Win32.Worm.Sasser.F
SYMPTOMS: TECHNICAL DESCRIPTION: This is a slightly different version of Win32.Worm.Sasser.AThe diferrecies are the following: The mutex name is billgate The log file name is now c:\\win.log The name of the file used for copying itself in Windows folder is now napatch.exe The run registry key becomes HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\napatch.exe = %windows%\\napatch.exe Removal instructions: ANALYZED BY: Sorin Victor DudeaBitDefender AntiVirus Researcher |