Home Malware Programs Trojans Zusy

Zusy

Posted: April 17, 2014

Threat Metric

Ranking: 7,336
Threat Level: 8/10
Infected PCs: 89,801
First Seen: March 12, 2012
Last Seen: March 8, 2025
OS(es) Affected: Windows


Zusy is a Trojan that propagates via Facebook messages by hijacking accounts. Zusy circulates by sending a message to a victimized computer user and masquerading as one of their friends with the term 'LOL' accompanied by a file coming up to be downloaded which seems to be a photo called 'IMG_xxxx.zip'. The file, once downloaded, is unzipped by the PC user who clicks on it thinking it to be an image file called 'IMG_xxxx.jar'. The JAR part of the file executes, downloading a malware threat called Zusy and, thus, infecting the targeted computer system. The affected PC user's Facebook account is hijacked and then it is used to spread more malware threats to friends of the computer user.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Zusy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\csrss\mrt.exe\file.exe File name: file.exe
Size: 1.48 MB (1484800 bytes)
MD5: 2262802fadaf196687d35cd787092b14
Detection count: 13,127
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\csrss\mrt.exe
Group: Malware file
Last Updated: January 25, 2024
C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\cg5cfc41.1xb.exe File name: cg5cfc41.1xb.exe
Size: 1.59 MB (1598464 bytes)
MD5: 023bff6a86e955e2126e12eda4a460d3
Detection count: 12,493
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\system32\config\systemprofile\AppData\Roaming\CRMSvc\cg5cfc41.1xb.exe
Group: Malware file
Last Updated: December 28, 2021
f2ac4e54c29576e9894a7f08cd6d053c663b06125e59c43d37e260e3ed29e6b7.exe File name: f2ac4e54c29576e9894a7f08cd6d053c663b06125e59c43d37e260e3ed29e6b7.exe
Size: 417.79 KB (417792 bytes)
MD5: a0daa552d734eccc930316764c4d9b22
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
ef8930de7dc3e9f8e3206d648352aa4e57a32894fb991dfb1b06b979c3e3678e.exe File name: ef8930de7dc3e9f8e3206d648352aa4e57a32894fb991dfb1b06b979c3e3678e.exe
Size: 401.4 KB (401408 bytes)
MD5: da55be72c4f42bd350057830aaf91e84
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
ea8881629dc023155dfe5104ddbbb42a60a83f0ff97599a208326ef592ffffac.exe File name: ea8881629dc023155dfe5104ddbbb42a60a83f0ff97599a208326ef592ffffac.exe
Size: 425.98 KB (425984 bytes)
MD5: d026b3052efb8fe5d316700717de420b
Detection count: 51
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
e3b58dbc997989d62675d5f97ffbd6e7156d0926252a945b9f0ddcdfd9264dc3.exe File name: e3b58dbc997989d62675d5f97ffbd6e7156d0926252a945b9f0ddcdfd9264dc3.exe
Size: 401.4 KB (401408 bytes)
MD5: 5b3bfe33fe048f2ea40a1f5197e0bce2
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
d882fbf51100fccc2dd704e46c61dcde356bb36bad4009e04e7d2f9b254aac87.exe File name: d882fbf51100fccc2dd704e46c61dcde356bb36bad4009e04e7d2f9b254aac87.exe
Size: 475.13 KB (475136 bytes)
MD5: 79528cef9a20296ed5706ea42db00c8b
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
d6fbe6df86ab23bfb86cccd544d8ad300f639dd1e99f3faeab42ea7d0bf82823.exe File name: d6fbe6df86ab23bfb86cccd544d8ad300f639dd1e99f3faeab42ea7d0bf82823.exe
Size: 405.5 KB (405504 bytes)
MD5: 5d9f0225b6958d337d4c55b199997e59
Detection count: 45
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
d32e390b887f8065da344a04689eb7518b686d23da1a9f1477c4c5570cebf88a.exe File name: d32e390b887f8065da344a04689eb7518b686d23da1a9f1477c4c5570cebf88a.exe
Size: 462.84 KB (462848 bytes)
MD5: da5bf02e175b90f26bf6eb1b9431b7c2
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
c70e4afb9935441db9d2cf65fbbbe9d487e88eaff063ca088760dd7afe04b35e.exe File name: c70e4afb9935441db9d2cf65fbbbe9d487e88eaff063ca088760dd7afe04b35e.exe
Size: 413.69 KB (413696 bytes)
MD5: 4b45c4f390fdf1144c88c091f3b6a626
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
b924290cb12ee43e5f97d16a7a6107784a709873256869134b4d06d8f4816b08.exe File name: b924290cb12ee43e5f97d16a7a6107784a709873256869134b4d06d8f4816b08.exe
Size: 413.69 KB (413696 bytes)
MD5: 3552a427bea15a9e4fb636d2d2cea227
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
af77910fbd3108d0d2fe48e3a356471ba95c2ccb61c252026c504659a8758164.exe File name: af77910fbd3108d0d2fe48e3a356471ba95c2ccb61c252026c504659a8758164.exe
Size: 401.4 KB (401408 bytes)
MD5: 51c5b293c033e0b01cdebe2e5ef213fc
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
ae3b7cbdfca4f51e5c62def7249915e7364fadbb78ee67625906ccbcaa24f980.exe File name: ae3b7cbdfca4f51e5c62def7249915e7364fadbb78ee67625906ccbcaa24f980.exe
Size: 466.94 KB (466944 bytes)
MD5: f22635ae617bc8d61f8c998f7f7cb7b0
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
9fe1ede8c8cc0f7d2041af58d6f8d8512e03ac3f3f278b69e231e94681b27145.exe File name: 9fe1ede8c8cc0f7d2041af58d6f8d8512e03ac3f3f278b69e231e94681b27145.exe
Size: 409.6 KB (409600 bytes)
MD5: fe1547d1212ef51e0f76d7cc724e0581
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
927d7beb77c61a297d3dde909aa5732ea79309cf5a9c48f04f67fbff564ffbc3.exe File name: 927d7beb77c61a297d3dde909aa5732ea79309cf5a9c48f04f67fbff564ffbc3.exe
Size: 401.4 KB (401408 bytes)
MD5: 70cd85b265a5aaaca8c0a1e6fee82472
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
8d293f492780e9a75e7a66abe2c305eee3ad0b47db783f7dd3f5c99e0025467a.exe File name: 8d293f492780e9a75e7a66abe2c305eee3ad0b47db783f7dd3f5c99e0025467a.exe
Size: 409.6 KB (409600 bytes)
MD5: 11b0e806821370c5a430eb5422b500d2
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
8bc65b73ce9b6bd9efe50eba0830d19910b26b474865499f31bfbc23fa6e4778.exe File name: 8bc65b73ce9b6bd9efe50eba0830d19910b26b474865499f31bfbc23fa6e4778.exe
Size: 438.27 KB (438272 bytes)
MD5: 7205f8ca6ce9ea7855fb87932b36fa58
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
828d9090886d2a36c7ecfd8e90df0fbfc5a1675d4f4d96531332ecc397bd5ca1.exe File name: 828d9090886d2a36c7ecfd8e90df0fbfc5a1675d4f4d96531332ecc397bd5ca1.exe
Size: 409.6 KB (409600 bytes)
MD5: cffb605ef7f85b94f4e34443d2374dc9
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
7b9acbfbdb33614a05eba4293579139626f369df519492a728221cb58ae31fff.exe File name: 7b9acbfbdb33614a05eba4293579139626f369df519492a728221cb58ae31fff.exe
Size: 475.13 KB (475136 bytes)
MD5: ca9427b410256147c0a3b4bb2cdf82cd
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
data.bin File name: data.bin
Size: 1.34 MB (1343518 bytes)
MD5: f140723566acbc4a7196a1cf9ac7a381
Detection count: 30
File type: Binary File
Mime Type: unknown/bin
Group: Malware file
Last Updated: October 13, 2017
03fcb2b33936edc8ec3bd20423518f237b72abb7d62b5923d4a4374e71eef0b5.exe File name: 03fcb2b33936edc8ec3bd20423518f237b72abb7d62b5923d4a4374e71eef0b5.exe
Size: 446.46 KB (446464 bytes)
MD5: b8159630f2467ca4866ed06fb16131ef
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
0333531376fb619fdca25bc04db76fe297d7d1cf272a7160ed2f9b20b8965d73.exe File name: 0333531376fb619fdca25bc04db76fe297d7d1cf272a7160ed2f9b20b8965d73.exe
Size: 421.88 KB (421888 bytes)
MD5: 335210486fe673a6e9c2c550d01aa741
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2017
78ba046f4d8c46bee24d6e97b436e515 File name: 78ba046f4d8c46bee24d6e97b436e515
Size: 235.52 KB (235520 bytes)
MD5: 78ba046f4d8c46bee24d6e97b436e515
Detection count: 12
Group: Malware file
Last Updated: February 28, 2018
C:\Users\<username>\AppData\Roaming\Tevyi\olube.exe File name: olube.exe
Size: 309.24 KB (309248 bytes)
MD5: 041034673436e090275832bbf6aa3b23
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\Tevyi
Group: Malware file
Last Updated: March 28, 2018
IMG_xxxx.zip File name: IMG_xxxx.zip
Mime Type: unknown/zip
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%APPDATA%\Microsoft\Temp.exe%APPDATA%\svchost.exe

