Sasser.C

Aliases:

Sasser.C
Worm.Win32.Sasser.c, W32/Sasser.C

Category:
Type:
Platform:

Malware

W32

Summary

Sasser.C is an Internet worm spreading through the MS04-011 (LSASS) vulnerability.

Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:

Eliminating a Local Network Outbreak

Manual Disinfection

To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve2.exe" process, then delete the file AVSERVE2.EXE from your Windows directory and reboot. For step-by-step instructions, see Microsoft's site: http://www.microsoft.com/security/incident/sasser.asp#steps

Technical Details

Sasser.C is a variant of Sasser.B, with identical length. Main difference is that this version starts 1024 processes to scan for new vulnerable hosts, instead of 128 processes.

For more details, see the description of Sasser.B

Submit a sample

Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Submit

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go to Community

Sasser.C

Summary

Disinfection & Removal

Technical Details

Submit a sample

F-Secure Community

Protecting the irreplaceable

Protection

Analysis

Downloads

Support

News & feeds

Connect

About F-Secure

Information

Visit also

F-Secure for consumers

F-Secure for operators

F-Secure for business

F-Secure Corporation