Welchia is a variant of the worm MSBlast. It affects Windows 2000 and XP machines that have not patched the Buffer Overrun In Windows RPC Interface. Once the worm has infected a machine it attempts to download and install Microsoft's RPC Buffer Overrun patch, stops and removes MSBlast (if on machine), and, ultimately, turns itself off in 2004.

Green Apple has disabled ingress/egress on ports used by Welchia which greatly lessen the capability for the worm to enter or leave our network and affect our users. However, every Windows user is urged to visit Microsoft's Windows Update and install the patch to close the RPC Buffer Overrun flaw. Windows Update is found at
    http://windowsupdate.microsoft.com

If you are infected, besides installing the patch, you will need to remove the worm. Symantec (Norton) has developed a tool for this:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
 

Home / Access / Development / Support / Hosting / Local Links / Computers
 Contact Us / Green Apple News / Jobs / Site Map / Link To Us / Policy

Lancaster-Fairfield County Chamber of Commerce, 2000 Small Business of the Year
www.greenapple.com · tel. (740) 653-9890 · toll free. (866) 653-9890
Copyright © 1995 - 2007, Green Apple, Inc.