- Joined
- Dec 19, 2000
- Location
- S/W Wisconsin
I have a win2k server box that is infected with the welcha worm. I don't know how I got infected but this virus is sending out pings to every possable IP address (sequentialy even) The only way I've been able to temporaroly stop this virus is to instal "Tiny Personal Firewall" and have it block all ICMP packets to and from that box. I have norten antivirus corperate edition running and updated but it can't get at the virus for some reason. It will detect the virus in DLLHOST.EXE but even when I'm logged in as administrator it doesn't have the privilages to remove the virus. Right now I'm up a creek. The only option that I can see that will actually work is to format and reinstall the server, but I really don't want to do that. (to lazy). I have IIS running and serving web pages and I've heard that is done through DLLHOST.EXE, is there any way that the virus could be hidden in one of those files?
If anyone has ideas on how to get rid of "Welcha worm" without killing the system please let me know! PLEASE!!!
Erik of Ekedahl
If anyone has ideas on how to get rid of "Welcha worm" without killing the system please let me know! PLEASE!!!
Erik of Ekedahl