Malware

Zusy.202281 removal tips

Malware Removal

The Zusy.202281 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.202281 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the DCRat malware family
  • Anomalous binary characteristics

How to determine Zusy.202281?



File Info:

name: B8E2210B66EF1D748F77.mlw
path: /opt/CAPEv2/storage/binaries/31fe5c454dff445faf1f557afb7cc4f5b12bccc0006cbcaa02b9f87ebe0268d5
crc32: 070EBEA3
md5: b8e2210b66ef1d748f77e56274d2f59f
sha1: d28abd4970e726c24e9fb663328a33a916886492
sha256: 31fe5c454dff445faf1f557afb7cc4f5b12bccc0006cbcaa02b9f87ebe0268d5
sha512: 754d5984a855153d1ccd21337b145391bbd8493b5238f85f9f91ff13bb0a2eed1a5bbf0f02c7484391e7799620abc6f6c6fe43a7991e66561da6bc9ac9783f97
ssdeep: 24576:+nwHcCS+ZDZWbTAqoj9Y9auvUnpgfFtihcOaLiES6c3:yFCvdWbTaS9auvyp2EtaeES6c
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14645333D49C4DBF9F88AE5F216935DAB88346F72EC74A12EAE1910F9D31E3720481C52
sha3_384: 7f3d1d16d975fd9d4c26b6bc85507a8dd4090c827f44f77c45eb3bb4387166ca1e0104fb0cf770f43d080a80771a1454
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2021-11-21 01:09:22


Version Info:

FileVersion: 2019.4.15.16511847
ProductVersion: 2019.4.15.16511847
Unity Version: 2019.4.15f1_fbf367ac14e9
Translation: 0x0409 0x04b0

Zusy.202281 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Symmi.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.51366
MicroWorld-eScanGen:Variant.Zusy.202281
FireEyeGeneric.mg.b8e2210b66ef1d74
ALYacGen:Variant.Zusy.202281
MalwarebytesBackdoor.DCRat
ZillyaBackdoor.Agent.Win32.83202
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanSpy:MSIL/Stealer.e9565ac5
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.b66ef1
ArcabitTrojan.Zusy.D31629
BitDefenderThetaGen:NN.ZexaF.34084.nz0@aavKdsmi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
TrendMicro-HouseCallTROJ_GEN.R002H09KN21
Paloaltogeneric.ml
ClamAVWin.Malware.Enigmaprotector-9865339-0
KasperskyTrojan-Spy.MSIL.Stealer.cho
BitDefenderGen:Variant.Zusy.202281
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Zusy.202281
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Adware.tc
EmsisoftGen:Variant.Zusy.202281 (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1137410
Antiy-AVLTrojan/Generic.ASBOL.C669
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Tiggre!rfn
GDataGen:Variant.Zusy.202281
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.R454040
Acronissuspicious
McAfeeArtemis!B8E2210B66EF
MAXmalware (ai score=85)
VBA32Trojan.Zpevdo
CylanceUnsafe
APEXMalicious
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
YandexTrojanSpy.Stealer!r4R+hBPjLCg
FortinetRiskware/Application
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Zusy.202281?

Zusy.202281 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment