Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Sasser.C


Aliases:


Sasser.C
Worm.Win32.Sasser.c, W32/Sasser.C

Malware

W32

Summary

Sasser.C is an Internet worm spreading through the MS04-011 (LSASS) vulnerability.



Disinfection & Removal


Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.


Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:


Manual Disinfection

To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve2.exe" process, then delete the file AVSERVE2.EXE from your Windows directory and reboot. For step-by-step instructions, see Microsoft's site: http://www.microsoft.com/security/incident/sasser.asp#steps



Technical Details

Sasser.C is a variant of Sasser.B, with identical length. Main difference is that this version starts 1024 processes to scan for new vulnerable hosts, instead of 128 processes.

For more details, see the description of Sasser.B







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.