The Sasser-D Worm is a network based, C++ written worm, very similar to the Sasser-A Worm. It spreads through a vulnerability in the Local Security Authority Subsystem (LSASS). Infection of the worm causes excessive network traffic and a slow-down of the system. Sasser-D will copy itself to the windows directory, calling itself "avserve.exe" or "avserve?.exe".
REMOVAL INSTRUCTIONS:
- Run REGEDIT and delete the key:
- avserve.exe or avserve?.exe (where ? is a random #)
in location:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- Run Vbuster.Exe and use it to delete all occurances of the worm
Return Home