Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


NAPATCH.EXE PROCESS INFORMATION

Process Name  : Napatch.exe

Process Path : %WINDOWS%\napatch.exe [ C:\Windows\napatch.exe ]

Process type    : Network worm

Malware Name : W32.Sasser.F.Worm

Alias             : W32/Sasser.Worm.F, W32/Sasser-F, Sasser.F,  WORM_SASSER.F,  Worm.Sasser.F, I-Worm/Generic

Threat level : Medium

Process Details:

                     Napatch.exe is the main component dropped by Sasser.F worm. It is a network Worm,  exploits a remote code execution vulnerability LSASS to infect target systems. It scans for IP addresses and infects unpatched systems. This worm targets Windows 2000, and Windows XP systems. Solo Antivirus can detect and remove Sasser worm and its variants safely.

                     Sasser worm copies to Windows folder as napatch.exe. Then it modifies registry run section to load automatically on the next startup. The registry modification is given below.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
"napatch.exe"= %WINDOWS%\napatch.exe

[ By default, %WINDOWS% will be C:\Windows in case of Windows 95/98/ME/XP, C:\Winnt in case of Windows NT/2000 ]

                     Sasser worm can be avoided by installing security patches from Microsoft. If you have not installed, you can get a copy at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx The worm infected users will receive the error messages like 

System Shutdown

This system is shutting down. Please save all
work in progress and log off. Any unsaved
changes will be lost. This shutdown was
initiated by NT AUTHORITY\SYSTEM

Time before shutdown : 00:00:59

Message
The system process
C:\WINDOWS\System32\Lsass.exe
terminated unexpectedly with status code 0.
The system will shutdown and restart.

                     Sasser worm infected systems will crash and reboot by dispalying error in LSASS.exe. This worm appeared on 11th May 2004.

How can I protect my system?

                   Solo has incorporated napatch.exe in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

How to remove this worm?

                   If you are already infected with napatch.exe process, download and install security patches from the link http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx Then run Solo anti-virus scanner to remove the worm components.

                   Solo antivirus can detect and remove napatch.exe process safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link