How to remove "Ursu.684283 (B)"?

The Ursu.684283 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.684283 (B) virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Tries to unhook or modify Windows functions monitored by Cuckoo
Behavior consistent with a dropper attempting to download the next stage.
Network activity contains more than one unique useragent.
Creates a hidden or system file
Attempts to modify proxy settings

Related domains:

d1kf.lykj988.com

www.d1kf.com

www.goodgq.com

www.bing.com

How to determine Ursu.684283 (B)?


File Info:
crc32: D90D3C2F
md5: fa9143a17faf5f80190e9a610204058e
name: video_gq.exe
sha1: 42c8e81eda43d8f3da8166d8a4acdfe62f1dee45
sha256: bbc32bf04bfb70e96ea6b8e5f8159a4c404d8b1e4fdcb1ecfc7d97637f87da11
sha512: 4f867680b5cd5dcb950d3db0e99d49ceeedf8293a9caca3057c5426d4cfca0ad1085c099f78fae569c009a01b508662d235e4df83634ad31314b8c7debb689a3
ssdeep: 49152:fRhLXDRcs0rlqf/BYaCDm2J4mTNhS8htYlml+b3CHK8R9Pq5B/ugaqey9H9R+f3:TLlcr5Y//M4MrhEml+b3C1GB/0qey9d
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
LegalCopyright: x56fax4e54x5de5x4f5cx5ba4xff08www.goodgq.comxff09
FileVersion: 63.0.0.0
CompanyName: x56fax4e54x5de5x4f5cx5ba4
Comments: x6279x91cfx4e0bx8f7dx5546x54c1x4e3bx56fex89c6x9891x3001x63cfx8ff0x89c6x9891x3001x8bc4x8bbax89c6x9891xff1bx667ax80fdx4e0bx8f7dx77edx89c6x9891x3001x5c0fx89c6x9891x7b49
ProductName: x56fax4e54x89c6x9891x52a9x624b
ProductVersion: 63.0.0.0
FileDescription: x6279x91cfx4e0bx8f7dx89c6x9891x7d20x6750x7684x8f6fx4ef6
Translation: 0x0804 0x04b0

Ursu.684283 (B) also known as:

MicroWorld-eScan	Gen:Variant.Ursu.684283
FireEye	Generic.mg.fa9143a17faf5f80
ALYac	Gen:Variant.Ursu.684283
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
BitDefender	Gen:Variant.Ursu.684283
K7GW	Adware ( 0050718d1 )
CrowdStrike	win/malicious_confidence_80% (D)
TrendMicro	TROJ_GEN.R01FC0PCS20
BitDefenderTheta	Gen:NN.ZexaF.34104.@oKfaK7b@0mH
Cyren	W32/Trojan.CLL.gen!Eldorado
TotalDefense	Win32/PackedBaidu
TrendMicro-HouseCall	TROJ_GEN.R01FC0PCS20
Avast	Win32:Malware-gen
GData	Gen:Variant.Ursu.684283
Ad-Aware	Gen:Variant.Ursu.684283
Sophos	Generic PUA EC (PUA)
Comodo	Malware@#n9vbt20k2wan
Invincea	heuristic
McAfee-GW-Edition	GenericRXJP-VG!6DAA325D1DF7
SentinelOne	DFI – Malicious PE
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Ursu.684283 (B)
APEX	Malicious
F-Prot	W32/Trojan.CLL.gen!Eldorado
Antiy-AVL	GrayWare/Win32.FlyStudio.a
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Ursu.DA70FB
Microsoft	Trojan:Win32/Detplock
Acronis	suspicious
McAfee	Artemis!FA9143A17FAF
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Fuerboos
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Rising	Trojan.Tonmye!8.510 (TFE:dGZlOgUt8Y6BRC29fA)
Ikarus	Trojan.Win32.QQWare
eGambit	HackTool.Generic
Fortinet	W32/QQWare.A!tr
AVG	Win32:Malware-gen
Cybereason	malicious.eda43d

How to remove Ursu.684283 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

How to remove “Ursu.684283 (B)”?