Malware

Heur.Zygug.6 removal

Malware Removal

The Heur.Zygug.6 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Heur.Zygug.6 virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Anomalous binary characteristics

How to determine Heur.Zygug.6?


File Info:

crc32: 6EA3B59A
md5: 06fa428a817d74ec6fc3994a2cac76ca
name: 06FA428A817D74EC6FC3994A2CAC76CA.mlw
sha1: 53ace451926100c59c6ac45a2f133cae5562e72f
sha256: 6fb5085e36b1235118c30ab143d634311bec3e206e38800887f6558b25ada00b
sha512: 860c6b1b1a8d76302c47027d4a1ecbb68813b615c86513784f2aeb323c2babd655a38d3b91113b597161b05dce7f6246b78620f3f414bcd1e5ab171355c59e49
ssdeep: 6144:TuhDRqlBsj382eFg3RgQXBbuD92Cj7US/FhEyulGOLP:Tv7CRgKuVRC
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:

0: [No Data]

Heur.Zygug.6 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.2401
MicroWorld-eScanGen:Heur.Zygug.6
FireEyeGeneric.mg.06fa428a817d74ec
Qihoo-360Win32/TrojanDropper.Generic.HwQAgVAA
ALYacGen:Heur.Zygug.6
CylanceUnsafe
VIPRETrojan.Win32.Encpk.ahq (v)
AegisLabTrojan.Win32.Generic.lEkh
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0055e3db1 )
BitDefenderGen:Heur.Zygug.6
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.a817d7
BitDefenderThetaGen:NN.ZexaF.34590.nGX@aGfwcQci
CyrenW32/Hamweq.D.gen!Eldorado
SymantecTrojan.Ransomlock!g21
TotalDefenseWin32/Zbot
APEXMalicious
AvastWin32:Cryptor
ClamAVWin.Trojan.Zbot-63161
KasperskyHEUR:Trojan.Win32.Generic
AlibabaVirTool:Win32/Obfuscator.6ab8f626
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
ViRobotTrojan.Win32.A.Zbot.218624.DI
RisingSpyware.Zbot!8.16B (CLOUD)
Ad-AwareGen:Heur.Zygug.6
TACHYONTrojan-Spy/W32.ZBot.218624.Z
SophosMal/Generic-R + Mal/EncPk-AHQ
ComodoTrojWare.Win32.PWS.ZBot.AAA@4sq88d
F-SecureTrojan.TR/Dropper.Gen7
ZillyaTrojan.Zbot.Win32.84613
TrendMicroTROJ_RANSOM.SMWX
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
EmsisoftGen:Heur.Zygug.6 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.cjbf
WebrootW32.Infostealer.Zeus
AviraTR/Dropper.Gen7
Antiy-AVLTrojan[Spy]/Win32.Zbot
KingsoftWin32.Troj.Zbot.gg.(kcloud)
MicrosoftPWS:Win32/Zbot!CI
ArcabitTrojan.Zygug.6
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Heur.Zygug.6
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R42341
McAfeePWS-Zbot.gen.apx
MAXmalware (ai score=99)
VBA32Worm.Dorkbot.1312
MalwarebytesRansom.FileCryptor
PandaTrj/Genetic.gen
ESET-NOD32Win32/Spy.Zbot.AAO
TrendMicro-HouseCallTROJ_RANSOM.SMWX
TencentMalware.Win32.Gencirc.10c5038b
YandexTrojan.GenAsa!uhep0ngGQQg
IkarusTrojan.Win32.Tobfy
FortinetW32/Ransom.AAX!tr
AVGWin32:Cryptor
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.4808970.susgen

How to remove Heur.Zygug.6?

Heur.Zygug.6 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment