| Port No | 4999 |
| Service Name | W32.Gunsan |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This destructive, mass-mailing worm propagates via email using its built-in SMTP (Standard Mail Transfer Protocol) engine. It is deletes several antivirus and monitoring programs. |
| Reference Link | W32.Gunsan |
| Attack | Solution: Removing autostart entries from registry prevents the malware from executing during startup. This is also an effective malware process termination procedure. Open Registry Editor. Click Start>Run, type REGEDIT then hit the enter key. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>RunServices In the right panel, locate and delete the entry: Explorer = %system%\explorer16.exe *where %System% is the Windows system directory, which is usually C:\Windows\System or C:\WINNT\System32. Restart your computer. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.