Discovered: September 7, 2001
Updated: February 13, 2007 11:37:14 AM
Also Known As: W32.CodeBlue
Type: Worm
To remove the worm, delete files that are detected as W32.BlueCode.Worm and remove the registry entry that the worm added.
To remove the worm:
- Run LiveUpdate to make sure that you have the most recent virus definitions.
- Start Norton AntiVirus (NAV), and run a full system scan. Be sure that NAV is configured to scan all files.
- Delete all files that are detected as W32.BlueCode.Worm.
To edit the registry:
CAUTION: We strongly recommend that you back up the system registry before you make any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure that you modify only the keys that are specified. Please see the document
How to back up the Windows registry before you proceed.
- Click Start, and click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Navigate to and select the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
- In the right pane, look for and select the value
Domain Manager
- Press Delete, and then click Yes to confirm.
- Exit the Registry Editor.
Writeup By: Eric Chien
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine