Spyware, Viruses, & Security forum

General discussion

VIRUS ALERTS - May 2, 2004

by Marianna Schmudlach / May 2, 2004 1:22 AM PDT


Discovered on: May 01, 2004
Last Updated on: May 02, 2004 02:34:21 PM

W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011, and spreads by scanning randomly-chosen IP addresses for vulnerable systems.

The MD5 hash value for this worm is 0x1A2C0E6130850F8FD9B9B5309413CD00.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sasser.B.Worm.


Variants: W32.Sasser.Worm
Type: Worm
Infection Length: 15872 bytes

Systems Affected: Windows 2000, Windows Server 2003, Windows XP

More: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

Discussion is locked
You are posting a reply to: VIRUS ALERTS - May 2, 2004
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VIRUS ALERTS - May 2, 2004
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Marianna Schmudlach / May 2, 2004 1:25 AM PDT

Discovered on: May 02, 2004
Last Updated on: May 02, 2004 03:23:24 PM

Trojan.Adwaheck is a trojan that contains both Adware and backdoor trojan functionality.

Type: Trojan Horse
Infection Length: 48,506 bytes

When Trojan.Adwaheck runs, it performs the following actions:

The trojan creates the value


in the registry key


so that the trojan starts when you start or restart Windows.

More: http://securityresponse.symantec.com/avcenter/venc/data/trojan.adwaheck.html

Collapse -
by Marianna Schmudlach / May 2, 2004 1:33 AM PDT

Virus type: Worm

Destructive: No


This memory-resident malware has both worm and backdoor capabilities.

Like many AGOBOT variants, this worm exploits the Windows LSASS Vulnerability (MS04-11).

This is a buffer overrun vulnerability that allows remote code execution. Once successfully exploited, a remote attacker is able to gain full control of the affected system.

For more information about this vulnerability, refer to the following Microsoft Web site:

It attempts to log into systems using a list of user names and passwords.

It connects to an Internet Relay Chat (IRC) server and joins an IRC channel to listen for remote commands. It allows a remote user to execute malicious commands on the infected system.

It also terminates antivirus-related processes and steals CD keys of certain game applications.

It runs on Windows 2000 and XP.


Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!