What
is the Welchia.D Worm?
Welchia.D is a minor variation of Welchia.C.
If the version of the operating system of the
infected machine is Chinese, Korean, or English,
the worm will attempt to download the Microsoft
Workstation Service Buffer Overrun and Microsoft
Messenger Service Buffer Overrun patches from
the Microsoft® Windows Update Web site, install
it, and then restart the computer.
The worm also attempts to remove Mydoom.A, Mydoom.B,
Doomjuice, and
Doomjuice.B
worms.
Welchia.D.Worm exploits multiple
vulnerabilities, including:
- The DCOM RPC vulnerability (described in Microsoft
Security Bulletin MS03-026) using TCP port
135. The worm specifically targets Windows XP
machines using this exploit.
- The WebDav vulnerability (described in Microsoft
Security Bulletin MS03-007) using TCP port
80. The worm specifically targets machines
running Microsoft IIS 5.0 using this exploit.
The worm's use of this exploit will impact
Windows 2000 systems and may impact Windows
NT/XP systems.
- The Workstation service buffer overrun
vulnerability (described in Microsoft
Security Bulletin MS03-049) using TCP port
445.
- The Locator service vulnerability using TCP
port 445 (described in Microsoft
Security Bulletin MS03-001). The worm
specifically targets Windows 2000 machines
using this exploit.
The presence of the file, %Windir%\system32\drivers\svchost.exe,
is an indication of a possible infection.
This threat is compressed with UPX.Also
known as: Nachi.worm.d, Nachi-D,
Win32.Nachi.D, WORM_NACHI.D, Win32.Welchia.d How
Does the Welchia.D Worm Infect My Computer?
When Welchia.D.Worm runs, it does the actions
similar to Welchia.C.Worm. Click here
to see. How to Remove the Welchia.D Worm?
Kaspersky Internet Security Can Prevent You From Virus and Intrusion.
If Kaspersky detects Welchia.D during the
scan, it will AUTOMATICALLY offer you the option
of deleting it. Do this by following the
program's instructions.
Manual Removal:
Means of removing Welchia.D worm is similar to
that of Welchia.C, click here
to see.
How to Disinfect My Computer from Worms?
In order to keep your computer protected, bear
the following tips in mind:
- If you have filtering tools installed,
configure them to reject messages with the
characteristics described above. If, in spite
of doing this, you receive the message that
contains the virus: do not open it, do not run
the attached file and delete it, making sure
that you also delete it from the Deleted
Items folder.
- Install a good antivirus in your computer.
Select Kaspersky Internet Security to get the Kaspersky antivirus solution that best suits your needs.
- Keep your antivirus updated. If automatic
updates are available, configure your
antivirus to use them.
- Keep your permanent antivirus protection
enabled at all times.
Detect and Removal Instruction for Other
Variants:
| 
(If you can not see the issued comment, please enable your browser to support javascript and refresh this page.)