W32.Sasser Removal Tool
- http://www.sarc.com/...moval.tool.html
Last Updated on: May 3, 2004 04:16:26 PM
(The tool covers variants of the Sasser Worm)
Additional info:
- http://www.sarc.com/...ser.c.worm.html
"...Block TCP ports 5554, 9996 and 445 at the perimeter firewall and install the appropriate Microsoft patch (MS04-011) to prevent remote exploitation of the vulnerability..."
- http://isc.sans.org/...ls.php?port=445
Also:
- http://isc.sans.org/...date=2004-05-03
"...We are seeing a great deal of evidence of multiple infections on machines with Sasser. That is, machines infected with Sasser are often also infected with something else, frequently one of the recent agobot/gaobot/phatbot variants that also target the MS04-011 vulnerabilities..."
- http://www.microsoft...n/MS04-011.mspx