...as you found out on the system you're analysing.
Apparently, Sasser only infects Win 2000 and XP. According to Microsoft, one of the symptoms is that the operating system keeps shutting down, but the computer I am trying to sort out doesn't have that problem.
Close, but not quite correct: the various variants of the Sasser worm can infect Win9x/WinME systems, and can spread from there, but its payload won't be effective on these machines: the shutdown behaviour will only occur under Win2k/XP.
This computer is at my local 'mairie' and is open to the public for Internet access, although not many people use it. It is less than a month old and was working normally about a week ago.
The timing is suspicious, as Sasser was starting to spread last weekend.
I ran this on the computer at the 'mairie' and it found 29 files infected with the Sasser worm, which I deleted.
Did that program also remove the worm?
After that,I did manage to access a couple of sites, but it was extremely slow and didn't last long before I couldn't access any sites again.
The worm might well still be active, trying to spread by scanning other machines on the web.
My own computer (XP) hasn't been infected and I think it may be because my firewall is activated.
More info, including a removal tool, is available from Symantec.
Small consolation: the author of "Sasser" - an 18-year old college student from northern Germany - was arrested yesterday, and has admitted that he developed and spread the worm...