Malware

What is “Zusy.280433”?

Malware Removal

The Zusy.280433 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.280433 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Deletes its original binary from disk
  • Executed a process and injected code into it, probably while unpacking
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: winhost.exe
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

xmr.pool.minergate.com

How to determine Zusy.280433?



File Info:

crc32: 5EE27C1E
md5: 8a04b3b54a3a2ae9a2f0a2972097ad9a
name: winhost.exe
sha1: 9008c6cb23d609c5147ab4dea9864760ecdf8b19
sha256: 2ba1e9c0c6ddf75062a05f6a5a619e9740305957a09bcac46502b56c5e14ccac
sha512: 8c6341e138f330fe3d9757354b869f7a9329cc3d6b230f6763d894b10294c82161204c5804cd1427d509eef0be8c00f7b854446a701bc48a71edafbdcc0b1373
ssdeep: 24576:wR1At8tggVG/OP2s86jphyZWGPVeMYCMTyTStBfBZgroNq11X7F8ohgj1lW5czfl:RuWjGP2s86fEYCMTyTSZgrfiI0iDTu
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2011 Futuremark Corporation.  All rights reserved.
InternalName: FMSIScan.exe
FileVersion: 4, 6, 0, 0
CompanyName: Futuremark Corporation
ProductName: Futuremark SystemInfo
ProductVersion: 4, 6, 0, 0
FileDescription: Futuremark SystemInfo Scanner
OriginalFilename: FMSIScan.exe
Translation: 0x0409 0x04b0

Zusy.280433 also known as:

BkavW32.HfsAutoB.CED8
MicroWorld-eScanGen:Variant.Zusy.280433
CAT-QuickHealTrojan.IGENERIC
McAfeeArtemis!8A04B3B54A3A
VIPRETrojan.Win32.Generic!BT
K7GWTrojan ( 004b897a1 )
K7AntiVirusTrojan ( 004b897a1 )
Invinceaheuristic
BaiduWin32.Trojan.WisdomEyes.16070401.9500.9774
NANO-AntivirusTrojan.Win32.Miner.faylpe
SymantecW32.Mandaph
TrendMicro-HouseCallTROJ_GEN.R061C0OE218
Paloaltogeneric.ml
KasperskyTrojan.Win32.Miner.uahq
BitDefenderGen:Variant.Zusy.280433
AegisLabTroj.W32.Generic!c
AvastWin32:Malware-gen
TencentWin32.Trojan.Miner.Dzjo
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoUnclassifiedMalware
F-SecureGen:Variant.Zusy.280433
TrendMicroTROJ_GEN.R061C0OE218
McAfee-GW-EditionBehavesLike.Win32.Ramnit.tc
EmsisoftGen:Variant.Zusy.280433 (B)
CyrenW32/GenPua.8A04B3B5!Olympus
WebrootW32.Malware.Gen
AviraTR/Crypt.TPM.Gen
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojan:Win32/Tiggre!rfn
ArcabitTrojan.Zusy.D44771
ZoneAlarmTrojan.Win32.Miner.uahq
GDataGen:Variant.Zusy.280433
AhnLab-V3Malware/Win32.Generic.C2448683
ALYacGen:Variant.Zusy.280433
MAXmalware (ai score=98)
VBA32BScope.Trojan.Miner
CylanceUnsafe
ESET-NOD32a variant of Win32/Packed.Themida suspicious
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.Agent!hyf9EGT+sD4
SentinelOnestatic engine – malicious
FortinetW32/Generic_PUA_JA
Ad-AwareGen:Variant.Zusy.280433
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikemalicious_confidence_100% (W)

How to remove Zusy.280433?

Zusy.280433 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment