W32.Welchia.B.Worm

[AceCombat]

i somehow picked this up, norton caught it the instant it attempted its payload delivery.....i woke up this morning to find that Automatic Scheduled Virus Scan Alert.....with a "Deleted" status next to it.

im checking all sources that i have, to see if i can find the source.



Just a heads up to those who i do contact by other means outside of DBB.

[Wolf on Air]

IIRC, Welchia is the Blaster antivirus, and infects you the same way - email is totally unrelated. You had your firewall down, n00b

Anyway, if memory serves it's payload isn't even active since X months ago, so if your system clock is correct it would run, and then delete itself.

You got it from some loser with an unpatched and unfirewalled windows machine with the system clock wrong (you have no idea how common this combination is).

[Flatlander]

Haven't run Windows Update in a while, eh?

[AceCombat]

actually my firewall was up....
i run WinUpdate every week......

glad to hear it would have deleted itself. but NAV 04' Pro caught it before it even had the chance to delete itself and deleted it for its own good.

[Avder]

Your security must be looser than a two dollar..*cough*

[Testiculese]

edit: confused AV with firewall.

[fliptw]

actually my firewall was up....
i run WinUpdate every week......

glad to hear it would have deleted itself. but NAV 04' Pro caught it before it even had the chance to delete itself and deleted it for its own good.

which firewall are you using?

besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.

[AceCombat]

which firewall are you using?

besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.

Zone Alarm Pro

How so would NAV not beable to stop the worm?!?!

*EDIT* it was Quarantined not Deleted, but it was still stopped

[Testiculese]

Lemme translate this to AceSpeak:

besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.

equals

If you firewall is set up correctly, the virus would not have gotten past it, hence the the Antivirus would have never even seen it.

/me sets mode -MastersDegree AceCombat

[Flatlander]

Not to mention, if you had been keeping up with Windows Update, the security hole/exploit this worm uses would have been patched and thus unavailable.

[AceCombat]

Not to mention, if you had been keeping up with Windows Update, the security hole/exploit this worm uses would have been patched and thus unavailable.

hey flat, is Welchia associated with Nachi?

this is the title of the article you sent me to:

Virus Alert About the Nachi Worm

[fliptw]

it uses the same exploit in the RPC service Ace.

oh, wow, look what the link Flat posted says

This article contains information for network administrators and IT professionals about how to prevent and how to recover from an infection from the Nachi worm. The Nachi worm is also known as W32/Nachi.worm (Network Associates), Lovsan.D (F-Secure), WORM_MSBLAST.D (Trend Micro), and W32.Welchia.Worm (Symantec).

[WarAdvocat]

This is why we make fun of this guy

[AceCombat]

i stand corrected. i never knew Welchia was associated with Nachi

[BUBBALOU]

This is why we make fun of this guy

FootCombat© is the posterchild for vas deferens removal!