Avserve.exe
What is it?
WORM_SASSER.A
-
AVSERVE.EXE
What does it do?
This worm exploits the Windows LSASS vulnerability , which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of affected systems.This vulnerability is discussed in detail in the following pages:
To propagate, it scans the network for vulnerable systems. When it finds a vulnerable system, this malware sends a specially crafted packet to produce a buffer overflow on LSASS.EXE.
It creates the script file CMD.FTP, which contains instructions for the vulnerable system to download and execute a copy of this malware from a remote infected system using FTP on TCP port 5554.
Removal:
Trend Micro has the full dirt ( HERE )