There is a new worm out, W32.Welchia.Worm. Discovered on: August 18, 2003.

Targets Windows Xp Computers.

W32.Welchia.Worm does the following:

Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.

Removal tool (http://www.symantec.com/avcenter/FixWelch.exe)

Manual Removal
As an alternative to using the removal tool, you can manually remove this threat. The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


1. Disable System Restore (Windows XP).
2. Update the virus definitions.
3. Restart the computer or end the Worm process.
4. Run a full system scan and delete all the files detected as W32.Welchia.Worm.
5. Delete the values from the registry.
6. Delete the Svchost.exe file.

Also Known As: W32/Welchia.worm10240 [AhnLab], W32/Nachi.worm [McAfee], WORM_MSBLAST.D [Trend], Lovsan.D [F-Secure], W32/Nachi-A [Sophos], Win32.Nachi.A [CA], Worm.Win32.Welchia [KAV]

Type: Worm
Infection Length: 10,240 bytes



Systems Affected: Microsoft IIS, Windows 2000, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x, Windows 95, Windows 98, Windows Me

Payload:
Deletes files: Deletes msblast.exe.
Causes system instability: Vulnerable Windows 2000 machines will experience system instability due to the RPC service crash.
Compromises security settings: Installs a TFTP server on all the infected machines.

http://www.klboard.ath.cx/index.php?showtopic=62680 ;) ;) ;)

Damn, sorry for the post then...

the reports I have heard of the worm say its actually worse than MS.Blast, as far as causing disruptions that is.... :unsure: