Welchia Worm (from Symantec's Security Response site)

Welchia attempts to patch the Blaster worm using the same vulnerability (RPC), but then creates unnecessary traffic (pings) to slow the network while seeking other machines to infect.  It can infect Windows XP and Windows 2000 machines.

| ResNet Instructions | Removal |  How to Disable System Restore |Resources |

Removal

• Download the FixWelch.exe file (courtesy of  Symantic's web site).
• Save to your desktop or other location.
• Close all programs and DISCONNECT from the internet.
• Disable System Restore if you are running Windows XP (Instructions below.)
• Double click on the FixWelch.exe file on your desktop to open the program.
• Click Start to run the removal tool.

• When completed, restart your computer.
• Run the removal tool again to ensure that the system is clean.
• Re-enable System Restore.
   
• If this is a personally owned computer, check your virus provider site for the most recent virus definition updates.
• Check Microsoft for critical updates (http://windowsupdate.microsoft.com)  and apply all that are indicated.

Disabling System Restore in Windows XP

Click Start. Right-click My Computer Select  Properties from the floating menu. Click the System Restore tab. Select Turn off System Restore check box. Click Apply. Click Yes in message box. Click OK. After the worm is removed, restart your computer and follow the steps above to deselect "Turn off System Restore".

Resources

For more information on this worm, consult the Norton Antivirus Center.