Additional Information

The following directories were created:
%APPDATA%\winsystem%PROGRAMFILES%\Jidd

Related Posts

SpyHunter Free Trial: Important Terms & Conditions

The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac, offering comprehensive malware detection and removal functionality, high-performance guards to actively protect your system from malware threats, and access to our technical support team via the SpyHunter HelpDesk (or the number of devices set forth in the promotional materials/purchase page). You will not be charged upfront during the Trial period, although a credit card is required to activate the Trial. (Prepaid credit cards, debit cards, and gift cards are not accepted under this offer.) The requirement for your payment method is to help ensure continuous, uninterrupted security protection during your transition from a Trial to a paid subscription should you decide to purchase. Your payment method will not be charged a payment amount upfront during the Trial, although authorization requests may be sent to your financial institution to verify that your payment method is valid (such authorization submissions are not requests for charges or fees by EnigmaSoft but, depending upon your payment method and/or your financial institution, may reflect on your account availability). You can cancel your Trial by contacting EnigmaSoft before the end of the 7-day Trial period to avoid a charge coming due and being processed immediately after your Trial expires. If you decide to cancel during your Trial, you will immediately lose access to SpyHunter. If, for any reason, you believe a charge was processed that you did not wish to make (which could occur based on system administration, for example), you may also cancel and receive a full refund for the charge any time within 30 days of the date of the purchase charge. See FAQs.

At the end of the Trial, you will be billed upfront immediately at the price and for the subscription period as set forth in the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details) if you have not timely canceled. Pricing typically starts at $72 for 3 months (SpyHunter Pro Windows) and $42 for 3 months (SpyHunter for Mac). Your purchased subscription will be automatically renewed in accordance with the registration/purchase page terms, which provide for automatic renewals at the then applicable standard subscription fee in effect at the time of your original purchase and for the same subscription time period or as set forth in the promotion materials/purchase page, provided you’re a continuous, uninterrupted subscription user. Please see the purchase page for details. Trial subject to these Terms, your agreement to EULA/TOS, Privacy/Cookie Policy, and Discount Terms. If you wish to uninstall SpyHunter, learn how.

For payment on the automatic renewal of your subscription, an email reminder will be sent to the email address you provided when you registered before each payment date. At the onset of your trial, you will receive an activation code that is limited to use for only one Trial and for only one device per account. Your subscription will automatically renew at the price and for the subscription period in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details), provided that you are a continuous, uninterrupted subscription user. For paid subscription users, if you cancel, you will continue to have access to your product(s) until the end of your paid subscription period. If you wish to receive a refund for your then current subscription period, you must cancel and apply for a refund within 30 days of your most recent purchase, and you will immediately stop receiving full functionality when your refund is processed.

You may cancel a subscription or Trial as follows:

  1. Go to www.enigmasoftware.com and click the "Login" button at the top right corner.
  2. Log in with your username and password.
  3. In the navigation menu, go to "Order/Licenses." Next to your order/license, a button is available to cancel your subscription if applicable. Note: If you have multiple orders/products, you will need to cancel them on an individual basis.

Should you have any questions or problems, you can contact EnigmaSoft Support by email at support@enigmasoftware.com or by opening a support ticket on EnigmaSoft's MyAccount website.

------

SpyHunter Purchase Details

You also have the choice of subscribing to SpyHunter immediately for full functionality, including malware removal and access to our support department via our HelpDesk, typically starting at $42 for 3 months (SpyHunter Basic Windows) and $42 for 3 months (SpyHunter for Mac) in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details). Your subscription will automatically renew at the then applicable standard subscription fee in effect at the time of your original purchase subscription and for the same subscription time period or as set forth in the promotion materials/purchase page, provided you’re a continuous, uninterrupted subscription user and for which you will receive a notice of upcoming charges before the expiration of your subscription. Purchase of SpyHunter is subject to the terms and conditions on the purchase page, EULA/TOS, Privacy/Cookie Policy and Discount Terms.

------

General Terms

Any purchase for SpyHunter under a discounted price is valid for the offered discounted subscription term. After that, the then applicable standard pricing will apply for automatic renewals and/or future purchases. Pricing is subject to change, although we will notify you in advance of price changes.

All SpyHunter versions are subject to your agreeing to our EULA/TOS, Privacy/Cookie Policy, and Discount Terms. Please also see our FAQs and Threat Assessment Criteria. If you wish to uninstall SpyHunter, learn how.

Spywareremove.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.