Remove Matsnu

Matsnu

Vulnerable computer systems and applications:

Windows OS.

Description:

Matsnu is a malicious software code, also known as a Trojan, which often enters users’ devices via spam emails. The malware performs the following activity on an infected device:

• Copies itself to several operating system directories;
• Modifies system registry keys;
• Connects to a remote C&C (Command & Control) server, thus opening a backdoor;
• Sends device information to the C&C server.

If an attacker uses the backdoor opened by Matsnu, he/she can send commands to the device, thus gaining full control of the device and files.

Recommendations:

• Disable the malicious trojan process;
• Check the values of these registry entries containing the malicious files generated by Matsnu:

SoftwareMicrosoftWindowsCurrentVersionRunOnce

SoftwareMicrosoftWindowsCurrentVersionRun

• Delete specified malicious files and these entries;
• Restore the owner of the entry:

SoftwareMicrosoftWindows NtCurrentVersionWinlogon (HKEY_CURRENT_USER)

• Perform a full system scan with an antivirus program.