Because the worm resides in memory only and is not written to disk, virus definitions do not detect this threat. Symantec Security Response recommends that you follow the steps described below to remove this threat.
- Obtain the patch for the vulnerability from http://www.iss.net/download/.
- Disconnect the affected computer from the network.
- Restart the computer to remove the threat from memory.
Note: If the computer has been infected, it may not restart properly. If this occurs, Symantec Security Response recommends using a data recovery program.
- Apply the patch.
- Reconnect to the network.