	Artemis!FFC13C80ED8B
Cylance	unsafe
Rising	Malware.FakeFolder/ICON!1.6ABC (CLASSIC)
Ikarus	Virus.Worm.Palevo
Fortinet	W32/ULPM.2C75!tr
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan:Win/Ursu

How to remove Ursu.384109?

Ursu.384109 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X