Zusy.487797 information

The Zusy.487797 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.487797 virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid
CAPE detected the shellcode get eip malware family
Yara detections observed in process dumps, payloads or dropped files

How to determine Zusy.487797?


File Info:
name: A642F54DAC891BD9BD6E.mlw
path: /opt/CAPEv2/storage/binaries/6c5cc1ff4dbb751d8ca211effbc90a4fbd5b62b435a2cf624dc3e762ee545234
crc32: EE5AA3D9
md5: a642f54dac891bd9bd6e512d69a99dc5
sha1: 1e0052b36d7ea74c2a36a2a046196ba0da8a6941
sha256: 6c5cc1ff4dbb751d8ca211effbc90a4fbd5b62b435a2cf624dc3e762ee545234
sha512: 8d3ea065b63481a54dc8a64ea94aecb3faeaf22d73351573924d3e2cdcb596f86eb473ab7a062f9c9da239737502128b3d2047e3d4c2b2f180abf0d774a32059
ssdeep: 24576:YWjkLX0h3tm7UEdIaoyFcZ7l58A91tBZw86QdoCKm7UE33+v6Z4DsolS2r:OCtmFdcZx58A9vwVQNKmv+iIzS
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T17595C00DC14A9C23C1B593322DA47739349EE3B2C0FA238E3FF8157961F266B95D8566
sha3_384: 0f3ef3fbb65a84f76b1ac2b2b43ea8b2cd93614352133361c978bc38c2fb183b2ca2dcaff8359ba5024451dd919aefd9
ep_bytes: 8bff558bec837d0c017505e80f500100
timestamp: 2012-11-07 22:44:05

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft® InfoTech IR Local DLL
FileVersion: 5.70.51021.0
InternalName: ITIRCL55
LegalCopyright: Copyright © Microsoft Corp. 
OriginalFilename: ITIRCL55.DLL
ProductName: Microsoft ® Infotech Technology Library
ProductVersion: 5.70.51021.0
Translation: 0x0409 0x04b0

Zusy.487797 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.487797
FireEye	Gen:Variant.Zusy.487797
Skyhigh	BehavesLike.Win32.BadFile.th
McAfee	Artemis!A642F54DAC89
Cylance	unsafe
Zillya	Trojan.Patched.Win32.167773
K7GW	Trojan ( 005ab4bf1 )
K7AntiVirus	Trojan ( 005ab4bf1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Patched.NKM
APEX	Malicious
Kaspersky	Virus.Win32.Senoval.a
BitDefender	Gen:Variant.Zusy.487797
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:Patched-AWX [Trj]
Tencent	Trojan.Win32.Pathced_ya.16001052
Emsisoft	Gen:Variant.Zusy.487797 (B)
F-Secure	Trojan.TR/Patched.Gen
DrWeb	Win32.Beetle.3
VIPRE	Gen:Variant.Zusy.487797
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Patched
Google	Detected
Avira	TR/Patched.Gen
Varist	W32/Patched.GQ1.gen!Eldorado
Microsoft	Virus:Win32/Senoval.HNS!MTB
Arcabit	Trojan.Zusy.D77175
ZoneAlarm	Virus.Win32.Senoval.a
GData	Gen:Variant.Zusy.487797
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.R605977
VBA32	BScope.TrojanDownloader.Emotet
ALYac	Gen:Variant.Zusy.487797
MAX	malware (ai score=84)
Panda	Trj/Genetic.gen
Rising	Trojan.Generic@AI.100 (RDML:hkZ2UE+Muw2vRaO7DDApvA)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Patched.IP!tr
AVG	Win32:Patched-AWX [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Virus:Win/Senoval.HTK2XJC

How to remove Zusy.487797?

Zusy.487797 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X