Printable View
Hello, I have a firewalled network with 5 10.10.x subnets. I am getting Welchia infections on random machines, but am unable to trace the source. I have NAV Corp 8.1 on all machines and servers (or so I believe). However, once a machine is hit, the AV is disabled and the firewall log eventually fills up with ping attempts. It's easy to fix the machines infected by shutting down DLLHOST.EXE, but I am still concerned about the source of the virus. It has hit three subnets already :(.
patweb, take a look here. There are removal instructions and a removal tool to clean the infections of the nasty Welchia worm. It also provides a link to help you track down the machines that Welchia has infected.
http://securityresponse.symantec.com...chia.worm.html
patweb--are you updating the virus definitions for your NAV?
Hi Guys,
Yeah, the NAV system is pretty good with updating the 'dat' files. The version of Welchia that I am getting isn't the 'tame' version. It APPEARS to be some new version that acts like other worms (in that the DOS attack is still happening.)