W32/Gunsan-A

Discussion in 'malware problems & news' started by FanJ, Jul 9, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Gunsan-A
    Type: Win32 worm
    Date: 9 July 2002


    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    The following short description is included here to help in the removal of the worm.

    W32/Gunsan-A drops itself into the Windows system folder as explorer16.exe. It sets the following registry entry so that it is run when Windows starts up.

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Explorer =
    "<system folder>\explorer16.exe".

    W32/Gunsan-A has backdoor capabilities and allows unauthorized access to the user's computer via IRC.


    More information about W32/Gunsan-A can be found at
    http://www.sophos.com/virusinfo/analyses/w32gunsana.html
     
Thread Status:
Not open for further replies.