Should I remove “Ursu.858883”?

The Ursu.858883 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ursu.858883 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Ursu.858883?


File Info:
name: C7024EBB67DFBD89F93B.mlw
path: /opt/CAPEv2/storage/binaries/cda4110af62981e8b3496822ff1d7567a39a539cf399b44094f984734d4bd864
crc32: 01751C9E
md5: c7024ebb67dfbd89f93bd0243ba543bf
sha1: c7faa179b289b611a42f164eb821985c31b3c5f2
sha256: cda4110af62981e8b3496822ff1d7567a39a539cf399b44094f984734d4bd864
sha512: b637da9f61cab341a96d152a4807a94f7f99306df86f668c95f80b2efd1fdef5ec6a1e966516b27db71c9e7ea191f062e4b5c2fc55743e4ceaf8411b7baea827
ssdeep: 96:sfZX9pXW5KgOXOab+CAwLsI/VdQVVZxC6Qidf/Zp8tOrWBcc0wXzNt:sfZD4weY1/LsI/jQbpXN/YIrWBc3wB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T178F1D922A7DC8B7ACE314B36ED2362901B78F760DCE7AF5E6584501ADD933044A63B70
sha3_384: 9d61b243aca7a5fa43d207a3e4d796384c3741179f63c68d066d67f3561cd1067baa63b44d6c9a6e43787a88c2f90146
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-03-26 18:53:40

Version Info:
Translation: 0x0000 0x04b0
FileDescription: clean1
FileVersion: 1.0.0.0
InternalName: clean1.exe
LegalCopyright: Copyright ©  2020
OriginalFilename: clean1.exe
ProductName: clean1
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ursu.858883 also known as:

Lionic	Trojan.MSIL.Disfa.4!c
MicroWorld-eScan	Gen:Variant.Ursu.858883
FireEye	Gen:Variant.Ursu.858883
ALYac	Gen:Variant.Ursu.858883
Cylance	unsafe
Zillya	Downloader.Agent.Win32.403484
Sangfor	Downloader.Msil.Disfa.V7sb
K7AntiVirus	Trojan-Downloader ( 00544baf1 )
Alibaba	Trojan:MSIL/Disfa.50a75aa1
K7GW	Trojan-Downloader ( 00544baf1 )
CrowdStrike	win/malicious_confidence_100% (W)
VirIT	Trojan.Win32.Dnldr27.BWQS
Cyren	W32/MSIL_Agent.BSN.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.FGM
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.MSIL.Disfa.gen
BitDefender	Gen:Variant.Ursu.858883
NANO-Antivirus	Trojan.Win32.Disfa.hsfjqe
Avast	Win32:GenMaliciousA-JOL [Trj]
Tencent	Msil.Trojan-Downloader.Ader.Mcnw
Emsisoft	Gen:Variant.Ursu.858883 (B)
F-Secure	Trojan.TR/Dldr.Agent.ltgux
DrWeb	Trojan.DownLoader33.24806
VIPRE	Gen:Variant.Ursu.858883
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
GData	Gen:Variant.Ursu.858883
Jiangmin	Trojan.MSIL.oktk
Avira	TR/Dldr.Agent.ltgux
Antiy-AVL	Trojan/MSIL.Disfa
Xcitium	Malware@#3odlra9mbrg7t
Arcabit	Trojan.Ursu.DD1B03
ZoneAlarm	HEUR:Trojan.MSIL.Disfa.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Trojan/Win32.Wacatac.C4062344
McAfee	Artemis!C7024EBB67DF
MAX	malware (ai score=82)
VBA32	Downloader.MSIL.gen.rexp
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/GdSda.A
Rising	Backdoor.Revetrat!8.E4C1 (CLOUD)
Ikarus	Trojan-Downloader.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.FGM!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.36662.am0@amgulwg
AVG	Win32:GenMaliciousA-JOL [Trj]
Cybereason	malicious.b67dfb
DeepInstinct	MALICIOUS

How to remove Ursu.858883?

Ursu.858883 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X