What is “Ursu.854926 (B)”?

The Ursu.854926 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.854926 (B) virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Ursu.854926 (B)?


File Info:
name: 01910F6C3C1C3FDA6A29.mlw
path: /opt/CAPEv2/storage/binaries/c57c6b09a8e9f25698d31e8df5d97d7dbe1de4227f33990bda1dc094296af4aa
crc32: 1F1EB2FB
md5: 01910f6c3c1c3fda6a299a20984ef2a8
sha1: 52e3b8de15f53f8acbacd85ce035c0d9e203922e
sha256: c57c6b09a8e9f25698d31e8df5d97d7dbe1de4227f33990bda1dc094296af4aa
sha512: 7ea6d90658c078bf0a6eef7e11c6d7ca98f8b635cf6a3cdb30c858a9ee53cb0f1fa0b6cf97512292d6db37fddf11ad6a7fcb4f8df06a15b4aad820b7f46ee171
ssdeep: 24576:zay7E6Ehg7mM+M6RkMkIM7gE6Eh67VdykFnzFjaO:GW0g7mM+M6RkMkIM7I067nyyzFT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10845AE02F7C098B5E4B68135497797381B77BC354E10875F3368B74EAD312C2AA3AB66
sha3_384: 9feaf4e7ad4fb77cea5ed1272a479be0b063aa5afaefed99fb66894fec1fdd80873f17b83c724990d7061ca0974dceb4
ep_bytes: 6a706870170001e8b602000033ff57ff
timestamp: 2001-08-17 20:51:15

Version Info:
CompanyName: Microsoft Corporation
FileDescription: System Information
FileVersion: 5.1.2600.0 (XPClient.010817-1148)
InternalName: msinfo32.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: msinfo32.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.0
Translation: 0x0409 0x04b0

Ursu.854926 (B) also known as:

tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Ursu.854926
FireEye	Generic.mg.01910f6c3c1c3fda
ALYac	Gen:Variant.Ursu.854926
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.c3c1c3
Cyren	W32/Patched.CJ.gen!Eldorado
Elastic	malicious (high confidence)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ursu.854926
Avast	Win32:Malware-gen
Tencent	Malware.Win32.Gencirc.10ce28ee
Ad-Aware	Gen:Variant.Ursu.854926
Emsisoft	Gen:Variant.Ursu.854926 (B)
Zillya	Trojan.GenericKD.Win32.154658
McAfee-GW-Edition	BehavesLike.Win32.Virut.th
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Ursu.854926
Avira	HEUR/AGEN.1249061
Arcabit	Trojan.Ursu.DD0B8E
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!01910F6C3C1C
MAX	malware (ai score=84)
Rising	Trojan.Generic!8.C3 (RDMK:cmRtazruP35geLgoBIzGQnvl/4Uw)
Ikarus	Trojan-Dropper.Agent
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Ipamor.7AD6!tr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Ursu.854926 (B)?

Ursu.854926 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X