Malware

Zusy.297198 malicious file

Malware Removal

The Zusy.297198 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.297198 virus can do?

  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • A potential decoy document was displayed to the user
  • Network activity detected but not expressed in API logs
  • Mimics icon used for popular non-executable file format
  • Creates a slightly modified copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Zusy.297198?



File Info:

crc32: A21D6407
md5: 92d37a9e7c064ddf8fe3ae560e58c32a
name: 92D37A9E7C064DDF8FE3AE560E58C32A.mlw
sha1: c20183e025732d462dcb99d50eb1ba7e4b74e8f9
sha256: 7b7d79ce222e4e22633dd701421298672941e2f69e93553d7340136d3c3ff6de
sha512: cf92d5970995a838395774619741d0f104614e07c47ad41d16bb5817ee9383cd3214e2bcd8d45fc25d0cb59a453f135eb884fe2d7b0b7d68fe0e36d726e119cf
ssdeep: 12288:4fdzTyHgez9WbdROWOT8ZjGTcSqojAvVOish62lUNYez2Rm/KJLZmY:4fxg9WbdROWOT8ZGmoGVtsh+iRNLZmY
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 2010 Microsoft Corporation.  All rights reserved.
InternalName: WinWord
FileVersion: 14.0.6024.1000
CompanyName: Microsoft Corporation
LegalTrademarks1: Microsoftxae is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windowsxae is a registered trademark of Microsoft Corporation.
ProductName: Microsoft Office 2010
ProductVersion: 14.0.6024.1000
FileDescription: Microsoft Word
OriginalFilename: WinWord.exe
Translation: 0x0000 0x04e4

Zusy.297198 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop10.21631
MicroWorld-eScanGen:Variant.Zusy.297198
FireEyeGeneric.mg.92d37a9e7c064ddf
McAfeeGenericR-DZQ!92D37A9E7C06
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 00559e8c1 )
BitDefenderGen:Variant.Zusy.297198
K7GWTrojan ( 00559e8c1 )
Cybereasonmalicious.e7c064
TrendMicroTrojan.Win32.SALGOREA.SMLV
BitDefenderThetaAI:Packer.4B06279B1F
CyrenW32/Salgorea.F.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Malware.Zusy-9764479-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/Salgorea.0f6df43b
Ad-AwareGen:Variant.Zusy.297198
SophosMal/Generic-S
ComodoTrojWare.Win32.Salgorea.RPR@7tcxjx
F-SecureHeuristic.HEUR/AGEN.1117312
InvinceaMal/Generic-S
EmsisoftGen:Variant.Zusy.297198 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Agent.bytf
AviraHEUR/AGEN.1117312
MAXmalware (ai score=85)
Antiy-AVLTrojan[Dropper]/Win32.Agent
MicrosoftTrojan:Win32/Salgorea.C!dha
ArcabitTrojan.Zusy.D488EE
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.297198
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Generic.C1871950
Acronissuspicious
VBA32BScope.Trojan.Salgorea
ALYacGen:Variant.Zusy.297198
ESET-NOD32a variant of Win32/Salgorea.X
TrendMicro-HouseCallTrojan.Win32.SALGOREA.SMLV
TencentWin32.Trojan.Generic.Hufj
YandexTrojan.GenAsa!8lJMSROYbEs
IkarusTrojan-Dropper.Win32.Agent
eGambitUnsafe.AI_Score_99%
FortinetW32/Salgorea.X!tr
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Generic/HEUR/QVM20.1.58A7.Malware.Gen

How to remove Zusy.297198?

Zusy.297198 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment