W32/Gunsan-A

Discussion in 'malware problems & news' started by FanJ, Jul 9, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Gunsan-A
    Type: Win32 worm
    Date: 9 July 2002


    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    The following short description is included here to help in the removal of the worm.

    W32/Gunsan-A drops itself into the Windows system folder as explorer16.exe. It sets the following registry entry so that it is run when Windows starts up.

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Explorer =
    "<system folder>\explorer16.exe".

    W32/Gunsan-A has backdoor capabilities and allows unauthorized access to the user's computer via IRC.


    More information about W32/Gunsan-A can be found at
    http://www.sophos.com/virusinfo/analyses/w32gunsana.html
     
    FanJ, Jul 9, 2002
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...