Malware

Zusy.486100 removal instruction

Malware Removal

The Zusy.486100 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.486100 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Detects Bochs through the presence of a registry key
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.486100?



File Info:

name: 7B05C31760CA23C3BB09.mlw
path: /opt/CAPEv2/storage/binaries/b665b795549e73bc5386e545ee720955156703cc9332ba1b8b8072032541e54b
crc32: AA314FF9
md5: 7b05c31760ca23c3bb095c0049b4e800
sha1: fa696db7892d345ab8947a6ffc0e0c216599da61
sha256: b665b795549e73bc5386e545ee720955156703cc9332ba1b8b8072032541e54b
sha512: ef62261ab175356ebef955f169c58f966f0a8bfc1a4c3ce6a5d764c7d340a32b95d10d2f6b70c984a4b368be9fd3913f889721970c57cd9eb4b81e51f176d068
ssdeep: 49152:qo3HrPjAUCvIj8wLXjS9mauEe2gqjKq+/lCPDvDmeAJMI//B9jztlpLUjEtiyb2u:1XrLUwj8wLXjS9mauEe2gqjKq+/lCPDG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FAC5AE11F141807ACAAB15754DBB773EA62CFA9407054BC3A38CEE394F725D2B93A14E
sha3_384: 7adf4779ff86b40a33488705ff940fed5f9c2312c01affa1ce3e857c72ba5e7f907aec8c2effd27c29099eb9a864bb2f
ep_bytes: 558bec6aff6818a1640068949f460064
timestamp: 2012-07-21 11:55:53


Version Info:

FileVersion: 1.0.0.0
FileDescription: www.lszwg.com
ProductName: 猎杀者
ProductVersion: 1.0.0.0
CompanyName: 猎杀者
LegalCopyright: 猎杀者 版权所有
Comments: 猎杀者
Translation: 0x0804 0x04b0

Zusy.486100 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.486100
FireEyeGeneric.mg.7b05c31760ca23c3
SkyhighBehavesLike.Win32.Generic.vm
ALYacGen:Variant.Zusy.486100
MalwarebytesGeneric.Malware.AI.DDS
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 005246d51 )
K7AntiVirusTrojan ( 005246d51 )
BitDefenderThetaGen:NN.ZexaF.36738.Cs0@aCysyFjb
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
ClamAVWin.Malware.Zusy-6717397-0
BitDefenderGen:Variant.Zusy.486100
AvastWin32:TrojanX-gen [Trj]
EmsisoftGen:Variant.Zusy.486100 (B)
F-SecureTrojan:W32/DelfInject.R
VIPREGen:Variant.Zusy.486100
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.13YMLT9
GoogleDetected
VaristW32/OnlineGames.HH.gen!Eldorado
Antiy-AVLTrojan/Win32.FlyStudio.a
XcitiumWorm.Win32.Dropper.RA@1qraug
ArcabitTrojan.Zusy.D76AD4
MicrosoftTrojan:Win32/Sabsik.RD.A!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R610129
MAXmalware (ai score=80)
Cylanceunsafe
RisingTrojan.Generic@AI.100 (RDML:jM6X2OH1JuLxeAXZHYK9bw)
IkarusTrojan.Rogue
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.PHP!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Zusy.486100?

Zusy.486100 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment