Ursu.863801 (B) removal

The Ursu.863801 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ursu.863801 (B) virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process created a hidden window
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Uses Windows utilities for basic functionality
Attempts to restart the guest VM
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

edgedl.me.gvt1.com

update.googleapis.com

How to determine Ursu.863801 (B)?


File Info:
crc32: A8BA2C7C
md5: 4509f3d8e8c8e70cf03bc724c4f57788
name: 4509F3D8E8C8E70CF03BC724C4F57788.mlw
sha1: 910835abe5b5ab6e756449b519a0fbc742389443
sha256: c7e9f970edb5c4b5968589722e03d43f5c9279022b718aa2bc9241f63bf85954
sha512: 2e5dd76fa22c4fca6571b91282a185314f91e60b4e0034eb3ea9f91be9da1d5f6f986951f98bbc900c4db72ca12a6985e8dd112c7bd60701381e1bc4fecb2a6e
ssdeep: 3072:86mU6pFwhRgYfmVG5I1r6jpOm3gr3uknoA/q63mWMPnP/2i42fHwFK7GSTz5Q42:86mU6pFwhRgY4G5I1re/kuhFTPnP/Lt
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (c) 2011
InternalName: Mystic
FileVersion: 2.0
CompanyName: x41ex41ex41e x417x430x43ax440x438x43fx442x443x439
ProductName: The space invader corp.
ProductVersion: 2.0))
FileDescription: Mystic compressor
OriginalFilename: Mystic

Ursu.863801 (B) also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0023944d1 )
Lionic	Trojan.Win32.HmBlocker.j!c
DrWeb	Trojan.Packed.1974
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ursu.863801
Cylance	Unsafe
Zillya	Trojan.HmBlocker.Win32.365
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Alibaba	Ransom:Win32/HmBlocker.cbb93d96
K7GW	Trojan ( 0023944d1 )
Cybereason	malicious.8e8c8e
Cyren	W32/S-4cceb572!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.MHS
APEX	Malicious
Avast	Win32:Mystic
Kaspersky	Trojan-Ransom.Win32.HmBlocker.djm
BitDefender	Gen:Variant.Ursu.863801
NANO-Antivirus	Trojan.Win32.Winlock.ccxqk
ViRobot	Trojan.Win32.A.HmBlocker.129536.B
MicroWorld-eScan	Gen:Variant.Ursu.863801
Tencent	Win32.Trojan.Hmblocker.Ozsb
Ad-Aware	Gen:Variant.Ursu.863801
Sophos	ML/PE-A + Mal/FakeAV-MR
Comodo	Malware@#3ligz5ajoajol
BitDefenderTheta	Gen:NN.ZexaF.34058.lu0@aO7Hs4eU
VIPRE	Trojan.Win32.FakeAV.gq (v)
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.4509f3d8e8c8e70c
Emsisoft	Gen:Variant.Ursu.863801 (B)
Jiangmin	Trojan/HmBlocker.ant
Avira	TR/Crypt.XPACK.Gen
eGambit	Generic.Downloader
Antiy-AVL	Trojan/Generic.ASMalwS.18BC2AA
Microsoft	Trojan:Win32/Bulta!rfn
GData	Gen:Variant.Ursu.863801
McAfee	Artemis!4509F3D8E8C8
MAX	malware (ai score=100)
VBA32	Trojan.ExpProc.014
Malwarebytes	Malware.AI.3599739892
Panda	Generic Malware
Rising	Trojan.Generic@ML.100 (RDML:KITMGLp0oTcMp0TZJwQ/ag)
Yandex	Trojan.HmBlocker!QhdxeyQIzdc
Ikarus	Trojan-Ransom.HmBlocker
Fortinet	W32/Yakes.S!tr
AVG	Win32:Mystic
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.PornoBlocker.HxQBEpsA

How to remove Ursu.863801 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.