Norton instructions for removal of Dluca worms thru .D may be found at Downloader.Dluca.D. Instructions specific to the new .E apparently haven't been posted yet, but the instructions are the same for all previous versions. As noted above, the .E variety was just added to the signature files yesterday, so it may take a day or two to update the descriptions. The "basic" worm has been around since at least October 2003.

This particular worm is classified as a "low threat," and doesn't appear to do much damage - except for sending stuff from your machine to "somebody."

Complete removal requires a regedit. The required edit is pretty simple, and specific names of keys to be deleted are given. Print a copy of the instructions before you start the edit, so you'll have them in front of you.

There are links on the Norton page that you can use to find instructions backing up the registry before you try to edit it, and for how to turn off the system restore for Windows versions that use it. Print them so you'll have the script offline.

The steps needed are:

1. Safe Boot if you're using an older Win version, or Ctl-Alt-Del and on the "Processes Tab" of Task Manager, click on the file DLuxjp.exe and "end process."

2. Update your AV signature files, and run a "scan all files." If the AV finds anything "infected with DLuca.x" (any version a. thru .e) tell it to delete the file.

3. Edit the registry (get and PRINT instructions):

Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:
"DLuxjp" = "C:\Program Files\Dialers\Dluxjp\Dluxjp.exe /noconnect"

Delete the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DLuxjp

Delete the key:
HKEY_CURRENT_USER\SOFTWARE\SiteIcons\Dialers\DLuxjp

Exit the Registry Editor.
(And don't forget to "save changes" when you exit regedit.)

I'd recommend going to the Norton page and making sure you have all the instructions, but if you can follow a recipe well enough to make sliced SPAM sandwiches, you should be able to get this done. If you're not comfortable with it, then get help, of course.

Note that the .e variant might have slightly different "filenames" in the registry keys, but they're likely to be close enough that you won't have trouble recognizing them. You should be able to tell what's suspicious, and with a current backup you can instantly "undo" any changes you make.

John