Learn Hypnotism - Reiki - Pranik healing - Meditation - Kundalini - Aura Reading - Distance healing - Photo therapy - Nanda Branha - Astrology. .... contact-09224399275 / 022-65882857.

Contact to Acharya ji

Astrology

Hypnotism

I Ching

Meditation

N.L.P

Shiatsu

Telepathy

Vastushastra

Canker Sores

Cold

Dandruff

Depression

Diabetes

Earache

Food Allergies

Hair Loss

Headache

Hearing Problem

Heart Attack

Win32.Sasser.B

Name: Win32.Sasser.B

Aliases: Sasser.B, W32/Sasser.B.worm

Type: Worm

Size: -

First appeared on: 01.05.2004

Damage: Medium

Brief Description: Sasser.B is a worm that spreads itselfs through vulnerable systems affected by the LSASS exploit (MS04-011).

Sasser.B creates a copy of itself in the windows directory named AVSERVE2.EXE.

It also creates the following registry entry to ensure it is launched when the system is booted:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run

avserve2exe = %windir%\avserve2exe

Sasser.B exploits the LSASS vulnerability to access the remote systems. More information about this exploit is available in the following URL:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

The worm uses 128 threads to scan random IP addresses. If the conection through port TCP 445 succeeds, the worm will check if the system is vulnerable. If it is, Sasser will open a shell through port TCP 9996 and will force an FTP conetion through port TCP 5554 to download the worm to the vulnerable system. The copy of the worm downloaded will be named %number%_up.exe, where %number% is a random number. On the other hand, the vulnerability will use a buffer overflow to make the LSASS.EXE application crash. This might lead to a system crash.

Visible Symptoms:
When first run W32/Sasser-B copies itself to the Windows folder as avserve2.exe and creates the following registry entry, so that avserve2.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
avserve2.exe = %WINDOWS%\avserve2.exe

A harmless text file is created in the C:\ root folder named win2.log.

Technical description:

Propagation:

Sasser.B follows the routine below:

Sasser.B exploits the LSASS vulnerability to access the remote systems. More information about this exploit is available in the following URL:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

The worm uses 128 threads to scan random IP addresses. If the conection through port TCP 445 succeeds, the worm will check if the system is vulnerable. If it is, Sasser will open a shell through port TCP 9996 and will force an FTP conetion through port TCP 5554 to download the worm to the vulnerable system. The copy of the worm downloaded will be named %number%_up.exe, where %number% is a random number. On the other hand, the vulnerability will use a buffer overflow to make the LSASS.EXE application crash. This might lead to a system crash.

Removal tool and instruction:

Download removal tool from F-Secure
by-http://www.antivirusworld.com/

| Physical Science | Psychology | Site Map

Info Article Devinfoware Dhyansanjivani Mantra vidya

We at Dhyansanjivani are group of spiritualists, with non commercial purpose. Looking out to spread the message of spirituality through our web site. If you have any matter, articles, point of view or message to share with everybody. You can do so with the help of www.dhyansanjivani.org See our Rules and regulations

Kindly note;- Dear visitors, it has come to our notice that people are posting articles to us ,these articles are borrowed/copied without the writer's consent. if you do so kindly write the website address/the author's name/and your email address. failing which your article will not be posted. Others who have written original articles need not worry about the matter, You can also notify us if any kind of articles have been copied from your website. We will look into the matter personally and add your relevant details. Disputes arising from this matter will be settled in the Mumbai judiciary. Any enquiry contact dhyansanjivani_1965@ yahoo.com