Name: Gunsan
Aliases: W32.Gunsan, Backdoor.AHF, Skyliner, W32/Skyliner, Backdoor.Gunsan, Win32/Gnusan.A@mm,
Ports: at random between 0 and 4999, and 6660, 6667, 7000
Files: Tast.exe - 51,200 bytes Explorer16.exe - Noalarm.bat - Skyliner.dat -
Actions: Anti-protection trojan / Remote Access / Worm / IRC trojan / Network trojan / Yahoo trojan / Destructive trojan / Virus / HTTP server
Registers: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\
Notes: Works on Windows 95, 98, ME, NT, 2000 and XP, together with MS Outlook, Outlook Express and Yahoo! messenger.
Program: Written in Visual C++.

© Copyright von Braun Consultants. This information may include technical inaccuracies or typographical errors. If you have any questions or further information about the actual trojan above, please contact Joakim von Braun at <>