Should I remove “Zusy.190931”?

The Zusy.190931 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.190931 virus can do?

At least one process apparently crashed during execution
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Zusy.190931?


File Info:
name: E99D255A58DB44B78019.mlw
path: /opt/CAPEv2/storage/binaries/77a2b06c3c9f372e39abbb56a01d40a218eb15462821b55718bd8fad763f9df5
crc32: 55B81B02
md5: e99d255a58db44b78019d7dcee695038
sha1: c51880ac8e167a5cf0a164abd244220cd18c6475
sha256: 77a2b06c3c9f372e39abbb56a01d40a218eb15462821b55718bd8fad763f9df5
sha512: 64539e393e3b562a696608efc7693aacb5fd1a73cc7371faa8c7121ff869ff703161ae7c5713f10eaac3f584a6f38d2c77a5032474fdb702a92858533ab559ed
ssdeep: 6144:9aRAIAo+UJSex2PikNd7gilX0xQSbmTemZ5R/tTUjOaCKowvV2AP+VpqW9ESCpeN:edtWd1aztP+br6vpeN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F164D0B0EA10E401D96D1AF4D1128AE642A22C39AF958F3FD22D3ED4F5722D57D336B4
sha3_384: 402637893cabc9e4830359011e4ca00a7cd73199742a1d5d60ba853e83ffe229b7d6f72c5434fa19c5b42217de0cc51e
ep_bytes: e853000000e9fefeffff8b3590904300
timestamp: 2011-08-03 18:09:21

Version Info:
CompanyName: Don HO don.h@free.fr
FileDescription: Notepad++ : a free (GNU) source code editor
FileVersion: 5.7
InternalName: npp.exe
LegalCopyright: Copyleft 1998-2006 by Don HO
OriginalFilename: Notepad++.exe
ProductName: Notepad++
ProductVersion: 5.7
Translation: 0x0409 0x04b0

Zusy.190931 also known as:

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.e99d255a58db44b7
CAT-QuickHeal	TrojanPWS.Zbot.Y
McAfee	GenericRXCN-FQ!E99D255A58DB
Cylance	Unsafe
VIPRE	Lookslike.Win32.Sirefef.zh (v)
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Trojan ( 004f11e51 )
Alibaba	Trojan:Win32/Kryptik.5458c352
K7GW	Trojan ( 004f11e51 )
Cybereason	malicious.a58db4
BitDefenderTheta	Gen:NN.ZexaF.34212.tK1@a4EugTci
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.AJWF
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Zusy.190931
NANO-Antivirus	Trojan.Win32.Crypted.efbolo
MicroWorld-eScan	Gen:Variant.Zusy.190931
Avast	Win32:Reveton-Y [Trj]
Tencent	Malware.Win32.Gencirc.114bf164
Ad-Aware	Gen:Variant.Zusy.190931
Emsisoft	Gen:Variant.Zusy.190931 (B)
Comodo	Malware@#2mcv5foivd9yo
Zillya	Trojan.Kryptik.Win32.883949
McAfee-GW-Edition	BehavesLike.Win32.Drixed.fh
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.Zusy.190931
Webroot	W32.Bot.Gen
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.TSGeneric
Arcabit	Trojan.Zusy.D2E9D3
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	PWS:Win32/Zbot!rfn
AhnLab-V3	Malware/Win32.Generic.C1959107
Acronis	suspicious
VBA32	Malware-Cryptor.General.3
ALYac	Gen:Variant.Zusy.190931
Rising	Trojan.Kryptik!8.8 (CLOUD)
Yandex	Trojan.Kryptik!zXCFQJIYIyA
Ikarus	Trojan-Spy.Win32.Zbot
eGambit	Generic.Malware
Fortinet	W32/Kryptik.ZFQ!tr
AVG	Win32:Reveton-Y [Trj]
Panda	Bck/Qbot.AO
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Zusy.190931?

Zusy.190931 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X