We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/Matsnu
Aliases: No associated aliases
Summary
Win32/Matsnu is malware that can perform certain actions based on instructions from a remote server. It also changes certain computer settings.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
Removing a program exception
This threat may add a malware program to the Windows Firewall exception list. To remove the program exception, follow these steps:
For Windows XP:
- Use an administrator account to log on.
- Click Start, select Run, type wscui.cpl, and then click OK.
- In Windows Security Center, click Windows Firewall.
- On the Exceptions tab, click on the malware file name and then click Delete.
- Click OK.
Enabling registry editor
This threat may modify the computer to prevent Registry Editor from running. To enable Registry Editor in your computer, please do the following:
- Run a command prompt. Click Start>Run and type cmd.
- In the command prompt, type the following as is and press Enter:
reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f - Type exit at the command prompt.
Additional remediation instructions for Win32/Matsnu
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Restoring your System Registry:
- For Windows 7: http://windows.microsoft.com/en-us/windows7/Back-up-the-registry
- For Windows Vista: http://windows.microsoft.com/en-US/windows-vista/Back-up-the-registry
- For Windows XP: http://support.microsoft.com/kb/322756/
- Enabling Task Manager:
- For Windows XP: http://support.microsoft.com/kb/913623/
- Enabling System Restore:
- For Windows XP: http://support.microsoft.com/kb/310405
- For other support and help related articles, go to:
- Windows 7: http://support.microsoft.com/gp/windows7
- Windows Vista: http://support.microsoft.com/ph/11732
- Windows XP: http://support.microsoft.com/ph/1173
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx