Malware

Zusy.406384 removal instruction

Malware Removal

The Zusy.406384 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.406384 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Zusy.406384?



File Info:

name: 9CF90837519B9D1CBB59.mlw
path: /opt/CAPEv2/storage/binaries/96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63
crc32: 4EFD2A10
md5: 9cf90837519b9d1cbb593ea059e3e470
sha1: e08ad2511bfbf39a114f93c6c9feae48b772cb7d
sha256: 96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63
sha512: 4f14d4f9ad67026e18d542fe4dbf0041bde5add030e10dd1982a03742b41e111c6862dd8c3f1bba567f5e379fb7f74e3f5266f8bd54cfa9965b6ab510c1761a2
ssdeep: 12288:7p5f9Bm+vQMf8MUF5baHjIjH1d/KqDYF3cmQpd82FiVS7YtzKMiHxJa:7F0+vQMTUvbJiVSE9UR8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T108D4BF32ACE02C12E3C8CAB1597F9D56CBDC3CBFB789316B11543A1522F67817AA7509
sha3_384: f6bef9ff31c0fe414018a9d3711b81421172055f714d4958d3b5c4ad6959ed4f4412a142baa7620a55ece84ba671bc52
ep_bytes: 558bec6aff68687d400068b05b400064
timestamp: 2014-10-03 13:32:52


Version Info:

Comments: 
CompanyName: 
FileDescription: Setup/Uninstall
FileVersion: 51.52.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 
ProductVersion: 
SpecialBuild: 
Translation: 0x0804 0x04b0

Zusy.406384 also known as:

LionicTrojan.Win32.Farfli.m!c
DrWebTrojan.MulDrop5.43520
MicroWorld-eScanGen:Variant.Zusy.406384
FireEyeGeneric.mg.9cf90837519b9d1c
ALYacGen:Variant.Zusy.406384
MalwarebytesMalware.AI.1305547685
ZillyaTrojan.Injector.Win32.1057491
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 0052cdd61 )
AlibabaBackdoor:Win32/Farfli.1c0e6601
K7GWTrojan ( 0052cdd61 )
Cybereasonmalicious.7519b9
BitDefenderThetaGen:NN.ZexaCO.34592.Kq0@aq6fzcdb
CyrenW32/Dropper.gen8!Maximus
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.BSDI
APEXMalicious
TrendMicro-HouseCallBKDR_GHOST.EJQA
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Farfli.hkq
BitDefenderGen:Variant.Zusy.406384
NANO-AntivirusTrojan.Win32.Drop.dmivzf
AvastWin32:Malware-gen
TencentWin32.Backdoor.Farfli.Hytt
Ad-AwareGen:Variant.Zusy.406384
EmsisoftGen:Variant.Zusy.406384 (B)
ComodoMalware@#2082ke0hfoucn
VIPREGen:Variant.Zusy.406384
TrendMicroBKDR_GHOST.EJQA
McAfee-GW-EditionPWSZbot-FAJW!9CF90837519B
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Farfli.flq
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/AD.Farfli.lzrbp
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.26E9
KingsoftWin32.Hack.Farfli.h.(kcloud)
MicrosoftBackdoor:Win32/Zegost!ml
ViRobotTrojan.Win32.Z.Farfli.602112.D
GDataGen:Variant.Zusy.406384
CynetMalicious (score: 99)
McAfeePWSZbot-FAJW!9CF90837519B
VBA32BScope.Trojan.Keyloggerger
CylanceUnsafe
RisingTrojan.Generic@AI.86 (RDML:/EWWhyqQuDrYwKFyKUeM7A)
YandexBackdoor.Farfli!bD4iP+hapBY
IkarusBackdoor.Farfli
MaxSecureTrojan.Malware.7836666.susgen
FortinetW32/Farfli.HKQ!tr.bdr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Zusy.406384?

Zusy.406384 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment