[P][RO][CE][SS][OR]
08-21-2003, 07:31 PM
There is a new worm out, W32.Welchia.Worm. Discovered on: August 18, 2003.
Targets Windows Xp Computers.
W32.Welchia.Worm does the following:
Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.
Removal tool (http://www.symantec.com/avcenter/FixWelch.exe)
Manual Removal
As an alternative to using the removal tool, you can manually remove this threat. The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows XP).
2. Update the virus definitions.
3. Restart the computer or end the Worm process.
4. Run a full system scan and delete all the files detected as W32.Welchia.Worm.
5. Delete the values from the registry.
6. Delete the Svchost.exe file.
Targets Windows Xp Computers.
W32.Welchia.Worm does the following:
Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
Attempts to remove W32.Blaster.Worm.
Removal tool (http://www.symantec.com/avcenter/FixWelch.exe)
Manual Removal
As an alternative to using the removal tool, you can manually remove this threat. The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows XP).
2. Update the virus definitions.
3. Restart the computer or end the Worm process.
4. Run a full system scan and delete all the files detected as W32.Welchia.Worm.
5. Delete the values from the registry.
6. Delete the Svchost.exe file.