Re: Welchia and XP, How Did I Get It?
From: Maria Joseph (mariajosOnline_at_microsoft.com)
Date: 12/08/03
- Next message: Rich: "Re: Swen blocker rule in Outlook"
- Previous message: Veronica Loell: "Re: viruses because of this site"
- In reply to: Bruce Chambers: "Re: Welchia and XP, How Did I Get It?"
- Next in thread: Julius Kilo: "Re: Welchia and XP, How Did I Get It?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 08 Dec 2003 22:04:50 GMT
One more link on welchia
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
alerts/nachi.asp
Best regards,
Maria
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Bruce Chambers" <bchambers@nospamcableone.net>
| Newsgroups: microsoft.public.security.virus
| Subject: Re: Welchia and XP, How Did I Get It?
| Date: Sun, 7 Dec 2003 08:33:57 -0700
| Organization: DragonByte Computing
| Message-ID: <vt6i28mqff3v00@corp.supernews.com>
| Reply-To: "Bruce Chambers" <bchambers@nospamcableone.net>
| References: <3FD2D01F.6000807@invalid.inv>
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| X-Complaints-To: abuse@supernews.com
| Lines: 85
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!newsfeed00.sul.t-online.de!t-online.de!130.59.10.21.MISMATCH!irazu.s
witch.ch!switch.ch!ecngs!feeder.ecngs.de!38.119.100.83.MISMATCH!news-out1.nn
tp.be!propagator2-sterling!in.nntp.be!newsfeed1.easynews.com!easynews.com!ea
synews!sjc72.webusenet.com!sjc70.webusenet.com!news.webusenet.com!sn-xit-02!
sn-xit-04!sn-xit-06!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!n
ot-for-mail
| Xref: cpmsftngxa07.phx.gbl microsoft.public.security.virus:38092
| X-Tomcat-NG: microsoft.public.security.virus
|
| Greetings --
|
| "How did you get it?" you ask? You already know! The very first
| sentence of your post answers the question. In today's Internet
| environment, only a fool or a
| masochist would go on-line without a firewall and antivirus
| protection.
|
| If you connected the PC to the Internet without having first
| installed the KB824146 Hotfix, without having first installed an
| antivirus application with current virus definition files, and before
| enabling a firewall, you're very likely to get infected from any of
| the thousands of PCs on the Internet that are constantly broadcasting
| the Blaster and/or Welchia worms. It only takes a few seconds of
| exposure.
|
| To stay on-line long enough to get the necessary updates, patches,
| and removal tools, click Start > Run, and enter "shutdown -a" when the
| next RPC countdown begins. This will abort the shut down. Also, make
| sure you've enabled a firewall before starting, to preclude any more
| intrusions while getting the updates/patches/tools.
|
| Microsoft Security Bulletin MS03-39
| http://support.microsoft.com/?kbid=824146
|
| What You Should Know About the Blaster Worm
| http://www.microsoft.com/security/incident/blast.asp
|
| W32.Blaster.Worm a.k.a. W32/Lovesan.Worm
| http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html
|
| W32.Blaster.Worm Removal Tool
|
http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.htm
l
|
| W32.Welchia.Worm a.k.a. W32/Nachi.Worm
|
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.htm
l
|
| W32.Welchia.Worm Removal Tool
|
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.htm
l
|
| McAfee AVERT Stinger
| http://us.mcafee.com/virusInfo/default.asp?id=stinger
|
|
| Bruce Chambers
|
| --
| Help us help you:
| http://dts-l.org/goodpost.htm
| http://www.catb.org/~esr/faqs/smart-questions.html
|
| You can have peace. Or you can have freedom. Don't ever count on
| having both at once. -- RAH
|
|
| "W. Watson" <wolf_tracks@invalid.inv> wrote in message
| news:3FD2D01F.6000807@invalid.inv...
| > I've had a XP computer with NS 7.0+ on my local network since March
| > without a firewall or anti-virus program running. I've seldom gotten
| on
| > the network to download messages with it. Maybe 10 times. I have
| used it
| > to browse the internet and download files. I finally decided to make
| it
| > my main computer and was surprised when I installed NAV that it
| found
| > Welchia. After looking at the Symantec description, I don't see how
| it
| > got on my computer unless it found it's way on through an open port.
| I
| > see that XP is particularly vulnerable to Welchia.
| >
| > The description mentions that when Welchia sees the system time of
| 2004
| > it removes itself. That's quite odd. It also mention it removes
| Blaster.
| > Also very odd. Is this some semi-benevolent worm? Also it seems to
| that
| > its purpose is to try to exercise the network. Can someone give a
| > broader description of what this worm is about? As far as I can tell
| it
| > did me little harm. I have removed it.
| >
|
|
|
- Next message: Rich: "Re: Swen blocker rule in Outlook"
- Previous message: Veronica Loell: "Re: viruses because of this site"
- In reply to: Bruce Chambers: "Re: Welchia and XP, How Did I Get It?"
- Next in thread: Julius Kilo: "Re: Welchia and XP, How Did I Get It?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
