Service Centre  | Message Board | POP Numbers  | Virus Alerts | FAQ's | Setup Procedures  Mail Us back to supportLINK

 

 

 

Sasser May 7, 2004

Aliases:
Sasser.A, Worm.Win32.Sasser.a
Type:
Worm
Description:
Sasser is an Internet worm spreading through the MS04-011 (LSASS) vulnerability. This vulnerability is caused by a buffer overrun in the Local Security Authority Subsystem Service, and will affect all machines that are: - Running Windows XP or Windows 2000 - Haven't been patched against this vulnerability - Are connected to the Internet without a firewall See the Microsoft Bulletin for more info on the vulnerability, and run Windows Update to patch your systems now.
Solution:
To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve.exe" process, then delete the file AVSERVE.EXE from your Windows directory and reboot. For step-by-step instructions, see Microsoft's site: http://www.microsoft.com/security/incident/sasser.asp#steps Taken from fsecure.com

 


webmailLINK | supportLINK | serviceLINK | adsLINK | technoLINK | essentiaLINK | eventLINK | dealersLINK | value added services | homeLINK