Ursu.830821 removal tips

The Ursu.830821 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.830821 virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid

How to determine Ursu.830821?


File Info:
name: 63BD45307ABFA2ECD06C.mlw
path: /opt/CAPEv2/storage/binaries/813c27c0f55d138046f16d5346783d77032ff0cd42f8bd30bac72cb25a51e49a
crc32: 911D102F
md5: 63bd45307abfa2ecd06cd8195ea88377
sha1: 3d6545aaea44635f5bc0a4d70627601127b2978f
sha256: 813c27c0f55d138046f16d5346783d77032ff0cd42f8bd30bac72cb25a51e49a
sha512: 1a8edb9921a7128c01a5c5a9219394dec0d8ba9f0f6f4d706db6aa820d072e362f131bac6ddac366e202d199b575869f63b625276838b8b46b5638d9c968f1a0
ssdeep: 768:ygoFMeJSvkGGktb2ielkKj9AVVkHpM+NUn//FHlLDJbkc64ScbRux7SfH/hQnpeZ:ytMh/BlLDJbkc6auMffWncTOBuUA2Ri
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA634926EB64A012F502C1F12A3594AAA9127D711A93ED0BF786DF5C29336E774F070F
sha3_384: 58c5b1f0da9f898fd0281f840f82e8cf3f40ca5a6f6d2a2ff8b9ecdb46723bd5b5766895a30dbce30bd50b490532e6cc
ep_bytes: 68dc3b4000e8eeffffff000000000000
timestamp: 2006-01-06 00:45:39

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Secure Computer, LLC
FileDescription: Spyware Cleaner Service
LegalCopyright: Copyright 2004 (c) - Secure Computer, LLC
LegalTrademarks: Spyware Cleaner is a registered trademark of Secure Computer, LLC
ProductName: Spyware Cleaner Service
FileVersion: 1.00
ProductVersion: 1.00
InternalName: SCService
OriginalFilename: SCService.exe

Ursu.830821 also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Ursu.830821
ClamAV	Win.Malware.Wacatac-9847676-0
FireEye	Gen:Variant.Ursu.830821
Skyhigh	BehavesLike.Win32.Infected.km
McAfee	Artemis!63BD45307ABF
Cylance	unsafe
Sangfor	Trojan.Win32.Ursu.V958
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Ursu.DCAD65
Symantec	SpywareCleaner
ESET-NOD32	a variant of Generik.MFMIDVE
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Ursu.830821
Avast	Win32:Spyware-gen [Spy]
Emsisoft	Gen:Variant.Ursu.830821 (B)
TrendMicro	TROJ_GEN.R002C0OBB24
Sophos	Mal/Generic-S
Google	Detected
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#31wjvcl04xon3
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Ursu.830821
ALYac	Gen:Variant.Ursu.830821
MAX	malware (ai score=82)
VBA32	BScope.TrojanPSW.Zbot
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002C0OBB24
Rising	Backdoor.VB!8.32C (TFE:5:lci8hXj258I)
Yandex	TrojanSpy.Agent!HcSi/Qx7D1M
Ikarus	Trojan.SuspectCRC
MaxSecure	Trojan.Malware.1355911.susgen
AVG	Win32:Spyware-gen [Spy]
DeepInstinct	MALICIOUS

How to remove Ursu.830821?

Ursu.830821 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X