Malware

Zusy.348814 removal guide

Malware Removal

The Zusy.348814 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.348814 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

discord.com
fanosethiopiatours.com

How to determine Zusy.348814?



File Info:

crc32: 50FC080B
md5: 45e25807fc1bd31a0b8309c44afce6e4
name: 45E25807FC1BD31A0B8309C44AFCE6E4.mlw
sha1: f070047f9df99461c951f3973e3bf3e468a96a31
sha256: 344ca08fa2fdb87931ceb1e336019231bfba189458be0d3fa5016b5895d96cc6
sha512: 4d435ee7ca5a983b628294815bb64b5b58abbed67724da35bc5ad3cf88cc337375d529db1882d27c20599413d566bfa841b9275833a2c925c72669cbbc8be14f
ssdeep: 24576:3RVtvQ+csIDccuZGhe1ppCmfwybRk8zQKtALblKCeNRbO+v:3R/ovVcOM1pJwYrzQ0t
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Zusy.348814 also known as:

ClamAVWin.Packed.Bulz-9800737-0
McAfeeFareit-FZO!45E25807FC1B
CylanceUnsafe
AegisLabTrojan.Win32.Injects.4!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Zusy.348814
K7GWRiskware ( 0040eff71 )
ArcabitTrojan.Zusy.D5528E
CyrenW32/Trojan.OJMY-3173
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:RATX-gen [Trj]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Injects.gen
AlibabaTrojanDownloader:Win32/Injects.37e37997
MicroWorld-eScanGen:Variant.Zusy.348814
RisingDownloader.Delf!8.16F (TFE:2:23m1oTwB2LE)
Ad-AwareGen:Variant.Zusy.348814
EmsisoftGen:Variant.Zusy.348814 (B)
F-SecureTrojan.TR/Dldr.Delf.uuodj
DrWebTrojan.Siggen11.49048
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.FAREIT.THKBGBO
McAfee-GW-EditionFareit-FZO!45E25807FC1B
FireEyeGeneric.mg.45e25807fc1bd31a
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Delf
WebrootW32.Trojan.Gen
AviraTR/Dldr.Delf.uuodj
Antiy-AVLTrojan[Downloader]/Win32.Delf
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftTrojan.Win32.Downloader.oa!s1
MicrosoftPWS:Win32/Fareit!ml
ZoneAlarmHEUR:Trojan.Win32.Injects.gen
GDataWin32.Trojan.PSE.1B41I5P
AhnLab-V3Trojan/Win32.Fareit.C4247061
ALYacGen:Variant.Zusy.348814
MAXmalware (ai score=84)
VBA32Malware-Cryptor.Limpopo
MalwarebytesTrojan.MalPack.SMY.Generic
PandaTrj/GdSda.A
ESET-NOD32Win32/TrojanDownloader.Delf.DCD
TrendMicro-HouseCallTrojanSpy.Win32.FAREIT.THKBGBO
YandexTrojan.Igent.bUSaCk.66
SentinelOneStatic AI – Suspicious PE
eGambitPE.Heur.InvalidSig
FortinetW32/Delf.DCD!tr.dldr
BitDefenderThetaGen:NN.ZelphiF.34658.kHY@amJ@kopi
AVGWin32:RATX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.ae8

How to remove Zusy.348814?

Zusy.348814 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment