Categories: Malware

Ursu.805679 removal instruction

The Ursu.805679 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.805679 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Drops a binary and executes it
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Installs itself for autorun at Windows startup
Creates a hidden or system file
Likely virus infection of existing system binary
Creates a copy of itself

Related domains:

nibiru3.duckdns.org

nibiru4.duckdns.org

nibiru5.duckdns.org

karmina113.sytes.net

karmina117.sytes.net

karmina118.sytes.net

karmina119.sytes.net

How to determine Ursu.805679?


File Info:
crc32: C19EFE2Amd5: efc1c7421308412e789de36f40a5ff55name: EFC1C7421308412E789DE36F40A5FF55.mlwsha1: 654472f39e21c66bd8230431155e154789cac611sha256: 64ecc5d104954f024c442068a4a31e0e721b8f3fd947bf0845328cbc65db3d9bsha512: 1928f525653eca0685df254c8ed94530bfb774a1024a396d4ea98e7a9e76cca830b3aa1458cd1635ffd6b48d8ab9fd453341822231989da50523dedb486f55c1ssdeep: 3072:EgWxP3t4P/dHHdS6kRR7ykHL5STdxonPo9fjKt2U2Jjv:Eg2+V9S6gdyLdSL2U2type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Audio Realtek Control Copyright xa9  2017Assembly Version: 1.145.1.178InternalName: WSReset.exeFileVersion: 1.145.1.178CompanyName: Realtek CorporationComments: Audio Realtek ControlProductName: Audio Realtek ControlProductVersion: 1.145.1.178FileDescription: Audio Realtek ControlOriginalFilename: WSReset.exe

Ursu.805679 also known as:

Lionic	Trojan.MSIL.Blocker.j!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ursu.805679
ALYac	Gen:Variant.Ursu.805679
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Alibaba	Ransom:MSIL/Blocker.ddda1848
K7GW	Trojan ( 0055f7d71 )
K7AntiVirus	Trojan ( 0055f7d71 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.CMU
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan-Ransom.MSIL.Blocker.gen
BitDefender	Gen:Variant.Ursu.805679
NANO-Antivirus	Trojan.Win32.Ransom.hgneja
Tencent	Msil.Trojan.Blocker.Apmn
Ad-Aware	Gen:Variant.Ursu.805679
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZemsilF.34142.wm0@amLXGCji
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.efc1c7421308412e
Emsisoft	Gen:Variant.Ursu.805679 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.MSIL.okfs
Avira	HEUR/AGEN.1100374
eGambit	Unsafe.AI_Score_99%
ZoneAlarm	HEUR:Trojan-Ransom.MSIL.Blocker.gen
GData	Gen:Variant.Ursu.805679
AhnLab-V3	Trojan/Win32.RL_FCN.C4022782
McAfee	Artemis!EFC1C7421308
MAX	malware (ai score=84)
Panda	Trj/GdSda.A
Yandex	Trojan.Agent!mBvDcfQfWwo
Ikarus	Trojan.MSIL.Agent
Fortinet	MSIL/Blocker.CMU!tr
AVG	Win32:RATX-gen [Trj]
Paloalto	generic.ml