W32.Welchia.Worm Removal Tool 1.06

Delete this computer virus
Like it:
1 votes
Our rating:
Total: 665 | Last week: 2
1.00 MB
Latest update:
July 16, 2011
Watch W32.Welchia.Worm Removal Tool 1.06 video preview
Loading video player...
Author Description
W32.Welchia.Worm is a worm that exploits multiple vulnerabilities, including:

- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. The worm specifically targets Windows XP machines using this exploit.
- The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. The worm specifically targets machines running Microsoft IIS 5.0 using this exploit. IIS 5.0 will most likely be found on Windows 2000 systems.

W32.Welchia.Worm does the following:
- Attempts to download the DCOM RPC patch from Microsoft's Windows Update Web site, install it, and then reboot the computer.
- Checks for active machines to infect by sending an ICMP echo request, or PING, which will result in increased ICMP traffic.
- Attempts to remove W32.Blaster.Worm.

The W32.Welchia.Worm Removal Tool does the following:
- Terminates the W32.Welchia.Worm viral processes.
- Deletes the W32.Welchia.Worm files.
- Deletes the registry values that W32.Welchia.Worm added.
- Deletes the services created by W32.Welchia.Worm.

Note: You must have administrative rights to run this tool on Windows NT 4.0, Windows 2000, or Windows XP.

If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.

If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
- Double-click the FixWelch.exe file to start the removal tool.
- Click Start to begin the process, and then allow the tool to run.
- Restart the computer.
- Run the removal tool again to ensure that the system is clean.
- If you are running Windows Me/XP, then re-enable System Restore.

Note: The removal procedure may not be successful if Windows Me/XP System Restore is not disabled as previously directed, because Windows prevents System Restore from being modified by outside programs.

When the tool has finished running, you will see a message indicating whether W32.Welchia.Worm infected the computer.
Awarded With
Add Your Review
Please sign in to comment.
Similar to consider in Antivirus
Latest version find, repair or delete infected files
Scan for viruses and prevent PC threats
Scan in real time for viruses (a lot of updates for definitions)
Fast scan and virus removal
Remove malicious streems
Freeware Trending
Enhance or apply effects to pictures
Apply desaturation to certain parts of a
View our planet in real time
World atlas with data about contries
Advanced functions effects defined
Translation between many languages and
Study the Bible in many languages
Learn preschool kids to count
Study Bible from any device
Pictures organizer and editor
Presentation software for church images
Beginners can start study Bible in
Convert your ebooks to be readable on
Read all kind of ebook formats
Advanced mathematics software for
Search images based on similarity manage
Manage personal pictures collection sort
Apply effects to pictures make collages
Make caricatures apply warping effects
Fix or remove blemishes acnes or spots
X Login/Sign in

Choose a provider to login or sign in.