Win32.Worm.Sasser.F
SYMPTOMS: TECHNICAL DESCRIPTION: This is a slightly different version of Win32.Worm.Sasser.AThe diferrecies are the following: The mutex name is billgate The log file name is now c:\win.log The name of the file used for copying itself in Windows folder is now napatch.exe The run registry key becomes HKLM\Software\Microsoft\Windows\CurrentVersion\Run\napatch.exe = %windows%\napatch.exe Removal instructions: ANALYZED BY: Sorin Victor Dudea BitDefender AntiVirus Researcher |