WORM_BLUEWORM.C
Here is a short description of WORM_BLUEWORM.C:
This memory-resident worm propagates through network shares and Internet Relay Chat (IRC). It drops several copies of itself in the Windows and the Windows system folders. The dropped files may have any of the following extensions:
This virus/malware was added to our database at:
09/07/04
Anti-virus program
This malware was discovered and named by Trendmicro.
For
removal tools and/or
anti-virus programs for WORM_BLUEWORM.C then anti-virus programs and tools from Trendmicro can remove the virus/malware.
For more information about antivirus programs you can read here:
Antivirus programs
More information about WORM_BLUEWORM.C
To remove this malware, first identify the malware program.
Scan your system with your Trend Micro antivirus product.
NOTE all files detected as WORM_BLUEWORM.C.
Trend Micro customers need to download the latest pattern file before scanning their system. Other users can use Housecall, Trend Micro’s free online virus scanner.
Restarting in Safe Mode
» On Windows 95
Restart your computer.
Press F8 at the Starting Windows 95 message.
Choose Safe Mode from the Windows 95 Startup Menu then press Enter.
» On Windows 98 and ME
Restart your computer.
Press the CTRL key until the startup menu appears.
Choose the Safe Mode option then press Enter.
» On Windows NT (VGA mode)
Click Start>Settings>Control Panel.
Double-click the System icon.
Click the Startup/Shutdown tab.
Set the Show List field to 10 seconds and click OK to save this change.
Shut down and restart your computer.
Select VGA mode from the startup menu.
» On Windows 2000
Restart your computer.
Press the F8 key, when you see the Starting Windows bar at the bottom of the screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
» On Windows XP
Restart your computer.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Note: After performing all the solutions for the removal of this malware, please restart your system normally, and run your Trend Micro antivirus product.
Terminating the Malware Program
This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
= \"%Windows%\\VOLUME\\< filename detected earlier>\"
(Note: %Windows% is the default Windows folder, usually C:\\Windows or C:\\WINNT.)
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
(Default)=\"%System%\\\"
(Note: %System% is the Windows system folder, which is usually C:\\Windows\\System on Windows 95, 98 and ME, C:\\WINNT\\System32 on Windows NT and 2000, and C:\\Windows\\System32 on Windows XP.)
Close Registry Editor.
.
This was added 03/02/08 09:23:42
More information from Trendmicro
If you feel like there is information missing or if you want to add information then send us that information by filling in information below.
Write removal instructions for WORM_BLUEWORM.C