Sasser.G is a minor modification of the Sasser.F worm. It shares most of its code and functionality, although it uses a different filename when copying itself into the system and a different mutex name.
Disinfection & Removal
When the worm enters the system it creates a copy of itself in the Windows Directory as 'avserve3.exe'. This copy is added to the Registry as
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avserve3.exe" = "%WinDir%\avserve3.exe"
It creates mutexes named 'PinaasoSky' and 'Jobaka3'.
Detection in F-Secure Anti-Virus was published on May 14th, 2004 in update:
Detection Type: PC
Technical Details: Ero Carrera, August 23rd, 2004