Zusy.197405 removal

The Zusy.197405 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Zusy.197405 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Starts servers listening on 127.0.0.1:0
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Looks up the external IP address
Attempts to remove evidence of file being downloaded from the Internet
Executed a process and injected code into it, probably while unpacking
Exhibits behavior characteristics of HawkEye keylogger.
Attempts to access Bitcoin/ALTCoin wallets
Harvests information related to installed instant messenger clients
Harvests information related to installed mail clients
Collects information to fingerprint the system
Attempts to modify Explorer settings to prevent hidden files from being displayed

Related domains:

z.whorecord.xyz

a.tomx.xyz

whatismyipaddress.com

How to determine Zusy.197405?


File Info:
crc32: C61B16AA
md5: 84e1aa2672e2340095090fcbbe23816d
name: G.Z Trade Co.Ltd.zip
sha1: 599f0415c0602ebd916f59ec61a14f3106fdb03c
sha256: 6697fe6328b5fed7577deee23b91768b4e914918c507ef0ca21d8cc5aa20e4e3
sha512: f59573a515ef4ab7341d2d48e6b7d2fa266bd795207933551a7ceb6140b312f094bb2f7ce7f3a6c488d977e85c1691ddf9c67d1c4f7c88abdd37d08d151a1d05
ssdeep: 12288:0zePmWpVm8z86jOK/JQWoRaaZ84SCG+kPnlDxM3Vh:kePmkkcJXoRTSWkPn9xoh
type: Zip archive data, at least v2.0 to extract

Version Info:
0: [No Data]

Zusy.197405 also known as:

Bkav	W32.Clodca9.Trojan.de88
CAT-QuickHeal	TrojanPSW.Heye
McAfee	Fareit-FEU!E319116BF2AB
Malwarebytes	Trojan.Agent.MSIL
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Uds.Dangerousobject.Multi!c
K7AntiVirus	Trojan ( 004f1e221 )
K7GW	Trojan ( 004f1e221 )
Invincea	trojan.win32.skeeyah.a!rfn
Baidu	Win32.Trojan.WisdomEyes.16070401.9500.9996
F-Prot	W32/Trojan.SW.gen!Eldorado
Symantec	SecurityRisk.gen1
TrendMicro-HouseCall	TROJ_GEN.R0E9C0FFG16
Avast	Win32:Malware-gen
GData	Gen:Variant.Zusy.197405
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Zusy.197405
NANO-Antivirus	Riskware.Win32.MailPassView.edmrpn
Ad-Aware	Gen:Variant.Zusy.197405
Emsisoft	Gen:Variant.Zusy.197405 (B)
Comodo	UnclassifiedMalware
F-Secure	Gen:Variant.Zusy.197405
DrWeb	Tool.MailPassView.236
Zillya	Trojan.Heye.Win32.737
TrendMicro	TROJ_GE.D44CABA8
McAfee-GW-Edition	BehavesLike.Trojan.hc
Sophos	Troj/Mdrop-HHN
Cyren	W32/Trojan.SW.gen!Eldorado
Jiangmin	Trojan.PSW.Heye.iq
Webroot	W32.Trojan.GenKD
Avira	TR/Dropper.MSIL.hyyn
Antiy-AVL	Trojan[PSW]/Win32.Heye
Arcabit	Trojan.Zusy.D3031D
ViRobot	Trojan.Win32.Agent.648192.C[h]
Microsoft	TrojanSpy:Win32/Skeeyah.A!rfn
AhnLab-V3	Trojan/Win32.MSIL.R183497
VBA32	TrojanPSW.Heye
AVware	Trojan.Win32.Generic!BT
ESET-NOD32	MSIL/Autorun.Spy.Agent.AU
Tencent	Win32.Trojan.Inject.Auto
Yandex	Trojan.PWS.Heye!
Ikarus	Trojan.Crypt
Fortinet	MSIL/Injector.PNP!tr
AVG	MSIL10.AAWC
Panda	Trj/GdSda.A

How to remove Zusy.197405?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.