Symptoms

Removal instructions:

Analyzed By

Technical Description:

This is a slightly different version of Win32.Worm.Sasser.A

The diferrecies are the following:
The mutex name is billgate
The log file name is now c:\win.log
The name of the file
used for copying itself in Windows folder is now
napatch.exe

The run registry key becomes
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\napatch.exe =
%windows%\napatch.exe