Malware

Zusy.90419 removal instruction

Malware Removal

The Zusy.90419 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.90419 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Zusy.90419?



File Info:

name: C2171C9A52D62770D742.mlw
path: /opt/CAPEv2/storage/binaries/51fe1c7da159384268ecfe9ac5927b42d9b79db6437aa097b726bf2e60e3bdef
crc32: 3EBC0237
md5: c2171c9a52d62770d742c4fd0508a3f0
sha1: 8cea7104d055c47a4e632f0ea58611e9ec65c107
sha256: 51fe1c7da159384268ecfe9ac5927b42d9b79db6437aa097b726bf2e60e3bdef
sha512: 56c9659c05265fdf1acfc93d47617b39d74ac1c6c0a5b602a8ff80b04d9fc7e0e09a820d90a807f9b83f6352d152e84f76eb1cb12e9bf3f7e02cafd3b6178009
ssdeep: 6144:qf6grhEnToInHVkhcnA4UDlxdNsl5xVHtPLBhTpEHA4:m6gdEnTPm6AZN2vVRl7i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T101740869F8C1A763CC4692F9CBB597A18E2308655F056CB792D03ACD06201F612FFDDA
sha3_384: 4b1e42fcd7524f190dd866d87ca8fa35eae079c1d26b17018500d1e05ea8c5009a28275b0ead119320a4686a6e9e35b7
ep_bytes: 558bec81ec940100005657c785e8feff
timestamp: 2014-03-31 05:19:38


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Update Vista Web Control
FileVersion: 7.5.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: wuwebv.dll
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: wuwebv.dll
ProductName: Microsoft® Windows® Operating System
ProductVersion: 7.5.7601.17514
Translation: 0x0000 0x04b0

Zusy.90419 also known as:

LionicTrojan.Win32.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.90419
FireEyeGeneric.mg.c2171c9a52d62770
SkyhighBehavesLike.Win32.RedLineStealer.fh
ALYacGen:Variant.Zusy.90419
ZillyaTrojan.Kryptik.Win32.571114
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojan:Win32/Ramdo.5d505ce6
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Zusy.D16133
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.BYOO
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.90419
NANO-AntivirusTrojan.Win32.Inject.cxddhy
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.1184fe46
TACHYONTrojan/W32.Ramdo.356352
EmsisoftGen:Variant.Zusy.90419 (B)
F-SecureHeuristic.HEUR/AGEN.1324706
DrWebTrojan.Inject2.300
VIPREGen:Variant.Zusy.90419
TrendMicroTROJ_RAMDO.SM1
SophosMal/Generic-S
IkarusTrojan.Win32.Ramdo
WebrootTrojan.Dropper.Gen
GoogleDetected
AviraHEUR/AGEN.1324706
Antiy-AVLTrojan/Win32.AGeneric
Kingsoftmalware.kb.a.999
XcitiumMalware@#snbwuii1zrev
MicrosoftTrojan:Win32/Ramdo.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.90419
AhnLab-V3Trojan/Win32.Ramdo.R105484
McAfeeTrojan-FEAY!C2171C9A52D6
MAXmalware (ai score=100)
VBA32SScope.Trojan.Zbot.gen
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_RAMDO.SM1
RisingTrojan.Ramdo!8.66E (TFE:3:Bnj0rMJQIH)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Generic.BYYR!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Zusy.90419?

Zusy.90419 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment