Home News How To Fix FTP Error Win32 Worm Sasser Gen

How To Fix FTP Error Win32 Worm Sasser Gen

52
0

 

This guide describes some of the possible causes that can lead to the appearance of the worm. Then you can try to fix this problem.

 

 

What To Do Now

Use the following free Microsoft software to detect and remove this threat:

  • Windows defender for Windows 10 and Windows 8.1 or Microsoft Security Essentials for Windows 7 and Windows Vista
  • Microsoft Security Scanner
  • You should also do a full scan. A full scan can find other hidden malware.

    Disable automatic execution

    This threat attempts to use the Windows AutoPlay feature to propagate through removable storage devices such as USB drives. You can disable autorun to prevent worms from spreading:

    • Disable Windows Autostart
    Scan removable disk

    Be sure to scan any removable or portable drives. If you have Microsoft security software, see this section on our software help page:

    • How to scan a removable disk, such as a B. flash drive?
    More help

    You can also find more help atour advanced troubleshooting page.

    If you’re using Windows XP, see our Windows XP end of support page.

    W32 / Sasser-G is a network worm that spreads using the Microsoft LSASS vulnerability.

    W32 / Sasser-G also creates and runs SKYNET.CPL in the Windows folder, which Sophos recognizes as W32 / NetSky-AC.W32 / Sasser-G is a network worm that spreads using the Microsoft LSASS vulnerability.

    The worm copies itself to the Windows folder as AVSERVE3.EXE and sets the following registry entry to start automatically when the user logs on:

    HKLM Software Microsoft Windows CurrentVersion Run
    avserve3 = avserve3.exe

    W32 / Sasser-G tries to connect to random IP addresses on TCP / 445 and TCP / 9996 ports and then exploits LSASS vulnerability. If successful, the FTP script will be downloaded and run on a remote computer that connects to port 5554 to download a copy of the worm via FTP.

    worm win32 sasser gen ftp

    W32 / Sasser-G may cause the LSASS.EXE program to terminate, usually prompting Windows to shut down and restart. However, W32 / Sasser-G tries to prevent the system from shutting down.

    W32 / Sasser-G tIt also creates and runs SKYNET.CPL in a Windows folder, which Sophos recognizes as W32 / NetSky-AC.