How to remove “Zusy.406017”?

The Zusy.406017 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.406017 virus can do?

Creates RWX memory
Dynamic (imported) function loading detected
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Zusy.406017?


File Info:
name: 676EAFEAAEDB0B24B4A6.mlw
path: /opt/CAPEv2/storage/binaries/ccbb83a5eb8478203225d39303feaadf5ea97bc455ea29539783d99e0bf8dc2a
crc32: 7310A9CE
md5: 676eafeaaedb0b24b4a6c2f7ef72b804
sha1: f73fa5cf8a825175759ad367de6ec475bbb3093d
sha256: ccbb83a5eb8478203225d39303feaadf5ea97bc455ea29539783d99e0bf8dc2a
sha512: d4820724249fdc05231793adbd68b8cee44a1b197daa34c5e3cd5b7452613e761c4217f3d9ee0ec1ec5d4b163f26be49d4b06a8ead1076e7988d68af6528ddd3
ssdeep: 49152:vwuhQOyXyJyKdwG8jSjhY7NT21IEaCtVbEvm5Lb164/PvLOirCnT0373AojFS:v1hMCZdwSesCEa4Vbj16oPvynk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB067C22B244757EC16B1A394837AA549D3FBB713922CC5B9BF018DC8F395813A3E647
sha3_384: 579ff3d482dff4f71378124bbbbb2e93a0630ac5553cc811a05a679d2b0f0688c18b3a400079c85aac276f578e7b34f8
ep_bytes: 558bec83c4f0b87ce37400e8f880cbff
timestamp: 2019-03-19 22:30:21

Version Info:
FileDescription: htryhrthtr
FileVersion: 1.0.0.0
ProductName: htryhrthtr
ProductVersion: 1.0.0.0
ProgramID: com.embarcadero.htryhrthtr
Translation: 0x0409 0x04e4

Zusy.406017 also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Jacard.4!c
MicroWorld-eScan	Gen:Variant.Zusy.406017
FireEye	Gen:Variant.Zusy.406017
ALYac	Gen:Variant.Zusy.406017
Cylance	Unsafe
Zillya	Downloader.Delf.Win32.58888
Sangfor	PUP.Win32.Ursu.410239
K7AntiVirus	Trojan-Downloader ( 0054a90c1 )
Alibaba	TrojanDownloader:Win32/MalwareX.83914266
K7GW	Trojan-Downloader ( 0054a90c1 )
Cybereason	malicious.f8a825
BitDefenderTheta	Gen:NN.ZelphiF.34294.XV0@a8RCOzai
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDownloader.Delf.CRM
BitDefender	Gen:Variant.Zusy.406017
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Gen:Variant.Zusy.406017
Sophos	Mal/Generic-S
Comodo	Malware@#27na3o5fbykq0
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wh
Emsisoft	Gen:Variant.Zusy.406017 (B)
APEX	Malicious
MaxSecure	Trojan.Malware.74218565.susgen
Avira	HEUR/AGEN.1133140
Antiy-AVL	Trojan/Generic.ASMalwS.2AF8B6B
Microsoft	Trojan:Win32/Occamy.AA
GData	Gen:Variant.Zusy.406017
Cynet	Malicious (score: 99)
McAfee	Artemis!676EAFEAAEDB
MAX	malware (ai score=100)
VBA32	TScope.Trojan.Delf
Yandex	Trojan.DL.Delf!qs7uR7O+Uws
Ikarus	Trojan-Downloader.Win32.Delf
Fortinet	W32/Delf.CRM!tr.dldr
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A

How to remove Zusy.406017?

Zusy.406017 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X