How to remove “Zusy.426287”?

The Zusy.426287 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.426287 virus can do?

Unconventionial language used in binary resources: Spanish (Modern)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Zusy.426287?


File Info:
name: E651C248A5B7F1992E45.mlw
path: /opt/CAPEv2/storage/binaries/13577e096f71ec0684a4f2e1d2fff92f49a772b9f71306c6d6d9508da6a6a35d
crc32: D04ACB17
md5: e651c248a5b7f1992e45e511684462f9
sha1: 7a9a4e3f5d71bb696fe7fdd9909c740d4ded343e
sha256: 13577e096f71ec0684a4f2e1d2fff92f49a772b9f71306c6d6d9508da6a6a35d
sha512: 0d2cbe16562a8d7cffc9ffeaf77d9c629884326627d2a1ccd730d30a98ef064aec47c378c9e18d5ba5d2507e2a3f8821a3526ff8459caff0acd5caab9a003ac7
ssdeep: 384:t7rgjRr5StgMjVb2xa/qFqqrzWWsS4+Ww:t7rgj95SWMpbViFq4/4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B6A209029BB00A72C0FA4E3015F34E6B29F2BC241574DA297EAC96CF6E74B905D25767
sha3_384: 1feb8f6a6652237e96613a46cc12e22c0991efe8663fb5e1a9a795937e8af74863a577c30d521fff81ded808a0fd7933
ep_bytes: 60be00a040008dbe0070ffff5783cdff
timestamp: 2004-05-06 23:02:15

Version Info:
Comments: Microsoft
CompanyName: Microsoft
FileDescription: Microsoft
FileVersion: 1, 0, 0, 1
InternalName: Microsoft
LegalCopyright: Copyright © 2004
LegalTrademarks: Debido a que es un Gusano, no creo oportuno rellenar este cuadro. jejeje
OriginalFilename: Microsoft
PrivateBuild: Microsoft
ProductName: Microsoft
ProductVersion: 1, 0, 0, 1
SpecialBuild: Microsoft
Translation: 0x0c0a 0x04b0

Zusy.426287 also known as:

MicroWorld-eScan	Gen:Variant.Zusy.426287
ALYac	Gen:Variant.Zusy.426287
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.8a5b7f
BitDefenderTheta	Gen:NN.ZexaF.34742.bm0@a0Xq@XU
Cyren	W32/SillyP2P.B.gen!Eldorado
Elastic	malicious (high confidence)
BitDefender	Gen:Variant.Zusy.426287
SUPERAntiSpyware	Trojan.Agent/Gen-MSFake[All]
APEX	Malicious
Ad-Aware	Gen:Variant.Zusy.426287
Emsisoft	Gen:Variant.Zusy.426287 (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Trojan.TR/Crypt.ULPM.Gen
McAfee-GW-Edition	Artemis
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.e651c248a5b7f199
Sophos	Generic ML PUA (PUA)
Ikarus	Rootkit.Win32.Agent
GData	Gen:Variant.Zusy.426287
Avira	TR/Crypt.ULPM.Gen
MAX	malware (ai score=87)
Arcabit	Trojan.Zusy.D6812F
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Agent.R287264
McAfee	Artemis!E651C248A5B7
Malwarebytes	Generic.Worm.Agent.DDS
Avast	Win32:Malware-gen
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/SillyP2P.B!tr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Zusy.426287?

Zusy.426287 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X