How to remove “Zusy.523920”?

The Zusy.523920 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.523920 virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.523920?


File Info:
name: 51C06D386C362E0D1B11.mlw
path: /opt/CAPEv2/storage/binaries/865dc04bfca722b3a712eed112a3173fa2c42b3278726f3dfb7e6cd11fba93ea
crc32: EB22F8ED
md5: 51c06d386c362e0d1b118582bb3051ae
sha1: f82d29f7dc91bef1a88cde594bdb267c64a3753f
sha256: 865dc04bfca722b3a712eed112a3173fa2c42b3278726f3dfb7e6cd11fba93ea
sha512: 93b9826b6838bf683acf6e761ca570189717b4c86c9973b3c193e16f87584d32f6dcc54a0b05d1a0ac59698c2c53f88c2c1971bf4259bcc18f58645412348b0f
ssdeep: 24576:yd7nOW0KFFjkNQY8CPxTek1+XhJmES89EQCLESapRX:yead3ITNQJtd6YpR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F854B23E321E023D20901B056B9673A7970A379696ACE43E7D5CEBCAC345D1A76731F
sha3_384: 0fba59c8d53e34d54af38bc7e95caee8fa49b14e952ccacaee1cacb576c26f30e32d80920d6ede9eee8d7034959aec81
ep_bytes: 558bec6aff687804560068e8f9500064
timestamp: 2013-04-17 10:01:43

Version Info:
0: [No Data]

Zusy.523920 also known as:

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Zusy.523920
CAT-QuickHeal	Trojan.Generic.2919
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_70% (D)
Arcabit	Trojan.Zusy.D7FE90
BitDefenderTheta	Gen:NN.ZexaF.36792.UrZ@a0eeKyi
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/FlyStudio.HackTool.A potentially unwanted
Cynet	Malicious (score: 100)
BitDefender	Gen:Variant.Zusy.523920
Emsisoft	Gen:Variant.Zusy.523920 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.51c06d386c362e0d
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Win32.FlyStudio.a
Xcitium	Application.Win32.HackTool.FlyStudio.DA@5kuvmo
GData	Win32.Trojan.PSE.18X8GXE
Varist	W32/Trojan.CLL.gen!Eldorado
Cylance	unsafe
Rising	Trojan.Generic@AI.96 (RDML:BtmCEyNW2OwTiVuVE95hYA)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/FlyApplication
Cybereason	malicious.7dc91b
DeepInstinct	MALICIOUS

How to remove Zusy.523920?

Zusy.523920 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X