Backdoor.Ursap!rts Description

Backdoor.Ursap!rts is a backdoor Trojan is created to infiltrate into a compromised PC and open a back door for cyber-criminals who aim at stealing computer user's personal information for illegitimate activities. Backdoor.Ursap!rts spreads via existing network vulnerability or security program exploits. Backdoor.Ursap!rts runs in the background and tries to slow down your PC system by consuming a large amount of system resources. Backdoor.Ursap!rts has to removed as quickly as possible.

Aliases: BackDoor.Generic_r.LG [AVG], W32/Jorik_Lolbot.AOP!tr [Fortinet], Win32/IRCBot.NFX, Trojan.IRCBot!rem, Win32.Troj.Jorik.(kcloud), Trojan/Jorik.bgjo, Trojan.Win32.Jorik.Lolbot.AMN (A), Heuristic.LooksLike.Win32.Suspicious.F [McAfee-GW-Edition], TR/Spy.907776.5 [AntiVir], Trojan.DownLoader6.12833 [DrWeb], Trojan.Lolbot!1JN+hQU/DaU, Trojan.Generic.KDV.696237 [BitDefender], Trojan.Win32.Jorik.Lolbot.aop [Kaspersky], Win32.Fakealert.Sesh [eSafe] and TROJ_SPNR.07DB12.

Technical Information

File System Details

Backdoor.Ursap!rts creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%jusched.exe 103,424 1be65c0597137d85879259696adbd166 59
2 %PUBLIC%msnd.exe 155,648 d58a327bb21c7d324c1e1a106288bd1b 46
3 %COMMONPROGRAMFILES%\MSSecurity\wscntfy.exe 40,960 491d9c472a82a92ecbb22470814cec63 16
4 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\A-1503314171.exe 34,816 90a783bcb202174d96e0dbabba0262c7 5
5 %ALLUSERSPROFILE%\Local Settings\Temp\msdubmnax.pif 63,527 66b2d27683c41b280613e712a8e8da0f 3
6 %APPDATA%svchost.exe 907,776 e821fd5263c3cbfaefde266704dcd45e 3
7 C:\RECYCLER\S-1-5-21-0221221080-0036487367-414311101-0342\winmap.exe 208,391 2bcf812ad0a67a869a22784cee68da96 2
8 %WINDIR%scvhosts.exe 79,872 7801445b809b932a429f9387853caf81 2
9 %ALLUSERSPROFILE%o0mf45nj.exe 103,424 e2668b12c194c2ed2b02171b02ec0070 2
10 %USERPROFILE%\My Documents\Downloads2\CMOInstaller.exe 14,508,841 b23c48472de65d83b2b62619ae084157 2
11 %WINDIR%\system32\install\server.exe 705,101 8110abff754d48cee6d666d26c8173c0 1
12 %APPDATA%\memchecker\memchecker.exe 358,400 97ac3b65db258eb4f607a098f7b203a9 1
13 %COMMONPROGRAMFILES%\MediaCatalogMergedDB\MediaCatalogMergedDBProvider.exe 41,568 0240316967cadee54a6f345fea1d27cf 1
14 %LOCALAPPDATA%\Microsoft\Windows\1491\sdchange.exe 48,640 7cb01fcaa9c7e2edae02e5956c61e54a 1
15 %USERPROFILE%tofitugikloq.exe 90,584 e00f89b960bfde2c239c428bcb6bf73f 1
16 %SystemDrive%\Users\Andrea.gabo-PC\AppData\Roaming\DB41.exe 46,592 6fd3767ce3f7b1feff120f9157afcde6 1
17 %USERPROFILE%wsnKBD.exe 198,656 7581b628c7c8de3c632158d505cbb8f5 1
18 jusched.exe N/A

Registry Details

Backdoor.Ursap!rts creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\ Backdoor.Ursap!rts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.