Win32 Sasser.G

W32.Sasser.G is a minor variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability, described in Microsoft Security Bulletin MS04-011, and spreads by scanning randomly selected IP addresses for vulnerable systems. The worm’s function is identical to that of W32.Sasser.E.Worm, but W32.Sasser.G contains an extra PE file section, which is 1 byte in size and appears to have no function. W32.Sasser.G differs from W32.Sasser.Worm as follows:

* Uses a different mutex: SkynetNotice.
* Uses a different file name: lsasss.exe.
* Creates a different value in the registry: "lsasss.exe"
* Uses different port numbers, used by FTP server and the remote shell: 1023 and 1022.
* After 2 hours of running it displays a message.
* It deletes the values from the registry, which are known to be installed by Trojan.Mitglieder, W32.Beagle.W@mm, and W32.Beagle.X@mm.
* The name of the file retrieved from the FTP server is followed by _update.exe.
* The worm logs data into the file C:\ftplog.txt.
* Has an updated routine for finding vulnerable computers. W32.Sasser.G sends an ICMP echo request before attempting to make a connection. This change may prevent the worm from properly executing on Windows 2000 systems.

W32.Sasser.G can run on, but not infect, Windows 95/98_* Stephan123 computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable computers._

Info http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.htm
Has avast already a update for itl

And the moral is!

Get to windows.update regularly (after the first Tuesday in the month for the monthly patch fest) and get the critical updates that patched the sasser/lsass vulnerability.

Yes i you patch your system with windows update then are you protected for Sasser