|
-
December 19th, 2003, 03:24 PM
#1
Welchia virus
Hello, I have a firewalled network with 5 10.10.x subnets. I am getting Welchia infections on random machines, but am unable to trace the source. I have NAV Corp 8.1 on all machines and servers (or so I believe). However, once a machine is hit, the AV is disabled and the firewall log eventually fills up with ping attempts. It's easy to fix the machines infected by shutting down DLLHOST.EXE, but I am still concerned about the source of the virus. It has hit three subnets already  .
AsusA7N8X, AthlonXP2200
gForce4600+ti & Audigy Platnium, FPS SOUND. AKA- The ultimate gaming machine (well it WAS three years ago anyway).
-
December 20th, 2003, 03:32 PM
#2
patweb, take a look here. There are removal instructions and a removal tool to clean the infections of the nasty Welchia worm. It also provides a link to help you track down the machines that Welchia has infected.
http://securityresponse.symantec.com...chia.worm.html
Eric
-
December 20th, 2003, 08:10 PM
#3
patweb--are you updating the virus definitions for your NAV?
Jim
WIN7 Ultimate SP1 64bit, IE 11, NTFS,
cable, MS Security Essentials, Windows 7 firewall
-
December 22nd, 2003, 12:36 PM
#4
Hi Guys,
Yeah, the NAV system is pretty good with updating the 'dat' files. The version of Welchia that I am getting isn't the 'tame' version. It APPEARS to be some new version that acts like other worms (in that the DOS attack is still happening.)
AsusA7N8X, AthlonXP2200
gForce4600+ti & Audigy Platnium, FPS SOUND. AKA- The ultimate gaming machine (well it WAS three years ago anyway).
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
