1. /
  2. Security Response/
  3. CodeRed Worm

CodeRed Worm - Removal

Risk Level 2: Low

July 16, 2001
February 13, 2007 11:36:53 AM
Also Known As:
W32/Bady, I-Worm.Bady, Code Red, CodeRed, W32/Bady.worm
Systems Affected:
Microsoft IIS
CVE References:
CVE-2001-0500 CVE-2001-0506

Symantec Security Response has created a tool to perform a vulnerability assessment of your computer and to remove the CodeRed Worm and CodeRed II.

If for any reason you cannot use or obtain the CodeRed removal tool, manually remove this worm.

Manually removing the worm
  1. Download, obtain, and apply the patch from the Web site, http://www.microsoft.com/technet/security/bulletin/MS01-033.asp.

    Alternatively, you can download and install the Cumulative Patch for IIS available at: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp.

  2. Restart the computer.

Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report