Topic: Anyone else had this worm?

[vsfedwards]

Welchia it is called, I found it today ( I run a scan every other day) but this has never been found on my pc before. I found it after updating the virus definition- Apparently it reboots windows and you lose all your other files..or something along that line. So if anyone else has found it or heard of it I would like to hear about it.

Thanks for reading. Andy

[Sten]

Welchia is the anit-blaster worm unleashed.

Welchia looks for unpatched windows 2000 and XP machines as well as another I do not recall at this time. It then instructs your computer to go to the windows update screen and get the latest updates.

Once done it uses your computer to spread the worm further.

So this worm is a "good" worm as far as worms go. It deactivates in the winter I seem to recall. Either way keep your computer updated and problem should be sovled.

[Demandred]

I have to wonder if this worm has been rereleased recently by university IT departments... idiot students bringing computers infected with msblaster and sobig have been causing chaos when plugged into university networks.

[vsfedwards]

Quote:
Welchia is the anit-blaster worm unleashed.

Welchia looks for unpatched windows 2000 and XP machines as well as another I do not recall at this time. It then instructs your computer to go to the windows update screen and get the latest updates.

Once done it uses your computer to spread the worm further.

So this worm is a "good" worm as far as worms go. It deactivates in the winter I seem to recall. Either way keep your computer updated and problem should be sovled.  

Thanks Fred, I was worried when I saw it (I did remove it mind) But I'm glad to know it was nothing damaging.  

[Barabbas]

Several of our computers at work were thoroughly patched and updated and Norton AV still found a file floating around in the temp directory....  Don't be too alarmed.

 

[Sten]

One thing thing Welchia did was delete the files for the blaster virsus and force teh infected computer to go to the Microsoft update site.

So if you are finding old blaster files you may have been infected got welchia and then Norton detected Welchia.

Anyhow best bet is keep you system up to date. I have seen maybe 10 new worms released since blaster came out. Sobig was the worst virus I saw had it sent to me 2800+ in 7 days before I decided tos et up filters on the mail server.  

[AdmiralFrey_XC]

This worm uses the same RPC vulnerability to propigate as MSBlaster did, but like it's been said once the payload is delivered, it downloads the RPC patch, installs it, the computer will reboot, then it attempts to scan ports to find the WebDev Vulnerability in IIS 5 and propigate.

It DOES delete the MSBlaster worm.

It IS set to check the date / time, and if it's past Jan 1st, 2004, the worm will deactivate and delete itself.

 

[vsfedwards]

Ok, I know this is a bit of a late reply, but that Welchia virus did effect me pretty badly after, I honestly thought it was my ISP's fault and now feel guilty about shouting down the phone at customer support. Anywho the virus brought my internet connection to a practical hault, before I was able to keep the pc on long enough (without the virus restarting my system again) to get the new security updates. I know its a late update but I just wanted to clarify what my problem was a week or so ago.

Andy.

[vsfedwards]

Ok, I know this is a bit of a late reply, but that Welchia virus did effect me pretty badly after, I honestly thought it was my ISP's fault and now feel guilty about shouting down the phone at customer support. Anywho the virus brought my internet connection to a practical hault, before I was able to keep the pc on long enough (without the virus restarting my system again) to get the new security updates. I know its a late update but I just wanted to clarify what my problem was a week or so ago.


           Edit: I said in a previous post that I managed to remove the worm, obviously that was not so.

Andy.

[vsfedwards]

Welchia it is called, I found it today ( I run a scan every other day) but this has never been found on my pc before. I found it after updating the virus definition- Apparently it reboots windows and you lose all your other files..or something along that line. So if anyone else has found it or heard of it I would like to hear about it.

Thanks for reading. Andy

[Sten]

Welchia is the anit-blaster worm unleashed.

Welchia looks for unpatched windows 2000 and XP machines as well as another I do not recall at this time. It then instructs your computer to go to the windows update screen and get the latest updates.

Once done it uses your computer to spread the worm further.

So this worm is a "good" worm as far as worms go. It deactivates in the winter I seem to recall. Either way keep your computer updated and problem should be sovled.

[Demandred]

I have to wonder if this worm has been rereleased recently by university IT departments... idiot students bringing computers infected with msblaster and sobig have been causing chaos when plugged into university networks.

[vsfedwards]

Quote:
Welchia is the anit-blaster worm unleashed.

Welchia looks for unpatched windows 2000 and XP machines as well as another I do not recall at this time. It then instructs your computer to go to the windows update screen and get the latest updates.

Once done it uses your computer to spread the worm further.

So this worm is a "good" worm as far as worms go. It deactivates in the winter I seem to recall. Either way keep your computer updated and problem should be sovled.  

Thanks Fred, I was worried when I saw it (I did remove it mind) But I'm glad to know it was nothing damaging.  

[Barabbas]

Several of our computers at work were thoroughly patched and updated and Norton AV still found a file floating around in the temp directory....  Don't be too alarmed.

 

[Sten]

One thing thing Welchia did was delete the files for the blaster virsus and force teh infected computer to go to the Microsoft update site.

So if you are finding old blaster files you may have been infected got welchia and then Norton detected Welchia.

Anyhow best bet is keep you system up to date. I have seen maybe 10 new worms released since blaster came out. Sobig was the worst virus I saw had it sent to me 2800+ in 7 days before I decided tos et up filters on the mail server.  

[AdmiralFrey_XC]

This worm uses the same RPC vulnerability to propigate as MSBlaster did, but like it's been said once the payload is delivered, it downloads the RPC patch, installs it, the computer will reboot, then it attempts to scan ports to find the WebDev Vulnerability in IIS 5 and propigate.

It DOES delete the MSBlaster worm.

It IS set to check the date / time, and if it's past Jan 1st, 2004, the worm will deactivate and delete itself.

 

[vsfedwards]

Ok, I know this is a bit of a late reply, but that Welchia virus did effect me pretty badly after, I honestly thought it was my ISP's fault and now feel guilty about shouting down the phone at customer support. Anywho the virus brought my internet connection to a practical hault, before I was able to keep the pc on long enough (without the virus restarting my system again) to get the new security updates. I know its a late update but I just wanted to clarify what my problem was a week or so ago.

Andy.

[vsfedwards]

Ok, I know this is a bit of a late reply, but that Welchia virus did effect me pretty badly after, I honestly thought it was my ISP's fault and now feel guilty about shouting down the phone at customer support. Anywho the virus brought my internet connection to a practical hault, before I was able to keep the pc on long enough (without the virus restarting my system again) to get the new security updates. I know its a late update but I just wanted to clarify what my problem was a week or so ago.


           Edit: I said in a previous post that I managed to remove the worm, obviously that was not so.

Andy.