Malware

Zusy.404797 removal guide

Malware Removal

The Zusy.404797 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Zusy.404797 virus can do?

  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Zusy.404797?


File Info:

name: 172E4CA63A506765F325.mlw
path: /opt/CAPEv2/storage/binaries/cccf9dc6637596d86c06c1ee662a0017acb72be17d353f790cb1b16507403400
crc32: 37D4C1EC
md5: 172e4ca63a506765f325311697f829b3
sha1: 0d8de039846898d692b2b6c4e4643811d9d9329f
sha256: cccf9dc6637596d86c06c1ee662a0017acb72be17d353f790cb1b16507403400
sha512: 4ac6f1cce580110e630b31e3c5792ab53dc429d3182acfd106d2032ba838da3c39e48c0c8ac27755f4dded90fdfd95a0779ed457006d3f1fbdb9d8fb665d0a20
ssdeep: 196608:I8KP7wq1W6HqULS8djZDTaNNeCKVP5ORsgQfz:8P8qU6GOjQoxasPb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14DA6E013BF9911B5D0AA8E39C6789317F7B5FC245B2097CF9241AAAADE323C09D71314
sha3_384: 4bbad1779094c9b66f0bfb661b0d8b0ecb203e76ca84b33eaeec80816551e41474bddc465350f6f6227dcc835fba6cee
ep_bytes: 6a706820144000e8f701000033db538b
timestamp: 2004-08-04 06:02:34

Version Info:

CompanyName: Microsoft Corporation
FileDescription: CTF Loader
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: CTFMON
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: CTFMON.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
OleSelfRegister:
Translation: 0x0409 0x04b0

Zusy.404797 also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.Win32.Olext.A
FireEyeTrojan.Win32.Olext.A
ALYacGen:Variant.Zusy.404797
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
Cybereasonmalicious.63a506
CyrenW32/Olext.C.gen!Eldorado
Elasticmalicious (high confidence)
APEXMalicious
ClamAVWin.Malware.Triusor-9950764-0
KasperskyUDS:Virus.Win32.Lamer.kn
BitDefenderTrojan.Win32.Olext.A
AvastWin32:Malware-gen
EmsisoftTrojan.Win32.Olext.A (B)
DrWebWin32.HLLP.Memery.1
McAfee-GW-EditionBehavesLike.Win32.HWorld.tc
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.SA8H9I
AviraHEUR/AGEN.1227185
ArcabitTrojan.Win32.Olext.A
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!172E4CA63A50
MAXmalware (ai score=83)
MalwarebytesLamer.Virus.FileInfector.DDS
RisingVirus.Memery!1.A0B4 (CLASSIC)
IkarusTrojan.Dropper
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Olext.A
BitDefenderThetaAI:FileInfector.37DCC0A10D
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Zusy.404797?

Zusy.404797 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment