[virusinfo] Oxygen3 24h-365d [PQremove available for Sasser.A - 05/01/04]

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sun, 02 May 2004 18:13:01 -0700

From; Panda Oxygen3 24h-365d:

- Panda Software offers to every user the free tool to disinfect and remove
Sasser.A -

   Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 1 2004 - The new Network worm Sasser.A, discovered just few
hours ago, is spreading and infecting many users. It has become one of the
most detected codes by the On Line antivirus Panda ActiveScan. Everything
indicates that it will be epidemic like last August Blaster virus. The Panda
Software Technical Support Network, as Panda Labs, has received many
infections reports caused by this new virus. So, Panda Software his offering
to all the users the free tool Pqremove to detect and disinfect Sasser,
available here.

Panda Software warns that the users can detect and disinfect the new worm
with an updated antivirus, but it's also needed to install the patch
provided by Microsoft to be sure the virus do not infects again the
computer. The vulnerability used by Sasser.A was published by Microsoft last
week in the bulletin MS04-011
(http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx) with the
correspondent solution. Panda Software customers already have the updates to
detect and disinfect this new worm.

In addition, the users can scan their computers on line for free with the
ActiveScan solution, available in the company web page:
http://www.pandasoftware.com More Information about this threat or other
ones, is available in the virus encyclopedia, at
http://www.pandasoftware.com/virus_info/encyclopedia/

Sasser.A behavior is similar to Blaster. The worm scans random IP addresses
until it finds systems with this vulnerability. Once found, it copies itself
in Windows directory with the name AVSERVE.EXE and creates the following
registry entry, to ensure it is launched when the system is booted:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

avserve.exe = %windir%\avserve.exe

In addition, the vulnerability uses a buffer overflow to make the LSASS.EXE
application crash. Because of this, the system can fail.

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Oxygen3 24h-365d [PQremove available for Sasser.A - 05/01/04]

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---