1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Sasser.G

Sasser.G

ALIAS:Worm.Win32.Sasser.gen

Summary

Sasser.G is a minor modification of the Sasser.F worm. It shares most of its code and functionality, although it uses a different filename when copying itself into the system and a different mutex name.

Additional Details


System Infection

When the worm enters the system it creates a copy of itself in the Windows Directory as 'avserve3.exe'. This copy is added to the Registry as 
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "avserve3.exe" = "%WinDir%\avserve3.exe"
It creates mutexes named 'PinaasoSky' and 'Jobaka3'.

Detection

Detection in F-Secure Anti-Virus was published on May 14th, 2004 in update: [FSAV_Database_Version]
Version=2004-05-14_01 Technical Details: Ero Carrera, August 23rd, 2004