Remove Ursnif Trojan Horse (Purolator Phishing Scam)

Remove Ursnif Trojan (Purolator Phishing) Scam

This article will aid you to remove the Ursnif Trojan (Purolator phishing scam) completely. Follow the Trojan horse removal instructions given at the end of the article.

Ursnif Trojan is a banking Trojan horse that is recently being spread via a Purolator phishing scam with a message stating that you have a package. one of the most spread messages, says: Purolator have a package for you. Pop-ups that show constantly can also lock your browser on that page. E-mail campaigns are also spreading the phishing scam. You might experience redirects. The browser can be shut down without any negative impact, but in other cases your system and browser could get affected with the Ursnif Trojan. Most variants of this scam feature a background image that aims to utilize the brand and logo of Purolator shipping company.

Threat Summary

NameUrsnif Trojan horse
TypeTrojan horse, Phishing Scam
Short DescriptionPhishing scam which is trying to take you (with click-bait and social engineering tactics) to a Purolator Phishing page that spreads the Ursnif Trojan or other viruses.
SymptomsPop-up boxes, messages, and redirects appear in your browser or such are send in your email. It is not excluded for there to be a lockscreen function among these that keeps prompting you to click a link.
Distribution MethodSuspicious Sites, Redirects, Email Phishing Links
Detection Tool See If Your System Has Been Affected by Ursnif Trojan horse


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Ursnif Trojan horse.

Ursnif Trojan (Purolator Phishing) Scam – Distribution Techniques

Browsing the Web can be dangerous, especially when you reach new and unknown websites by causally browsing and they turn out to be malicious. Clicking on advertisements or targeted content could have hidden links that redirect you to dubious online places. Other websites could be filled with advertisements and redirect links and you could land on a page such as the Ursnif Trojan (Purolator Phishing) one.

Email campaigns that spread malicious links, ads, attachments and link to phishing landing pages are connected with the spread of the Purolator Phishing Scam which loads the Ursnif Trojan horse to your system. The attachments can be Microsoft Word documents with embedded VBS Macros that are malicious. The said macros run a PowerShell script, which downloads Ursnif to a compromised PC. In the above two pictures (above this paragraph and in the very beginning of the article) you can see exactly how one such email message is presented to potential victims in terms of content, which is:

Your parcel is registered with the branch of Canada Post.
You may get track number immediately with our online Track instrument PRESS HERE or digit it in your web browser http://canadacpost(.)tk/
Our tracking system is refreshed every 24 hours to provide you with the most current information available about the geographic position and status of your item.

That is one of the messages that spread via email and is seen above the last paragraph in this section of the article. If you have downloaded a .zip file that you are suspicious of, you can always check its contents for malware with ZipeZip Online Scanner. However, do not be tempted to open any links from emails especially if they look like the one discussed above or if they are sent from an unknown (unverified) source.

Ursnif Trojan (Purolator Phishing) Scam – In Greater Depth

Ursnif Trojan is being pushed by a number of Purolator phishing scam messages. The scam has a few, different landing pages, which use the brand, logo, design and fonts of Purolator, including their official site’s text and element placement. All of this is done to try to convince you into clicking somewhere and entering your credential details on a phishing page. Thus your account and profile data can get stolen and hijacked or just spoofed so they can be sold somewhere.

In the screenshot image below, you can see one of the scam pages that have a convincing message using the Purolator brand that require you to click somewhere on the page:

If you indeed click on the spot which cybercriminals wish you to click, you could get redirected to a phishing page and/or get your computer system infected with the Ursnif Trojan (Purolator Phishing) threat.

The message in the above snapshot of the current Ursnif Trojan (Purolator Phishing) scam states the following:

Please follow the steps below.
Download the Purolator Label containing your tracking number.

[Click here for your label]

After downloading your label,open the label information and locate your tracking number. You may reschedule a redeliver from us or arrange a pick up from our location.

Purolator Your Shipping Solutions

All of these Ursnif Trojan (Purolator Phishing) scams could also be displayed with pop-ups as alerts around websites, applications, emails and other means. Ursnif v3 Banking Trojan has been spotted to have sophisticated targeting techniques in the past so it is no wonder that it has decided to use a phishing scam for one of Canada’s most known shipping services.

In case there is a telephone number present somewhere on the site, know that the criminals standing on the other end of the telephone line will try to trick you in giving them information related to Purolator or that is even more personal. Do not believe if they present themselves as employees in Purolator or another notable company. However, know that the Ursnif Trojan might use a silence dropper technique that could trigger by just opening the Purolator Phishing scam page.

Browsers you have installed or your computer screen can become locked and may seem like your whole screen is blocked and totally inaccessible. In such a situation, you could try clicking the “Windows” button and combinations such as “Ctrl+Alt+Del” or even the “Close” button to check if you still can interact with your computer device.

You could also get prompted to download and install a tool which might be the Ursnif Trojan or some other malware. Keep in mind that it is all part of the scam and you shouldn’t follow any instructions given on your computer screen.

If you see any similar messages, know that they aren’t coming from Purolator. Also, no matter how many pop-ups, alerts and message boxes are shown, try to remember that this is a sophisticated scam that wants to harm your computer or steal credentials, banking data or other information from you.

Ursnif Trojan (Purolator Phishing) Scam – How to Avoid?

In this section, you will find out a simple set of rules and guidelines to follow in order to prevent yourself from falling in a trap related to Ursnif Trojan (Purolator phishing) scam and other related threats. So, if you are reading this article, you should now know that there is a multitude of scams involving a Purolator shipment or parcel notifications. Below you will see what you should do.

Purolator’s official warning alert should be enough of a hint to you that there are such scams pushed time and time again. For further reference, the web address for the official Purolator website is and its main page is displayed below:

As you now know about the existence of the emails involving the Ursnif Trojan (Purolator phishing) scam and the official Purolator site page, refer to the following guidelines on how to avoid most scams linked to using the shipping brand for their schemes:

  • Never pay before your goods get delivered
  • Do not provide any details about you, your addresses or similar information via email or unknown Websites
  • Do not open email attachments, as Purolator does not send such, neither it requests users to open such
  • Always use Purolator’s official website to refer to pages in connection with the service
  • Avoid messages with grammatical or typographical errors
  • Avoid emails that are not addressed to you by name
  • Avoid messages sent by a service you don’t expect to hear from
  • Avoid messages that do not include a tracking number or specific details about your order or address
  • Avoid clicking on links to provide your email address for verification
  • Avoid payments to someone whose identity you can’t confirm

The guideline rules listed above were constructed by the SensorsTechForum team, via a research done on the matter. These rules are based on common sense and depending on the various scams related to Purolator.

Remove Ursnif Trojan (Purolator Phishing) Scam

To remove the Ursnif Trojan (Purolator Phishing) scam and its related Trojan horse files manually from your PC, follow the step-by-step removal instructions provided below. If the manual removal guide does not get rid of the scam and its redirects completely, you should search for and remove any leftover items with an advanced anti-malware tool. Software like that will keep your system secure in the future.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share