Some useful information about Sasser

Sasser starts 128 threads that scan randomly chosen IP addresses. Because this process is CPU intensive, your computer will experience performance degradation. In some instances, your computer may be too slow to use. An infected computer will also display LSA Shell errors.

You can also remove Sasser manually by following these steps.

1. Disconnect your computer from the Internet.
2. Boot in Safe Mode by pressing the F8 key during startup.
3. Navigate to your Windows directory (c:\WINDOWS or c:\WINNT) on your hard drive.
4. Look for a file named AVSERVE.EXE. Delete it.
5. Click on the Start menu and select Run.
6. Type "regedit" (without quotes).
7. Navigate to the following Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
8. In the windows to the right, look for a value called avserve. Delete it.
9. Exit RegEdit.
10. Reboot.

If you do not have Sasser, or you just removed it from your system, you need to prevent future infection by installing the security update that fixes the LSASS vulnerability. The update is labeled 835732 and is available at Microsoft's Windows Update site.