Malware

Zusy.408400 removal instruction

Malware Removal

The Zusy.408400 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.408400 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Zusy.408400?



File Info:

name: 79C9B1142BFEB86625EF.mlw
path: /opt/CAPEv2/storage/binaries/814f175e982f0abb60a1103855b94906e8ead0663ef5014617916c8b34519318
crc32: 7B8C4D11
md5: 79c9b1142bfeb86625ef22c40c947512
sha1: 68489a78c6a1400a410e464ae010edb4fc9f02e8
sha256: 814f175e982f0abb60a1103855b94906e8ead0663ef5014617916c8b34519318
sha512: f28f7bdb56c0ae952bce521bcafc006c994478896e6d32ce99ac59983bdd7f397d031e1ac3d6863c88328d78f9a57688d8269669fe79a0e1e584a9e768a56c14
ssdeep: 12288:Qh7hS1h1U+hRrWhDRQhV7hlL9HhRkRPjrYxi:QdU1DU+zWfQrjLRMRPjui
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106C45B2D6128C02BE7B27372AE378957906A4D9443BC35DFA2B4DDC18E75AC2B73054E
sha3_384: f4aa35249898b88e73866bb5d66fd38152e3ecf8750a31714ee4c554d9f42c554aaa000b505209643aae80a19ff6e2be
ep_bytes: 558bec6aff68b0c8460068f8a2460064
timestamp: 2021-11-25 22:32:13


Version Info:

FileDescription: initFlash Application
FileVersion: 1.2.6.0
InternalName: initFlash.exe
LegalCopyright: Copyright (C) 1998-2017 LSoft Technologies
OriginalFilename: initFlash.exe
ProductName: initFlas Application
ProductVersion: 1.2.6.0
Translation: 0x0409 0x04b0

Zusy.408400 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.408400
FireEyeGeneric.mg.79c9b1142bfeb866
ALYacGen:Variant.Zusy.408400
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005690671 )
AlibabaTrojan:Win32/Staser.0e7c72ef
K7GWTrojan ( 005690671 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Staser.gen
BitDefenderGen:Variant.Zusy.408400
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:CrypterX-gen [Trj]
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
Ad-AwareGen:Variant.Zusy.408400
EmsisoftGen:Variant.Zusy.408400 (B)
TrendMicroTROJ_GEN.R002C0PKT21
McAfee-GW-EditionBehavesLike.Win32.PUPXAA.hc
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE.13M60MZ
AviraHEUR/AGEN.1142521
MAXmalware (ai score=83)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Zusy.D63B50
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.OR.R453644
McAfeeGenericRXQT-OR!79C9B1142BFE
VBA32Trojan.Staser
MalwarebytesAdware.Agent.SFP.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0PKT21
TencentWin32.Trojan.Zusy.Akpl
YandexTrojan.Staser!abbYq3fab1Q
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HATU!tr
BitDefenderThetaGen:NN.ZexaF.34062.Jy0@a8l1QIgi
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Zusy.408400?

Zusy.408400 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment