| Port No | 9995 |
| Service Name | W32.Sasser.D |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | W32.Sasser.D can only execute on Windows XP systems. The worm can exploit a vulnerable (unpatched) Windows 2000 machine remotely and copy itself to that machine. However, it will exit before running any code. In such cases, this worm will produce the following error: The procedure entry point IcmpSendEcho could not be located in the dynamic link library iphlpapi.dll. |
| Reference Link | Port Number: 9995 Service Name:W32.Sasser.D Port:TCP |
| Attack | According to Symantec Removal Instructions: Before you begin: If you are running Windows 2000 or XP, and have not yet done so, you must patch for the vulnerability described in Microsoft Security Bulletin MS04-011. If you do not, it is likely that your computer will continue to be reinfected. What to do if the computer shuts down before you can patch or get the tool This threat can cause Windows to keep shutting down and restarting. This can prevent you from installing the Microsoft patch or downloading the tool described below. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.