About “Trojan:Win32/Znyonm” infection

The Trojan:Win32/Znyonm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Znyonm virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Trojan:Win32/Znyonm?


File Info:
name: 257540C3F4C370F00647.mlw
path: /opt/CAPEv2/storage/binaries/953cd11865b9bf380733a734e9307476780bfb7d07a99346abc254ee0f70b201
crc32: 38AAC615
md5: 257540c3f4c370f006478eac8c3e5b7c
sha1: dea2f1b74d7f4e5b91378a2541180377e3c9e806
sha256: 953cd11865b9bf380733a734e9307476780bfb7d07a99346abc254ee0f70b201
sha512: 249209667aa85d5c229e0631ab8edb2672c0a894c59a6968cae2ac799d4adecf34f7c0d35467abb8118244d9f031e57cb83bef243efda621db44113c567d88b8
ssdeep: 768:nRn2sGXlSHxEKKFjhVN19TuhY9HZNTqq85fMQXJArqU6daED4/nvBmephpwXaEP6:dLGXlSLGhz2Y95N/85fRJAtZhh+XpP6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17C632812B6908036EB960530CCB9C3915B2E792E47F851FBB7D806ED5F622D07A3935B
sha3_384: 7e1705c2ad39b6a21181b1c7879422cd51f9787582304e81a8097c17356c9c3921945bcb52b6b5b8bc11de21253815c6
ep_bytes: e8ed1e0000e989feffff8bff558bec8b
timestamp: 2023-12-14 02:05:55

Version Info:
CompanyName: Microsoft
FileDescription: Word
FileVersion: 1.2
InternalName: Word
LegalCopyright: Copyright (C) 2023
OriginalFilename: Word.exe
ProductName: Microsoft
ProductVersion: 1.2
Translation: 0x0809 0x04b0

Trojan:Win32/Znyonm also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.529816
FireEye	Gen:Variant.Zusy.529816
Skyhigh	BehavesLike.Win32.Agent.kh
ALYac	Gen:Variant.Zusy.529816
Cylance	unsafe
Zillya	Downloader.Agent.Win32.539663
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDownloader:Win32/DropperX.585dafb3
K7GW	Trojan-Downloader ( 005af0d61 )
K7AntiVirus	Trojan-Downloader ( 005af0d61 )
BitDefenderTheta	Gen:NN.ZexaF.36608.eu0@aelSnikj
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.HJY
APEX	Malicious
Cynet	Malicious (score: 99)
BitDefender	Gen:Variant.Zusy.529816
Avast	Win32:DropperX-gen [Drp]
Tencent	Win32.Trojan-Downloader.Oader.Fkjl
Ad-Aware	Gen:Variant.Zusy.529816
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Dldr.Agent.tsvtl
VIPRE	Gen:Variant.Zusy.529816
Emsisoft	Gen:Variant.Zusy.529816 (B)
Ikarus	Trojan-Downloader.Win32.Agent
Google	Detected
Avira	TR/Dldr.Agent.tsvtl
Antiy-AVL	Trojan[Downloader]/Win32.Agent
Microsoft	Trojan:Win32/Znyonm
Arcabit	Trojan.Zusy.D81598
GData	Gen:Variant.Zusy.529816
Varist	W32/Agent.HYU.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R628446
McAfee	Artemis!257540C3F4C3
MAX	malware (ai score=88)
Malwarebytes	Trojan.Downloader
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09LE23
Rising	Trojan.Generic@AI.100 (RDML:1iYG3j0cwq4A/mcCkYhIYA)
MaxSecure	Trojan.Malware.221488491.susgen
Fortinet	W32/Agent.HJY!tr.dldr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Znyonm?

Trojan:Win32/Znyonm removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X