Remove Matsnu


Matsnu

Vulnerable computer systems and applications:

Windows OS.

Description:

Matsnu is a malicious software code, also known as a Trojan, which often enters users’ devices via spam emails. The malware performs the following activity on an infected device:

  • Copies itself to several operating system directories;
  • Modifies system registry keys;
  • Connects to a remote C&C (Command & Control) server, thus opening a backdoor;
  • Sends device information to the C&C server.

If an attacker uses the backdoor opened by Matsnu, he/she can send commands to the device, thus gaining full control of the device and files.

Recommendations:

  • Disable the malicious trojan process;
  • Check the values of these registry entries containing the malicious files generated by Matsnu:

SoftwareMicrosoftWindowsCurrentVersionRunOnce

SoftwareMicrosoftWindowsCurrentVersionRun

  • Delete specified malicious files and these entries;
  • Restore the owner of the entry:

SoftwareMicrosoftWindows NtCurrentVersionWinlogon (HKEY_CURRENT_USER)

  • Perform a full system scan with an antivirus program.