Malware

Zusy.456486 removal guide

Malware Removal

The Zusy.456486 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.456486 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.456486?



File Info:

name: CCBF6756B02A8B1F2102.mlw
path: /opt/CAPEv2/storage/binaries/fc863d53419c083b070296f60c7ce0c4d1f49ada41c4cea7bea1d9c8dbcccbbd
crc32: E9577727
md5: ccbf6756b02a8b1f21025657207fda7c
sha1: 9ff26b793827be2d8c91ad0cbef283e6b1d06cfd
sha256: fc863d53419c083b070296f60c7ce0c4d1f49ada41c4cea7bea1d9c8dbcccbbd
sha512: 76f58b036828ef894e6af4b13038e8ee47fb98c0e2b0e41038e578a017e2ba4fed82ca12bbf4efae23d31d11e85cf95747bbf827d350fff0aa7863a8442e0d9e
ssdeep: 6144:Jmp0yN90QE9lqnRgZqLtCs1CaMBL2A8+C6wCSIq0LEzXiwxWpFA/VQ2EHFi1:xy90hyKZqLt71KBX8+C6w+LEzywA8l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T133B41246E7E88032C9F503B049F613930A3ABCA2A7B9979F27445D4DACB25D5D53233B
sha3_384: 48b849134135e6b2c5fa2049717770b6ce37c615c72e923d06784a73a120f33e23c8a1f56e026f5718677f0a93620cb7
ep_bytes: e803070000e905000000cccccccccc6a
timestamp: 2016-07-16 01:42:10


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.14393.0 (rs1_release.160715-1616)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.14393.0
Translation: 0x0409 0x04b0

Zusy.456486 also known as:

Elasticmalicious (high confidence)
ALYacGen:Variant.Zusy.456486
MalwarebytesGeneric.Malware/Suspicious
K7AntiVirusTrojan ( 0059e4881 )
K7GWTrojan ( 0059e4881 )
CrowdStrikewin/malicious_confidence_60% (D)
CyrenW32/ABRisk.FJMM-2491
ESET-NOD32a variant of MSIL/Disabler.DR
APEXMalicious
ClamAVWin.Packed.Disabler-9997785-0
KasperskyHEUR:Trojan.Win32.Generic
AvastWin32:TrojanX-gen [Trj]
F-SecureHeuristic.HEUR/AGEN.1323756
VIPREGen:Variant.Zusy.456486
TrendMicroTrojanSpy.Win32.REDLINE.YXDDYZ
McAfee-GW-EditionBehavesLike.Win32.AgentTesla.gc
SentinelOneStatic AI – Malicious SFX
GoogleDetected
AviraHEUR/AGEN.1323756
Antiy-AVLTrojan/MSIL.Disabler
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!2B71F4B18AC8
TrendMicro-HouseCallTrojanSpy.Win32.REDLINE.YXDDYZ
RisingTrojan.Kryptik!1.E4D1 (CLASSIC:RPQYZl22FdXVL76orHsHRQ)
IkarusTrojan-Spy.Amedy
FortinetMSIL/Disabler.DR!tr
AVGWin32:TrojanX-gen [Trj]

How to remove Zusy.456486?

Zusy.456486 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment