1. /
  2. Security Response/
  3. W32.Witty.Worm

W32.Witty.Worm - Removal

Risk Level 2: Low

Discovered:
March 20, 2004
Updated:
February 13, 2007 12:19:50 PM
Also Known As:
W32/Witty.worm [McAfee], WORM_WITTY.A [Trend]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP



Note: Because the worm resides in memory only and is not written to disk, virus definitions do not detect this threat. Symantec Security Response recommends that you follow the steps described below to remove this threat.

  1. Obtain the patch for the vulnerability from http://www.iss.net/download/.

  2. Disconnect the affected computer from the network.

  3. Restart the computer to remove the threat from memory.


    Note: If the computer has been infected, it may not restart properly. If this occurs, Symantec Security Response recommends using a data recovery program.

  4. Apply the patch.

  5. Reconnect to the network.


Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver