Malware

What is “Ursu.42906”?

Malware Removal

The Ursu.42906 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ursu.42906 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects the presence of Wine emulator via function name
  • Deletes its original binary from disk
  • Network activity detected but not expressed in API logs
  • Attempts to identify installed analysis tools by a known file location
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Detects Sandboxie using a known mutex
  • Creates a copy of itself
  • Checks for a known DeepFreeze Frozen State Mutex
  • Collects information to fingerprint the system

How to determine Ursu.42906?



File Info:

crc32: 1C70D6E9
md5: ccfd136aceb6697a6392feece6eb3f48
name: CCFD136ACEB6697A6392FEECE6EB3F48.mlw
sha1: 3abf2708de0911a8b3c8cee7073239466b994b1f
sha256: 9dfd70827d927db949a527f4dc231c7a24fd48a0d974ebe37dcfc5042910b072
sha512: e0359cf4e55245f92c2cc61c72d81348d643ce3ef2b4c3f2ea1a01eb992acc4c8633126493333b706e2995d9231ea827a0f0e4c33382f5915b4e943281d5a601
ssdeep: 6144:Q7yR9r0S1J7lf2IuZHrh4fF8rRHw61rEwchYORzYeA:nR9r7RmrhLS6WwchYORzYeA
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xc2xa9. McAfee, Inc.
InternalName: Yahoo Parentform
CompanyName: McAfee, Inc.
PrivateBuild: 4.7.2.394
ProductName: Yahoo Parentform
Languages: English
ProductVersion: 4.7.2.394
FileDescription: Retry Prvisinal Ragged Amyotrophic Instability
OriginalFilename: Yahoo Parentform.exe
Translation: 0x0409 0x04b0

Ursu.42906 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusSpyware ( 0051fc171 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop7.54917
CynetMalicious (score: 100)
ALYacGen:Variant.Ursu.42906
CylanceUnsafe
ZillyaTrojan.GenericKD.Win32.124070
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaTrojanDropper:Win32/Macrodrop.4d706336
K7GWSpyware ( 0051fc171 )
Cybereasonmalicious.aceb66
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.ADC
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Dropper.Win32.Macrodrop.be
BitDefenderGen:Variant.Ursu.42906
NANO-AntivirusTrojan.Win32.Macrodrop.ewensw
SUPERAntiSpywareRansom.GandCrab/Variant
MicroWorld-eScanGen:Variant.Ursu.42906
TencentWin32.Trojan-dropper.Macrodrop.Tdpt
Ad-AwareGen:Variant.Ursu.42906
SophosMal/Generic-S
ComodoMalware@#rdcjvyu9j6pt
BitDefenderThetaGen:NN.ZexaF.34690.By0@aOA0q8ji
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Worm.gh
FireEyeGeneric.mg.ccfd136aceb6697a
EmsisoftGen:Variant.Ursu.42906 (B)
WebrootInfostealer.Rultazo.Gen
AviraTR/AD.MalwareCrypter.ywmae
eGambitGeneric.Malware
Antiy-AVLTrojan/Generic.ASMalwS.236F03C
MicrosoftTrojan:Win32/Tiggre!rfn
AegisLabTrojan.Win32.Macrodrop.4!c
GDataGen:Variant.Ursu.42906
AhnLab-V3Dropper/Win32.Macrodrop.C2309847
Acronissuspicious
McAfeeGeneric.bki
MAXmalware (ai score=94)
VBA32TrojanDropper.Macrodrop
PandaTrj/CI.A
IkarusTrojan-Ransom.GandCrab
FortinetW32/Zbot.ADC!tr.spy
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Ursu.42906?

Ursu.42906 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment