PDA

View Full Version : removal of virus



agus99
12-10-2003, 07:10 AM
I have picked up a "w32,welchia.worm" nortons has notified me but cannot repair the file C:\windows\system32\wins\DLLHOST>EXE.
I alsocannot gain acess to the file Hellllp please
thanks

Jim B
12-10-2003, 07:28 AM
Removal tool here (http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html)

If using XP disable system restore

Stumped Badly
12-10-2003, 08:16 AM
Just as a matter of interest, I also picked up this worm, but I don't know how.
A friend brought me her Laptop which was giving trouble, the thing was so messed up the only answer was to wipe it & use the restore disks.
After restoring XPSP1 I updated Nortons then went to MSoft & strated downloading the plethora of updates/fixes etc.
I chose about half of them, downloaded & installed them Whammo! XP reboots, gets to the Welcome to XP & that was it, tried safe mode, same thing.
Tried a heap of workarounds to no avail.
Only option left was to restore again from the HP disks,
Updated Nortons again, downloaded about half the updates again only to pick up the welchia worm this time. Ran the removal tool & all seems fine.
The only 2 sites I visited each time were MSoft & Symantec.
Weird.

Jim B
12-10-2003, 09:02 AM
Most likely came in this way.

W32.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.

Pheonix
12-10-2003, 09:44 AM
A lesson to be learnt here from this exercise. Before updating and going online, turn on XP's firewall, or install one first. :D
I'll have to keep that in mind myself now.

agus99
12-10-2003, 10:39 AM
all its fixed thanks to u guys