Event ID - 445

Port No445
Service NameW32.Sasser.D
RFC Doc0
ProtocolTCP
DescriptionW32.Sasser.D can only execute on Windows XP systems. The worm can exploit a vulnerable (unpatched) Windows 2000 machine remotely and copy itself to that machine. However, it will exit before running any code. In such cases, this worm will produce the following error:
The procedure entry point IcmpSendEcho could not be located in the dynamic link library iphlpapi.dll.
Reference LinkPort Number:445 Service Name:W32.Sasser.D Port:TCP
AttackAccording to Symantec

Removal Instructions:
Before you begin:
If you are running Windows 2000 or XP, and have not yet done so, you must patch for the vulnerability described in Microsoft Security Bulletin MS04-011. If you do not, it is likely that your computer will continue to be reinfected.
What to do if the computer shuts down before you can patch or get the tool
This threat can cause Windows to keep shutting down and restarting. This can prevent you from installing the Microsoft patch or downloading the tool described below.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.