Malware

Should I remove “Zusy.255847”?

Malware Removal

The Zusy.255847 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.255847 virus can do?

  • Uses Windows utilities for basic functionality
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates known PcClient mutex and/or file changes.
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.255847?



File Info:

name: A780D431F978981D54F0.mlw
path: /opt/CAPEv2/storage/binaries/606b926ff19a845b24e4471b779f3da5cde14531d8a3820540d2226d37a09a97
crc32: 5E50529A
md5: a780d431f978981d54f044eb8e697911
sha1: cc4030fa493e4983a36edab83161b18a2df2fdd2
sha256: 606b926ff19a845b24e4471b779f3da5cde14531d8a3820540d2226d37a09a97
sha512: 7bdd401688818d1b909cddc98b488bedf353e282280981e01419670913048ca1a71f7d9576711ad10167b4b30b729fe05575794afadaf0e6c10085eaf1f4e5dd
ssdeep: 1536:AT/GkoQ0Fo/I9JAJuQSoHSzVjJ08rCZLj08ooDqUt/xOLsylEB55tm:U/3OoaQSxzVjJ0dNL3OIymBXtm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C573F1561BF164F9E9894AF05BB20F3E737668210F3415EBAAB7C6D908B1710DD39382
sha3_384: dd00644182a943cf20381b8cf2157c54257d6b34b721cc5c45e145b68ea58d553177ab8c1d6657d801260240dfc7f210
ep_bytes: 558bec6aff684021400068601f400064
timestamp: 2009-01-30 03:00:33


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: svchost.exe
LegalCopyright: ? Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: svchost.exe
PrivateBuild: 
ProductName: Microsoft? Windows? Operating System
ProductVersion: 5.1.2600.2180
SpecialBuild: 
Translation: 0x0804 0x04b0

Zusy.255847 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.255847
FireEyeGeneric.mg.a780d431f978981d
ALYacGen:Variant.Zusy.255847
VIPREGen:Variant.Zusy.255847
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.3D999B311F
CyrenW32/PcClient.S.gen!Eldorado
SymantecTrojan.Dropper
ESET-NOD32a variant of Win32/Agent.POC
APEXMalicious
ClamAVWin.Trojan.Rootkit-1628
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.255847
NANO-AntivirusTrojan.Win32.Drop.ddfgjt
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10b86484
SophosGeneric ML PUA (PUA)
F-SecureTrojan.TR/FakeSysdef.azxce
DrWebTrojan.MulDrop.30358
McAfee-GW-EditionBehavesLike.Win32.Generic.lc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zusy.255847 (B)
IkarusBackdoor.Win32.Venik
GDataGen:Variant.Zusy.255847
JiangminBackdoor/NetBot.de
AviraTR/FakeSysdef.azxce
Antiy-AVLTrojan[Rootkit]/Win32.Agent
Kingsoftmalware.kb.a.1000
XcitiumBackdoor.Win32.NetBot.~U@7ce9n
ArcabitTrojan.Zusy.D3E767
ViRobotTrojan.Win32.RT-Agent.135168
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDropper:Win32/Venik.B!dha
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Nbdd.R2022
VBA32BScope.Trojan.MulDrop
MAXmalware (ai score=87)
Cylanceunsafe
PandaGeneric Malware
RisingHack.DDoSer.Win32.Agent.sg (CLOUD)
YandexTrojan.GenAsa!7Ft6uPotX2g
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Nbdd.FB!tr.bdr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.a493e4
DeepInstinctMALICIOUS

How to remove Zusy.255847?

Zusy.255847 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment