SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.Welchia.F

LOW
LOW
13824 (~35K unpacked)
(W32/Nachi)

Symptoms

The following file: (%SYSDIR% is the Windows System directory)
%SYSDIR%\Drivers\SVCHOST.EXE

High activity on ports 135 (RPC), 80 (HTTP) and 445 (SMB over TCP).

Removal instructions:

Let BitDefender delete all files found infected with this worm.

Analyzed By

Mihai Chiriac Bit Defender Virus Researcher.

Technical Description:

This is a recompiled bugfix version of Win32.Welchia.B, with no interesting new features.
A description of Win32.Welchia.B is available at http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=192
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources