Sasser is an Internet worm that exploits the MS Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
Microsoft released a patch for this vulnerability on April 13, 2004, while Sasser.a was first detected on April 30, 2004.
Sasser operates in a very similar manner to Lovesan, except that Lovesan exploited a vulnerability in the PRC DCOM service, not the LSASS service.
Sasser affects computers running Windows 2000, Windows XP, Windows Server 2003.
Sasser functions on all other versions of Windows but is unable to infect them by attacking via the vulnerability.
An error message about the LSASS service failing which usually also causes the system to reboot.
Sasser creates the file 'win.log' in the C drive root directory where the worm records the IP-addresses of all attacked machines.
Copies itself into the Windows root directory under the name avserve.exe
and registers this file in the system registry autorun key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avserve.exe" = "%WINDIR%\avserve.exe"
Use antivirus (also check How To Remove section)Startuip Optimizer to remove this worm.