Remove Zusy Trojan (Removal Instructions)
THREAT REMOVAL

Remove Zusy Trojan (Removal Instructions)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Zusy Trojan and other threats.
Threats such as Zusy Trojan may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created to help explain what is the Zusy Trojan and how to remove it from your computer effectively.

A new Trojan horse has been detected to spread at an alarming rate that surpasses even the WannaCry infection. The malware, called Zusy has been detected to replicate via a worm and then drop what appears to be a cryptocurrency miner, known as Tiggre (other name is Digmein), which aims to overload the CPU and GPU of the affected computers in order to obtain tokens at their expense and credit them to the cyber-crooks behind this outbreak. In case your computer has been infected by the Zeus Trojan, we recommend that you read this article as it will help you remove this malware and restore your PC’s performance to normal.

Threat Summary

Name Zusy Trojan
Type Trojan Horse / Worm
Short Description An advanced worm, spreading the Zusy Trojan which downloads different malware on infected computers.
Symptoms All of your data on your computer may be compromised and your PC may experience slow-downs and have it’s CPU and GPU running on their limits.
Distribution Method Replicates automatically from infected machines to infected machines. Able to migrate to different networks.
Detection Tool See If Your System Has Been Affected by Zusy Trojan

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss Zusy Trojan.

Zusy Virus – Distribution

In order to be widespread on a serious level, the Zusy Virus uses a worm infection, which has been reported at VirusTotal and uploaded on Twitter by researcher Vess (@VessOnSecurity ).

Source: VirusTotal

The Zusy malware may use advanced exploits since researchers have reported it in VT as being highly evasive. One report by PayloadSecurity indicateds the following replication URLs in relation to the Zusy virus:

PayloadSecurity

2018-08-14
#evasive

submitname:”ca71f8a79f8ed255bf03679504813c6a.dll.bin”
falcon-threatscore:100/100
memurl:”Heuristic match: down.0814ok.info,Pattern match: hxxp://js.0814ok.info:280/v.sct match: hxxp://wmi.0814ok.info:8888/kill.html;http,Pattern match: hxxp://js.0814ok.info:280/v.sct”

In addition to this, the malware may also have the capability of hijacking flash drives and other external memory carriers that copy scripts that allow for the infection to take place by exploiting AutoPlay in Windows.

Zusy Trojan – Analysis

The Zusy Trojan is the type of threat which aims to drop it’s payloaad files. The payload fils have random names and are also located in folders with random names. The folders are created in the %AppData% directory:

→ %AppData%\{random}\{random file}.exe – also detected as TSPY_ZBOT.ZUSY
%AppData%\{random}\{random file 2}.{random extension}
%AppData%\{random}\{random file 3}.tmp

Once this is done, the Zusy virus then creates an autostart type of registry entry in the following registry sub-key:

→ HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run

The entry is set to run the randomly named .exe file, we mentioned above. Besides these modifications, the Trojan also adds registry entries in the following Windows sub-keys:

→ HKEY_CURRENT_USER\Software\Microsoft\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfile\AuthorizedApplications\
List %Windows%\explorer.exe = “%Windows%\explorer.exe:*:Enabled:Windows Explorer”

→ HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
WarnonBadCertRecving = “0”

→ HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
EnableSPDY3_0 = “0”

The malware then connects to what appears to be the following malcious URLs:

→ hxxp://js.0814ok.info:280/v.sct match: hxxp://wmi.0814ok.info:8888/kill.html;http, hxxp://js.0814ok.info:280/v.sct

From there it may download a CryptoCurrency miner virus, known as the Tiggre miner (W32/Tiggre), which aslo drops malicious files in the %AppData% directory and begins connecting to a remote server in order to begin mining for cryptocurrencies by utilizing your CPU and GPU to almost a 100%, which results in your PC starting to slow down at an alarming rate.

In addition to this, since it’s also a spyware, the Zusy Trojan may also use it’s tracking technologies to steal different type of information from your PC, based on how the virus is configured. The types of data can be the following:

  • Log your keystrokes.
  • Steal saved passwords.
  • Obtain files from your PC.
  • Take over your communication logs (Chat history, etc.).
  • Take screenshots.
  • Control your web camera.

Furthermore, the Zusy virus may also delete its main malicious file after infecting your computer and continue to spread on another PC’s on a network level of replication (via intermediary and end devices, like routers, switches, etc.). This is done for malware researchers to prevent discovering the infection and hence creating a kill switch of it.

Remove Zusy Trojan from Your PC

If you want to remove the Zusy Trojan completely from your computer, your can do several different actions that isolate it’s activity. The first one is to boot your comptuer into safe mode and then hunt for the registry sub-keys and objects of the virus manually. This can be done by following the manual removal instructions underneath this article.

However, if manual removal does not seem to be working for you or you want to be fully sure that the Zusy virus and all the related miner viruses it drops on your PC are gone for good, be advised that the recommended removal method to go for is automatic removal by scanning your PC with a powerful anti-malware program. Such tool is created to best help you out to remove all of the objects, related to Zusy virus on your PC.

Note! Your computer system may be affected by Zusy Trojan and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Zusy Trojan.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Zusy Trojan follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Zusy Trojan files and objects
2. Find files created by Zusy Trojan on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...