Malware

Zusy.339143 removal tips

Malware Removal

The Zusy.339143 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.339143 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A potential decoy document was displayed to the user
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Zusy.339143?



File Info:

name: 8F7B2AE36B0F3560BE23.mlw
path: /opt/CAPEv2/storage/binaries/891e6d92d4661422afd9f460f940ce69f1fb5b72688b67ca2296baa8bc3d9d90
crc32: 2F329432
md5: 8f7b2ae36b0f3560be233025835177db
sha1: fea440b36ce9a0d6ecba0e7d930e54ad0aa2da5f
sha256: 891e6d92d4661422afd9f460f940ce69f1fb5b72688b67ca2296baa8bc3d9d90
sha512: 954de3f1fe2e570e7e583ad6db3a8cf10740271921911d7acff17f8b7314d30e85c868d1467344f761e6d457a7353a9eae3451078fe8d3a198ec8c4c8814d26e
ssdeep: 49152:04xat17oBHcOwimtZHt4xat17oBHcOwimtZHt4xat17oBHcOwimtZHt4xat17oBe:0ydYnNydYnNydYnNydYn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C246F116F6F14437D1236EB8DC1F536CA8267E502D34648A3BE82D48AF39781753B29B
sha3_384: 7dcca8a5111727bc347a7e9e0a048e487acbc71502ff7c20ad0be488806c1b2f1520b66f4e002c9640ce85626e951bbe
ep_bytes: 558becb9280000006a006a004975f953
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Adobe Systems Incorporated
FileDescription: Adobe Reader 
FileVersion: 11.0.02.0
LegalCopyright: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
ProductName: Adobe Reader
ProductVersion: 11.0.02.0
OriginalFilename: AcroRd32.exe
Translation: 0x0409 0x04e4

Zusy.339143 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.339143
FireEyeGeneric.mg.8f7b2ae36b0f3560
ALYacGen:Variant.Zusy.339143
CylanceUnsafe
VIPRETrojan.Win32.Injector.ag (v)
K7AntiVirusTrojan ( 0056fa991 )
K7GWTrojan ( 0056fa991 )
Cybereasonmalicious.36b0f3
ESET-NOD32a variant of Win32/Injector.AGIP
APEXMalicious
KasperskyTrojan.Win32.Agent.xosy
BitDefenderGen:Variant.Zusy.339143
NANO-AntivirusTrojan.Win32.Agent.bxpihj
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.11bc1b74
Ad-AwareGen:Variant.Zusy.339143
SophosGeneric ML PUA (PUA)
DrWebTrojan.Inject1.20583
TrendMicroTROJ_INJECTOR_GG310387.UVPM
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Zusy.339143 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.339143
AviraHEUR/AGEN.1126519
Antiy-AVLTrojan/Generic.ASBOL.2E1B
ArcabitTrojan.Zusy.D52CC7
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.R452130
McAfeeGenericR-JZR!8F7B2AE36B0F
MAXmalware (ai score=82)
VBA32BScope.Malware-Cryptor.073
MalwarebytesMalware.AI.4143657371
TrendMicro-HouseCallTROJ_INJECTOR_GG310387.UVPM
RisingTrojan.Generic@ML.94 (RDML:lKw8Z1LsWFhxLpLh2haVxQ)
YandexTrojan.GenAsa!rEgeUpWGMN0
IkarusTrojan.Win32.Agent
eGambitUnsafe.AI_Score_99%
FortinetW32/Injector.REEL!tr
BitDefenderThetaAI:Packer.D0ED8D2015
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Zusy.339143?

Zusy.339143 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment