Published Dec 27, 2011 | Updated Jun 09, 2016


Detected by Microsoft Defender Antivirus

Aliases: No associated aliases


Win32/Matsnu is malware that can perform certain actions based on instructions from a remote server. It also changes certain computer settings.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

Removing a program exception

This threat may add a malware program to the Windows Firewall exception list. To remove the program exception, follow these steps:

For Windows XP:

  1. Use an administrator account to log on.
  2. Click Start, select Run, type wscui.cpl, and then click OK.
  3. In Windows Security Center, click Windows Firewall.
  4. On the Exceptions tab, click on the malware file name and then click Delete.
  5. Click OK.
Enabling registry editor

This threat may modify the computer to prevent Registry Editor from running. To enable Registry Editor in your computer, please do the following:

  1. Run a command prompt. Click Start>Run and type cmd.
  2. In the command prompt, type the following as is and press Enter:
    reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
  3. Type exit at the command prompt.
Additional remediation instructions for Win32/Matsnu

This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:

Follow us