Welchia virus still on my system?

[LuckyTaxi]

I freaking reinstall Windows XP and i still got that pesky Welchia virus!
I did a clean install of XP Pro and I installed norton and it tells me it found the welchia virus in my
windows\system32\wins directory. I ran the fix from symantec and it got rid of the two files and another
scan using norton says i no longer have the virus!

Now, I cant get to google for some reason. I used to before i got the virus but the page just stalls
and eventually times out. I can get to any other site but google! damn!

cant wait til freebsd 4.9 to be release so they can support my NIC!

 

[drag]

Maybe you just got it again realy quick?

Maybe someone you know has it and just likes to e-mailing it to you....

Remember it's a worm. Not a virus.

So it's smart and seeks out new victims from previously infected machines.

It's a good possibility that a computer you infected by running the comprimised machine for a while with the worm, they just turned around and re-infected you before you had a chance to patch.

Can't you download all the patches before hand?

Download them from a clean machine, burn them to a cd.

Zero out your harddrive with one of them so-called low-level format apps. (not realy low-level, just zeros..)

Then install XP, install the patches, all BEFORE you give it access to the internet!

good luck.

 

[bsobel]

Plug the box into some sort of hw firewall when you first install (a 20 linksys on sale will be fine). Otherwise, if your directly connected to the internet your likely to get infected from the time the install finishes and before you get the patches downloaded.
Bill

 

[LuckyTaxi]

I just thought of something, when I reinstalled windows i did a quick format.
i got the system back up and running and immediately connected to the net.
i use kerio firewall and it picked up dllhost.exe trying to obtain outside access.
i immediately denied it and went about installing the virus definition.

i'll reinstall it later.

 

[bsobel]

Originally posted by: lilcam
I just thought of something, when I reinstalled windows i did a quick format.
i got the system back up and running and immediately connected to the net.
i use kerio firewall and it picked up dllhost.exe trying to obtain outside access.
i immediately denied it and went about installing the virus definition.
i'll reinstall it later.

Quick format is perfectly safe. The issue is the time from when Windows stops setup (first run) until you get the patches. During that time your exposed. Sounds like you quickly installed a personal fw (good idea), but you can literally get infected too quickly. This time unplug the network cable (if you don't have a hw box), install, install the personal fw, and then plug the net in and update.

Best,
Bill

 

[drag]

Yes, If I remember it, even people running Dial-up access got infected with a DCOM-vunerability-based worm (blaster.worm, wasn't it?). Sometimes even while they were downloading the patches.

Anyways there are probably plenty of script kiddies using modified versions of the DCOM-based attack to gain access to peoples computers and plant trojans and scanners. So even if the worms get under control, you would still have people actively trolling for vunerable computers.

From now on no XP(or any other windows) computer should have any business being out on the internet without patches and a firewall/router protecting it. (Linux and others this is good policy, too...) Otherwise it's just a matter of time till you get smacked.