Page 1 of 1
W32.Welchia.B.Worm
Posted: Sun Jun 20, 2004 12:24 pm
by AceCombat
i somehow picked this up, norton caught it the instant it attempted its payload delivery.....i woke up this morning to find that Automatic Scheduled Virus Scan Alert.....with a "Deleted" status next to it.
im checking all sources that i have, to see if i can find the source.
Just a heads up to those who i do contact by other means outside of DBB.
Posted: Sun Jun 20, 2004 3:30 pm
by Wolf on Air
IIRC, Welchia is the Blaster antivirus, and infects you the same way - email is totally unrelated. You had your firewall down, n00b
Anyway, if memory serves it's payload isn't even active since X months ago, so if your system clock is correct it would run, and then delete itself.
You got it from some loser with an unpatched and unfirewalled windows machine with the system clock wrong (you have no idea how common this
combination is).
Posted: Sun Jun 20, 2004 7:33 pm
by Flatlander
Haven't run Windows Update in a while, eh?
Posted: Sun Jun 20, 2004 8:37 pm
by AceCombat
actually my firewall was up....
i run WinUpdate every week......
glad to hear it would have deleted itself. but NAV 04' Pro caught it before it even had the chance to delete itself and deleted it for its own good.
Posted: Mon Jun 21, 2004 12:47 am
by Avder
Your security must be looser than a two dollar..*cough*
Posted: Mon Jun 21, 2004 2:00 pm
by Testiculese
edit: confused AV with firewall.
Posted: Mon Jun 21, 2004 2:28 pm
by fliptw
AceCombat wrote:actually my firewall was up....
i run WinUpdate every week......
glad to hear it would have deleted itself. but NAV 04' Pro caught it before it even had the chance to delete itself and deleted it for its own good.
which firewall are you using?
besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.
Posted: Mon Jun 21, 2004 2:54 pm
by AceCombat
fliptw wrote:
which firewall are you using?
besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.
Zone Alarm Pro
How so would NAV not beable to stop the worm?!?!
*EDIT* it was Quarantined not Deleted, but it was still stopped
Posted: Mon Jun 21, 2004 2:56 pm
by Testiculese
Lemme translate this to AceSpeak:
besides the fact if the firewall was working, NAV would not have the oppurtunity to stop this worm.
equals
If you firewall is set up correctly, the virus would not have gotten past it, hence the the Antivirus would have never even seen it.
/me sets mode -MastersDegree AceCombat
Posted: Mon Jun 21, 2004 3:33 pm
by Flatlander
Not to mention, if you had been keeping up with Windows Update, the
security hole/exploit this worm uses would have been patched and thus unavailable.
Posted: Mon Jun 21, 2004 5:28 pm
by AceCombat
Flatlander wrote:Not to mention, if you had been keeping up with Windows Update, the
security hole/exploit this worm uses would have been patched and thus unavailable.
hey flat, is Welchia associated with Nachi?
this is the title of the article you sent me to:
Virus Alert About the Nachi Worm
Posted: Mon Jun 21, 2004 5:30 pm
by fliptw
it uses the same exploit in the RPC service Ace.
oh, wow, look what the link Flat posted says
Microsoft Knowledge Base Article - 826234 wrote:This article contains information for network administrators and IT professionals about how to prevent and how to recover from an infection from the Nachi worm. The Nachi worm is also known as W32/Nachi.worm (Network Associates), Lovsan.D (F-Secure), WORM_MSBLAST.D (Trend Micro), and W32.Welchia.Worm (Symantec).
Posted: Wed Jun 23, 2004 6:58 am
by WarAdvocat
This is why we make fun of this guy
Posted: Wed Jun 23, 2004 12:25 pm
by AceCombat
i stand corrected. i never knew Welchia was associated with Nachi
Posted: Wed Jun 23, 2004 11:47 pm
by BUBBALOU
WarAdvocat wrote:This is why we make fun of this guy
FootCombat© is the posterchild for vas deferens removal!