Malware

Zusy.297198 (B) information

Malware Removal

The Zusy.297198 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.297198 (B) virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Mimics icon used for popular non-executable file format
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Zusy.297198 (B)?



File Info:

name: 30280CD865865AF24111.mlw
path: /opt/CAPEv2/storage/binaries/4a1e027196e230ae560f340272070a5ab6341625432b7768bdf56aa93edc075f
crc32: 5F2B1E2D
md5: 30280cd865865af241118fbaa5a927b9
sha1: f693777fb0a6cd6ac427ba02124083df0b5f9f8a
sha256: 4a1e027196e230ae560f340272070a5ab6341625432b7768bdf56aa93edc075f
sha512: 79e7f41b54ac59dd92f5d9ceca1c0c143dff7aabce84cc6a27cbd19f5c0a41733ec4e835ed14943f0cb6d209609694fab708452b5feb3618f60d41ad2958cd12
ssdeep: 24576:cfRxrn39tfNuzXk7bcJjiwSp3N94+jLZmP:cTr39tfNuzXk7bDB99r3ZmP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D05F141B98081B2D0D528314D6A8B621D763E365BDA7EC332D83B597C32DC1E7397AB
sha3_384: c5c234c4e0696492313abc82f47f8a305d815c7cc742cc1e8a8abf66dc6114b03bc817b9403b7d84ff27da80180ff550
ep_bytes: e883380000e989feffff8bff558bec5d
timestamp: 2004-08-28 04:52:31


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Word
FileVersion: 14.0.6024.1000
InternalName: WinWord
LegalCopyright: © 2010 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: WinWord.exe
ProductName: Microsoft Office 2010
ProductVersion: 14.0.6024.1000
Translation: 0x0000 0x04e4

Zusy.297198 (B) also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.297198
FireEyeGeneric.mg.30280cd865865af2
CAT-QuickHealTrojan.MauvaiseRI.S5242768
SkyhighBehavesLike.Win32.Generic.cc
McAfeeGenericRXGG-WK!30280CD86586
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Generic.Win32.910146
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00559e8c1 )
K7GWTrojan ( 004e144e1 )
BitDefenderThetaAI:Packer.2B44913F1F
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDropper.Agent.RHG
APEXMalicious
TrendMicro-HouseCallTrojan.Win32.SALGOREA.SMLV
ClamAVWin.Malware.Zusy-9764479-0
KasperskyTrojan.Win32.Agentb.jqsb
BitDefenderGen:Variant.Zusy.297198
AvastWin32:Agent-AYZG [Cryp]
TencentMalware.Win32.Gencirc.10b2a65f
EmsisoftGen:Variant.Zusy.297198 (B)
F-SecureHeuristic.HEUR/AGEN.1312668
DrWebTrojan.MulDrop10.21631
VIPREGen:Variant.Zusy.297198
TrendMicroTrojan.Win32.SALGOREA.SMLV
Trapminemalicious.high.ml.score
SophosTroj/AutoG-CN
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=80)
JiangminTrojan.Agentb.fna
GoogleDetected
AviraHEUR/AGEN.1312668
VaristW32/Salgorea.F.gen!Eldorado
Antiy-AVLRiskWare[RiskTool]/Win32.Agent
Kingsoftmalware.kb.a.1000
MicrosoftTrojanDropper:Win32/Salgorea.AI!MTB
XcitiumTrojWare.Win32.Salgorea.RPR@7tcxjx
ArcabitTrojan.Zusy.D488EE
ZoneAlarmTrojan.Win32.Agentb.jqsb
GDataGen:Variant.Zusy.297198
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R285011
VBA32BScope.TrojanDropper.Agent
ALYacGen:Variant.Zusy.297198
TACHYONTrojan/W32.Agent.827904.BY
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.[OceanLotus]Salgorea!1.BAEC (CLASSIC)
YandexTrojan.GenAsa!8lJMSROYbEs
IkarusTrojan.Win32.Salgorea
FortinetW32/Agent.YLR!tr
AVGWin32:Agent-AYZG [Cryp]
DeepInstinctMALICIOUS
alibabacloudTrojan[dropper]:Win/Zusy.a218cad0

How to remove Zusy.297198 (B)?

Zusy.297198 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment